RDP to Windows Server 2012 from Windows XP

I came across an annoying little issue today.  Whether it be down to the default settings of Windows Server 2012, or one of the hardening settings of our corporate build, I don’t know, but it’s annoying either way.

My corporate provided laptop operating system is mandated at Windows XP.  I regularly (90+% of every day) use it to remote control servers, and this is normally through RDP (I prefer RDP over vSphere client for Virtual Machines too).

It seems that by default, the Windows XP Remote Desktop Client does not support Network Level Authentication (NLA), which is what our 2012 servers demand.

Fortunately, there is a quick fix to the problem.  All you need to do is add a couple of registry entries, restart your computer, and you’re away.  The entries are as follows :

In regedit.exe, select the following key :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

Within this key, there is a REG_SZ value called “SecurityProviders”, which contains multiple comma separated values.  At the end of this string, add a comma and “credssp.dll” :

Click OK, then select the following registry key :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Within this key, there is a REG_MULTI_SZ value called “Security Packages”, which contains a list.  At the end of this list, add “tspkg” :

Click OK, close regedit and restart your computer.

You should now be able to RDP to Windows Server 2012 without the pain!

P.S.  Just to prove this is not turning into a purely technical blog, here’s a picture of Coco the dog, enjoying the snow a couple of weeks ago :

Coco
Coco enjoying the snow

🙂

The Zoo Keeper

By TheZooKeeper

An Azure Cloud Architect with a background in messaging and infrastructure (Wintel). Bearded dog parent who likes chocolate, doughnuts and Frank's RedHot sauce, but has not yet attempted to try all three in combination!

29 comments

  1. It didn’t work for me… Followed instructions to the ‘T’, on XP SP3… Any differences on that version?

    1. Sorry Joe, when I tested my fix, that was on XP SP3 too (I’m using the machine now to type this). I guess you must have a different issue to the one I had. Thanks for your comment though – it’s good to let people know the fix doesn’t work for everybody!

  2. I made these changes to the WIN XP SP3 client:
    http://support.microsoft.com/kb/969084
    http://support.microsoft.com/kb/951608

    And changed on Windows 2012 Server under:
    Server Manager > Remote Desktop Services > Collections > QuickSessionCollection

    Click on TASKS > Edit Properties

    Under Session Collection click on Security and uncheck:

    Allow connections only from computers running Remote Desktop with Network Level Authentication.

    You could maybe skip changing WIN XP SP3 clients and try only change Server settings.

    regards, Vladimir

    1. Thanks Vladimir, they’re really useful suggestions.

      NLA is becoming a requirement more and more as firms become more security conscious, so for me I have to stick with the client side changes, but I’m sure many people will appreciate the advise to just turn it off at the server!

      Thanks again, and thanks for taking the time to read and comment!

  3. Hi guy,

    Works perfect for me, I had updated Xp RDP client to protocol 7. Now it connects seamlessly and didnot have to make any changes on 2012 server.

    Thanks a lot!

  4. Thank you very much, it worked just fine for a Windows XP 2002 SP3 and now I can access Windows 2012 Servers by RDP!! Greetings from Guatemala! 😀

    1. Gracias por el enlace David! Espero que su traducción ayude a aquellos que no tienen inglés como idioma principal.

      (Thank you for the link David! I hope your translation helps those without English as a primary language.)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.