After upgrading to macOS Sierra, I’ve started seeing the below prompt when connecting to any of my domain joined Windows machines via Microsoft Remote Destkop.app.
I am pretty sure this is related to Sierra upgrade, because another Mac running El Capitan does not constitute this.
Also Windows to Windows via mstsc isn’t impacted in any way.
Digging a little bit deeper into the matter I found that Sierra rejects certificates with blank subject.
OK, a blank subject – how could that have happened?
So I went onto inspecting my RDP Template on the CA, and I found that indeed the Subject Name format was set to None. How strange!
Now the interesting part is that pretty much every guide that I found on the Internet for setting up RDP auto-enrolment bases the RDP template on the Computer template, that by default has this set to None.
So to fix this, I changed this to Common Name, as shown above and then right clicked on Reenroll All Certificate Holders.
That’s all for today.