![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
139 questions
Hello quark25IS,
Thank you for posting in Microsoft Community forum.
1. My understanding is that KB5014754 is applicable to certificate-based authentication for ADDS on domain controllers only. It does not apply to any other server roles, unless they have ADDS. Would appreciate a confirmation of that understanding please.
A1:KB5014754, which pertains to changes in how certificates are handled for certificate-based authentication in Active Directory Domain Services (AD DS), specifically targets domain controllers. Your understanding that it applies only to certificate-based authentication for AD DS on domain controllers is correct. It does not directly affect other server roles unless those roles are also functioning as domain controllers. To summarize: - KB5014754 is primarily concerned with domain controllers in an AD DS environment. - Other server roles without AD DS should not be directly impacted by this update.
2. In our small environment of less than 100 users, we have one RDS server. The RDS server was built using server 2019. Certificate was implemented as part of the RDS server build, I did not install a certificate on that server. Certificate is not configured correctly and not trusted. Users get a notification that they then bypass to complete authentication (password based). The RDS server is not internet facing and is behind a firewall. Users connect using a secure VPN tunnel (a) if I leave the certificate as-is, does KB5014754 changes have any impact? (b) Can I safely delete the invalid certificate to remove the warning message received by users during authentication? (c) Anything else we need to be aware of regarding certificate on RDS server in conjunction with KB 5014754.
A2:(a) Impact of KB5014754 on your RDS server:
Since KB5014754 primarily focuses on certificate-based authentication for domain controllers, it should not have a direct impact on your RDS server, especially if it is not being used for certificate-based authentication to an Active Directory domain controller. Since users are currently bypassing the certificate warning and authenticating using passwords, the update should not affect their ability to continue doing so.
(b) Deleting the invalid certificate:
If the certificate on your RDS server is not correctly configured and not trusted, and users are bypassing this warning, you may choose to delete the invalid certificate to remove the warning message. However, before doing so, ensure that:
The RDS server doesn't require the certificate for any other critical functionality.
No other applications or services depend on the certificate for secure communication.
Deleting the certificate won't impact KB5014754 since it doesn't pertain to your RDS server in this context.
(c) Other considerations regarding certificate on RDS server in conjunction with KB5014754:
Ensure that your RDS server is not being used for any role that involves certificate-based authentication with a domain controller. Verify that other protocols or services on the RDS server do not rely on the non-trusted certificate for secure communication or other critical operations. Make sure you have a backup or recovery plan before making changes to the server configuration or certificates.
I hope the information above is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou