It turns out that if you don't specify a computer name, rdpsign fails with error 0x80070490.
RDP Sign reporting unable to use certificate
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 7.000000000000001%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Andy Truelove
21
Reputation points
Hi
I'm trying to renew the certificate on our Remote Desktop system. I've a new SHA/2 wildcard certificate from RapidSSL which has imported into the RD config for Gateway etc. OK. However, when I try and use RDPSIGN to sign the rdp file to push out to our clients I get error:
C:\>rdpsign.exe /sha256 "70A55CECBF10C1FEE6FD357AF2DF591AAE014ABA" pd3.rdp
Unable to use the certificate specified for signing. Error Code: 0x80070490
The rdp file could not be signed. Error Code: 0x80070490
The certificate is present in Computer\Certificates OK with that thumbprint and I'm running Windows Server 2019. I've done this before numerous times including this system last year and had no problems and I can't find much on the specific 0x80070490 error.
Anyone have any ideas please?
Thanks
Andy.
Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
3 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 88%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETC%3C/text%3E%3C/svg%3E)
Tim Cooke 0 Reputation points2026-06-18T15:39:57.53+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 78%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM1%3C/text%3E%3C/svg%3E)
MartijnDunnink-1550 1 Reputation point2022-07-07T11:49:30.07+00:00 Could you try my script?
It normalizes the HASH, that seems to be the issue, tried it without this script today but it failed also with the same error code, then found my script again which I used last year.
#For some Reason using a variable hash does not work. Please use the $hash variable to normalize the string and then paste it into the Foreach loop. $hash = ("Fill in hash here").ToUpper().Replace(" ","") #Multiple Files in 1 Directory $files = get-childitem c:\temp\ -filter *.rdp foreach ($file in $Files) { $RDPFile = $file.VersionInfo.FileName rdpsign /v /sha256 'Fill in Hash value from $hash here' $RDPFile } -
Dirk Haex 81 Reputation points2022-07-07T11:25:05.837+00:00 Have you compared the Enhanced Key Usage that are selected for the old certificate?
These should be client/server authentication.