locked
Windows XP - RDP Client 7.0 - Not able to connect using User Defined remote desktop RRS feed

  • Question

  • All,

    I finally got my Remote Desktop (User Defined) policy working for Windows 7 clients, but an XP SP3 client running the RDP 7.0 client cannot connect.  They get an error message saying:

    Your computer can't connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable.

    Yet, I can go over to my Windows 7 machine and connect in just fine.

    Is there something else along with the RDP7 client on XP that is needed to open up a simple remote desktop connection?

    Thanks!

    Sunday, April 25, 2010 1:32 AM

Answers

  • Found my answer contained in this link:

     

    http://support.microsoft.com/kb/951608

    How to turn on CredSSP

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    322756   (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
    1. Click Start , click Run , type regedit , and then press ENTER.
    2. In the navigation pane, locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    3. In the details pane, right-click Security Packages , and then click Modify .
    4. In the Value data box, type tspkg . Leave any data that is specific to other SSPs, and then click OK .
    5. In the navigation pane, locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
    6. In the details pane, right-click SecurityProviders, and then click Modify .
    7. In the Value data box, type credssp.dll . Leave any data that is specific to other SSPs, and then click OK .
    8. Exit Registry Editor.
    9. Restart the computer.

    Now I just need to find a way to programatically do this for our home users.  Any suggestions?

    • Marked as answer by James Kilner Monday, April 26, 2010 10:32 AM
    Sunday, April 25, 2010 1:48 AM

All replies

  • Found my answer contained in this link:

     

    http://support.microsoft.com/kb/951608

    How to turn on CredSSP

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    322756   (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
    1. Click Start , click Run , type regedit , and then press ENTER.
    2. In the navigation pane, locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    3. In the details pane, right-click Security Packages , and then click Modify .
    4. In the Value data box, type tspkg . Leave any data that is specific to other SSPs, and then click OK .
    5. In the navigation pane, locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
    6. In the details pane, right-click SecurityProviders, and then click Modify .
    7. In the Value data box, type credssp.dll . Leave any data that is specific to other SSPs, and then click OK .
    8. Exit Registry Editor.
    9. Restart the computer.

    Now I just need to find a way to programatically do this for our home users.  Any suggestions?

    • Marked as answer by James Kilner Monday, April 26, 2010 10:32 AM
    Sunday, April 25, 2010 1:48 AM
  • Yep, that's indeed the correct answer :)

    It is also mentioned in the UAG TechNet article Enabling RDS on Windows Vista and Windows XP :

    <quote>

    On computers that are running Windows XP SP3, you must also enable Network Level Authentication (NLA), by turning on the Credential Security Service Provider (CredSSP). For more information, see Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3.

    </quote>

    Sunday, April 25, 2010 7:28 AM
  • >> Now I just need to find a way to programatically do this for our home users.  Any suggestions?

    I have written a little MSI package "EnableCredSSP.MSI" to do this reg hack - however, our remote users don't have admin rights on there company issued laptops, so I guess the MSI won't run anyhow!

     

    Monday, April 26, 2010 2:07 PM
  • >> Now I just need to find a way to programatically do this for our home users.  Any suggestions?

    I have written a little MSI package "EnableCredSSP.MSI" to do this reg hack - however, our remote users don't have admin rights on there company issued laptops, so I guess the MSI won't run anyhow!

     

    Nice!  How difficult was it to do in an MSI package, and if you don't mind me asking, what did you use to make it?  My users are primarily home users who will be coming into this portion of our portal, so they generally would have Admin privs.

    Thanks!

    Monday, April 26, 2010 3:16 PM