RDP to Windows Server 2012 from Windows XP

I came across an annoying little issue today.  Whether it be down to the default settings of Windows Server 2012, or one of the hardening settings of our corporate build, I don’t know, but it’s annoying either way.

My corporate provided laptop operating system is mandated at Windows XP.  I regularly (90+% of every day) use it to remote control servers, and this is normally through RDP (I prefer RDP over vSphere client for Virtual Machines too).

It seems that by default, the Windows XP Remote Desktop Client does not support Network Level Authentication (NLA), which is what our 2012 servers demand.

Fortunately, there is a quick fix to the problem.  All you need to do is add a couple of registry entries, restart your computer, and you’re away.  The entries are as follows :

In regedit.exe, select the following key :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

Within this key, there is a REG_SZ value called “SecurityProviders”, which contains multiple comma separated values.  At the end of this string, add a comma and “credssp.dll” :

Click OK, then select the following registry key :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Within this key, there is a REG_MULTI_SZ value called “Security Packages”, which contains a list.  At the end of this list, add “tspkg” :

Click OK, close regedit and restart your computer.

You should now be able to RDP to Windows Server 2012 without the pain!

P.S.  Just to prove this is not turning into a purely technical blog, here’s a picture of Coco the dog, enjoying the snow a couple of weeks ago :

Coco

Coco enjoying the snow

:)

- The Zoo Keeper

13 thoughts on “RDP to Windows Server 2012 from Windows XP

    1. TheZooKeeper Post author

      Sorry Joe, when I tested my fix, that was on XP SP3 too (I’m using the machine now to type this). I guess you must have a different issue to the one I had. Thanks for your comment though – it’s good to let people know the fix doesn’t work for everybody!

      Reply
  1. Vladimir

    I made these changes to the WIN XP SP3 client:
    http://support.microsoft.com/kb/969084
    http://support.microsoft.com/kb/951608

    And changed on Windows 2012 Server under:
    Server Manager > Remote Desktop Services > Collections > QuickSessionCollection

    Click on TASKS > Edit Properties

    Under Session Collection click on Security and uncheck:

    Allow connections only from computers running Remote Desktop with Network Level Authentication.

    You could maybe skip changing WIN XP SP3 clients and try only change Server settings.

    regards, Vladimir

    Reply
    1. TheZooKeeper Post author

      Thanks Vladimir, they’re really useful suggestions.

      NLA is becoming a requirement more and more as firms become more security conscious, so for me I have to stick with the client side changes, but I’m sure many people will appreciate the advise to just turn it off at the server!

      Thanks again, and thanks for taking the time to read and comment!

      Reply
  2. Onofre

    Hi guy,

    Works perfect for me, I had updated Xp RDP client to protocol 7. Now it connects seamlessly and didnot have to make any changes on 2012 server.

    Thanks a lot!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>