Share via

Error message trying to connect to PC from a Mac in Windows App.

FrancoisDufresne-2970 40 Reputation points
2026-03-07T14:40:18.8466667+00:00

When opening a connection to my PC from a Mac in Windows App, I get an error message: "...the certificate couldn't be verified back to a root certificate. Your connection may not be secure. Do you want to continue?" Even if I press "continue", my credentials are rejected. What is the issue?

Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
0 comments
Answer accepted by question author
  1. VPHAN 25,000 Reputation points Independent Advisor
    2026-03-07T16:28:17.24+00:00

    FrancoisDufresne-2970

    Remote Desktop Connection uses the password associated with the specific account type that governs your Windows profile. If you sign into your PC using an email address, the remote connection relies entirely on your Microsoft Account password. If your machine is set up with an offline, non-email profile, it uses the local password. Given your recent password modifications, you are almost certainly operating on a Microsoft Account. The persistent rejection you are experiencing from your Mac is likely caused by how the macOS client packages your username during the authentication process.

    When you enter just an email address, the Mac client often defaults to sending it as a local domain request, which Windows immediately rejects because it expects a specific Microsoft Account credential provider format. To force the host machine to authenticate against the correct provider, you must explicitly define the account type in your connection settings. Open the saved PC profile in your Mac Windows App and change your username to include the exact phrase MicrosoftAccount followed by a backslash and your full email address.

    If that specific syntax is still rejected, Windows is likely expecting your local SAM account name instead of your email address. You can find this by opening File Explorer on your Windows PC and navigating to the C:\Users directory. Locate the folder corresponding to your profile, which is usually the first five letters of your email address. Enter that exact folder name as your username in the Mac client, paired with your newly updated Microsoft Account password. This bypasses the email formatting confusion entirely and ensures the host PC recognizes the credential pairing.

    VP

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VPHAN 25,000 Reputation points Independent Advisor
    2026-03-07T15:58:18.03+00:00

    FrancoisDufresne-2970

    It's good that the certificate exception is working, but your recent password change introduces two common hurdles for Remote Desktop connections from a Mac. When you update a Microsoft Account password, the local Windows host does not immediately recognize it for network authentication until you force a sync. You must physically sit at the Windows PC, ensure it is connected to the internet, and log in directly from the lock screen using the newly created password rather than your usual PIN or biometric method. This process updates the locally cached credential manager, allowing Network Level Authentication to finally accept the new password over the network.

    If you have already synced the password locally, the rejection is almost certainly caused by a keyboard layout mismatch between macOS and Windows. Because your new password includes special characters, the Mac keyboard mapping might be sending different keystrokes to the Windows host than you intend. The placement of symbols often differs across operating systems or regional layouts during a remote session. To verify this, try typing your new password into the visible username field on the remote connection prompt to see exactly which characters are being transmitted to the host. You can temporarily bypass this translation issue by copying the password from a local text file on your Mac and pasting it directly into the remote password field.

    Hope this helps :)

    VP

  2. VPHAN 25,000 Reputation points Independent Advisor
    2026-03-07T15:14:15.6866667+00:00

    Hi FrancoisDufresne-2970,

    The certificate warning and credential rejection you are experiencing are two distinct but related issues when connecting a Mac to a Windows host. The security warning appears because Windows automatically generates a self-signed certificate for Remote Desktop that macOS does not inherently trust. You can bypass this permanently by expanding the certificate details in the connection prompt, checking the box to always trust the certificate, and entering your Mac administrator password to save this exception to your System Keychain. While continuing past this warning establishes the secure connection tunnel, it will not fix the authentication failure.

    Your credentials are automatically rejected because Network Level Authentication for Remote Desktop explicitly requires a traditional password, whereas you might be relying on Windows Hello PINs or biometric logins on your physical PC. Standard remote sessions cannot process Windows Hello credentials. You must authenticate using the actual password tied to your local profile or Microsoft Account. To ensure the host machine processes your login request in the correct domain context, type your PC hostname followed by a backslash and your username, or enter your complete Microsoft Account email address.

    If your standard password is still being rejected, Windows likely has its passwordless sign-in feature enforced, which disables traditional password authentication entirely and breaks remote connections. You can resolve this on the host PC by navigating to the Windows Settings app, selecting Accounts, and opening Sign-in options to disable the toggle that only allows Windows Hello sign-in for Microsoft accounts. Alternatively, you can modify the registry by navigating to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device and changing the DevicePasswordLessBuildVersion key value to 0. This securely restores standard password authentication in the background, allowing your remote session to connect successfully.

    Hope this answer brought you some useful information. If it did, please hit "accept answer". Should you have any questions, feel free to leave a comment.

    VP

  3. Q&A Assist
    2026-03-07T14:40:28.11+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The issue is that the remote PC is presenting an SSL/TLS certificate that cannot be validated up to a trusted root certificate on macOS, and that same certificate/name mismatch is also causing the credential (sign‑in) failure.

    On macOS, Windows App (Remote Desktop client) validates the server certificate during the connection. If the certificate’s subject/Subject Alternative Name does not match the expected host name (for example, the Autodiscover/service endpoint or the PC name being used), or the issuing CA chain is not trusted, macOS shows a warning like “the certificate couldn’t be verified back to a root certificate. Your connection may not be secure.” This is the same class of problem described for Outlook for Mac when it connects to an endpoint whose expected name is missing from the certificate.

    Because the certificate is effectively invalid for the name being used, the connection is not considered secure and the authentication handshake can fail, so credentials are rejected even if they are correct.

    To fix the underlying issue, the certificate on the server side must be corrected:

    1. Reissue or replace the certificate so that:
      • The correct DNS name (the name used to connect) is present as a Subject Alternative Name.
      • The certificate chains to a trusted root CA on macOS.
    2. As a temporary, per‑device workaround on the Mac, the certificate can be explicitly trusted so macOS accepts it:
      • When the warning appears, choose to view the certificate and mark it as always trusted for that host, similar to the Outlook for Mac method of trusting a certificate on the client.

    However, the proper and recommended resolution is to fix the server certificate so that all clients (including Windows App on macOS) can validate it without warnings and allow authentication to succeed.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.