Its primary function is to validate and test the health of SSL/TLS certificates used for Remote Desktop Protocol (RDP) connections. When a Remote Desktop Session Host (RDSH) server is configured to use SSL encryption for client connections, the system needs a way to verify that the certificate is valid, has not expired, matches the server’s hostname, and is trusted by the client. r2rcertest.exe is the utility that performs these diagnostic checks.
You will typically find this file in the following directory: C:\Windows\System32\ r2rcertest.exe
| Check | Legitimate r2rcertest.exe | Suspicious / Malware | | :--- | :--- | :--- | | | C:\Windows\System32\ | C:\Users\*\AppData\ , C:\Temp\ , C:\ProgramData\ | | File Size | ~60 KB – 120 KB (depends on Windows version) | Varies wildly (often <50 KB or >1 MB) | | Digital Signature | Microsoft Windows Publisher | No signature, or invalid signature | | CPU/Memory usage | 0% – 1% (transient, runs briefly) | Persistent high CPU or memory | | Description | "R2R Certificate Test" | Blank or generic description | Its primary function is to validate and test
r2rcertest.exe is a minor but important part of Windows Remote Desktop Services. If you see it running, do not panic. Instead, verify its digital signature and location. If you experience high CPU or recurring errors, the problem is almost certainly not the executable itself but the certificate configuration on your RDS server. Invest your time in fixing your PKI and RDP certificate assignments, and r2rcerttest.exe will quietly return to the background where it belongs. Have you encountered a strange behavior with r2rcerttest.exe? Share your event log patterns in the comments below, and we’ll help you decode them. You will typically find this file in the