Do I need to add X.509 certificate to the registry to solve RDP error?

[blfrd76]

Background Info:
Win2k SP3 servers

PDC handles:
Terminal Services (in Application Mode)
DNS
One NIC

BDC handles:
Terminal Services (Remote Admin mode)
DNS (backup)
DHCP
RRAS ( 3 subnets,10 dial in clients)
3 NICS (one for each subnet)
1 PPP adapter for dial in customers.

Here's what prompted my search:

An error on our Backup Domain Controller, Eventlog:

Source: TermDD
ID: 50
Message:The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client.

Also:

Source:Schannel
ID: 36872
Message: ...No suitable default server credentials exist.."

When I try to use Remote Desktop connection, I can connect to the PDC but not the BDC. I recieve the same error about 1 of 3 reasons that I cannot connect. Any ideas why I can connect to one DC but not the other?

I have read that corrupted certificates can cause the first error, but upon looking under:

HKLM\System\CurrentControlSet\Services\TermServices\Parameters

The Certificate value is there. The X.509 certificate is NOT there and the X.509 ID is NOT there. So, I really cannot delete them to fix them (According to Q323497 or Q329896).

I was considering this. On our Primary Domain Controller, those registry values ARE present.

Can I just copy the registry values (Certificate,X509,X509ID) from one server to the other?

Thanks,
Bill

 

[xmsre]

http://support.microsoft.com/default.aspx?scid=kb;en-us;261196

 

[blfrd76]

This article states:

This event is logged when a server application (for example, Active Directory) attempts to perform a Secure Sockets Layer (SSL) connection, but no server certificate is found. Server certificates are either enrolled for by hand or are automatically generated by the domain's enterprise Certificate Authority (CA). In domains where no enterprise CA exists, this is an expected event and you can safely ignore the message.

How do I check if an Enterprise CA exists?