I came across an annoying little issue today. Whether it be down to the default settings of Windows Server 2012, or one of the hardening settings of our corporate build, I don’t know, but it’s annoying either way.
My corporate provided laptop operating system is mandated at Windows XP. I regularly (90+% of every day) use it to remote control servers, and this is normally through RDP (I prefer RDP over vSphere client for Virtual Machines too).
It seems that by default, the Windows XP Remote Desktop Client does not support Network Level Authentication (NLA), which is what our 2012 servers demand.
Fortunately, there is a quick fix to the problem. All you need to do is add a couple of registry entries, restart your computer, and you’re away. The entries are as follows :
In regedit.exe, select the following key :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
Within this key, there is a REG_SZ value called “SecurityProviders”, which contains multiple comma separated values. At the end of this string, add a comma and “credssp.dll” :
Click OK, then select the following registry key :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Within this key, there is a REG_MULTI_SZ value called “Security Packages”, which contains a list. At the end of this list, add “tspkg” :
Click OK, close regedit and restart your computer.
You should now be able to RDP to Windows Server 2012 without the pain!
P.S. Just to prove this is not turning into a purely technical blog, here’s a picture of Coco the dog, enjoying the snow a couple of weeks ago :
🙂
Superb Dude…it works like a charm…….Thank you
Excellent.
Glad I could help! 🙂
Wow , you’re a genius thanks
It didn’t work for me… Followed instructions to the ‘T’, on XP SP3… Any differences on that version?
Sorry Joe, when I tested my fix, that was on XP SP3 too (I’m using the machine now to type this). I guess you must have a different issue to the one I had. Thanks for your comment though – it’s good to let people know the fix doesn’t work for everybody!
I made these changes to the WIN XP SP3 client:
http://support.microsoft.com/kb/969084
http://support.microsoft.com/kb/951608
And changed on Windows 2012 Server under:
Server Manager > Remote Desktop Services > Collections > QuickSessionCollection
Click on TASKS > Edit Properties
Under Session Collection click on Security and uncheck:
Allow connections only from computers running Remote Desktop with Network Level Authentication.
You could maybe skip changing WIN XP SP3 clients and try only change Server settings.
regards, Vladimir
Thanks Vladimir, they’re really useful suggestions.
NLA is becoming a requirement more and more as firms become more security conscious, so for me I have to stick with the client side changes, but I’m sure many people will appreciate the advise to just turn it off at the server!
Thanks again, and thanks for taking the time to read and comment!
And if you have problems with Local Printers, just install Microsoft .NET Framework 3.5 and printers should redirect correctly and you will be able to print from RDS to local printer.
And if you have problems installing Microsoft .NET Framework 3.5 . like I did, use .NET Framework Cleanup Tool http://blogs.msdn.com/b/astebner/archive/2008/08/28/8904493.aspx
V.
That’s brilliant Vladimir.
I really appreciate your input.
http://support.microsoft.com/kb/969084
http://support.microsoft.com/kb/951608
Thank you, thank you, thank you!
Windows XP version 5.1.2600
It works perfectly! Thanks a lot
That’s great news Stamper. Thanks for the update!
Hi guy,
Works perfect for me, I had updated Xp RDP client to protocol 7. Now it connects seamlessly and didnot have to make any changes on 2012 server.
Thanks a lot!
Excellent!
Thanks for the feedback…
Thank you very much, it worked just fine for a Windows XP 2002 SP3 and now I can access Windows 2012 Servers by RDP!! Greetings from Guatemala! 😀
That’s great news Erick. Thanks for the feedback!!
It’s wonderful to know this little post is helping people worldwide…
Hello Guatemala!!!! 🙂
Great, worked for me.
Work great ! Thank YOU !
Thanks man… It worked 🙂
From Italy, thanks a lot!
Ciao.
Hello Italy!!
You’re more than welcome…
You rock!!!! Thanks for posting this!
This is a solution:
http://woshub.com/windows-xp-rdp-cant-connect-to-rds-on-server-2012/
Nice link.
Thanks Daniel!
Nice job, I am able to access windows 2012 from windows XP Pro sp3. Thanks Man
Mohamed from Canada
You’re welcome Mohamed. Thanks for the feedback!
Gracias por el enlace David! Espero que su traducción ayude a aquellos que no tienen inglés como idioma principal.
(Thank you for the link David! I hope your translation helps those without English as a primary language.)