none
Server 2012 VDI RDP Disable network level authentication

    Question

  • Hi Guys,

    I have lots of xp machines logging into my VDI on server 2012, only problem is they get the error

    The connection has been terminated because an unexpected server authentication certificate was received from the remote computer"

    How do i make server 2012 allow less secure remote desktop connections? 

    Wednesday, November 28, 2012 12:14 AM

Answers

  • Hi,

    For your RD Connection Broker server and the VMs you can disable NLA via group policy setting:

    Require user authentication for remote connections by using Network Level Authentication     Disabled

    For your RDSH session collections (if you are using them) you may uncheck the require NLA option on the Security tab of the collection properties in Server Manager.  The change will apply to all RDSH servers that are part of the session collection.

    If you have the latest Remote Desktop Client (6.1.7600) on your XP PCs you can enable NLA:

    Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3

    http://support.microsoft.com/kb/951608

    -TP

    • Marked as answer by rhys1001 Wednesday, November 28, 2012 2:49 AM
    Wednesday, November 28, 2012 12:49 AM

All replies

  • Hi,

    For your RD Connection Broker server and the VMs you can disable NLA via group policy setting:

    Require user authentication for remote connections by using Network Level Authentication     Disabled

    For your RDSH session collections (if you are using them) you may uncheck the require NLA option on the Security tab of the collection properties in Server Manager.  The change will apply to all RDSH servers that are part of the session collection.

    If you have the latest Remote Desktop Client (6.1.7600) on your XP PCs you can enable NLA:

    Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3

    http://support.microsoft.com/kb/951608

    -TP

    • Marked as answer by rhys1001 Wednesday, November 28, 2012 2:49 AM
    Wednesday, November 28, 2012 12:49 AM
  • When you said this part: "For your RDSH session collections (if you are using them) you may uncheck the require NLA option on the Security tab of the collection properties in Server Manager."

    Where exactly is that? I can't seem to find it.

    Wednesday, November 28, 2012 1:11 AM
  • Hi,

    Server Manager -- RDS -- Collections -- <your sess collection name> -- Tasks -- Edit properties -- Security tab, bottom of the window.  This is only for session collections.

    -TP

    Wednesday, November 28, 2012 1:39 AM
  • ah, im not using session based desktop deployment, only virtual machine-based desktop deployement. How would i go about disabling it for these?
    Wednesday, November 28, 2012 1:43 AM
  • Hi,

    Group policy setting.  Please see my first reply to you for details.

    Thanks.

    -TP

    Wednesday, November 28, 2012 1:45 AM