locked
Remote Desktop App for Windows Phone 8 and NTLM Authentication RRS feed

  • Question

  • When attempting to use the Microsoft Remote Desktop Preview app (version 8.1.6.34) it looks like I'm able to access certain remote systems but not others. When I attempt to login using that specific app I receive a notification stating that my credentials did not work. However, using those same credentials from the mstsc.exe program built into Windows or from the Remote Desktop app for iOS, I can log in just fine.

    Systems I tried were either Windows Server 2008 R2, or Server 2012 R2. The issue didn't appear to be isolated to a certain operating system type. 

    All systems had Remote Desktop enabled with "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)" checked.

    After doing some digging through the Security logs, I found the Negotiation Package of the successful logins from mstsc.exe and iOS apps set to "Negotiate", whereas the unsuccessful login attempts from the Windows Phone app state "NTLM".

    After finding http://chentiangemalc.wordpress.com/2013/12/12/case-of-the-logon-attempt-failed-rdp-connection/ I compared the security policies between the servers where the Windows Phone app could login vs. not login, and it appears the servers that the Windows Phone App cannot connect to have the following Group Policy setting defined:

    Network seurity: LAN Manager authentication Level: Send NTLMv2 response ony. Refuse LM & NTLM.

    On those systems, this policy is configured by a higher domain authority than I have access to, so I cannot overwrite them to accept NTLM (pre v2) connections. 

    Is it true that the Windows Phone Remote Desktop app is still using the old NTLM authentication package? If so, how soon can this be fixed?

    Wednesday, November 12, 2014 10:06 PM

All replies