‘The certificate is not valid, empty subject name’ on macOS Sierra on RDP to Windows

After upgrading to macOS Sierra, I’ve started seeing the below prompt when connecting to any of my domain joined Windows machines via Microsoft Remote Destkop.app.

I am pretty sure this is related to Sierra upgrade, because another Mac running El Capitan does not constitute this.

Also Windows to Windows via mstsc isn’t impacted in any way.

Digging a little bit deeper into the matter I found that Sierra rejects certificates with blank subject.

OK, a blank subject – how could that have happened?

So I went onto inspecting my RDP Template on the CA, and I found that indeed the Subject Name format was set to None. How strange!

Now the interesting part is that pretty much every guide that I found on the Internet for setting up RDP auto-enrolment bases the RDP template on the Computer template, that by default has this set to None.

So to fix this, I changed this to Common Name, as shown above and then right clicked on Reenroll All Certificate Holders.

That’s all for today.