locked
NLA RDP Authentication RRS feed

  • Question

  • I am trying to make an RDP connection using a smartcard from a Windows XP SP3 workstation with NLA turned on to a Windows 2008 x64 SP2 Active Directory server. Due to the security requirements of the system, NLA and smartcard must be used. I do not have the option of turning it off except for troubleshooting. The server and the workstation are in different domains. With NLA enabled on both the server and the desktop, I get a pop-up prompt for username/password. I use the pull-down to select my smartcard and enter my PIN.  I get successfully connected to the AD server, but the operating system prompts me with the logon page asking for a username and password. The OS logon prompt does not give me the option to use a smartcard, only a username and password.

    When I authenticate to the AD server thru NLA using a username/password, I am able to successfully connect all the way thru and get my desktop, and am never asked for any further credentials.

    When I disable NLA on both the server and the workstation, smartcard logon works. I am able to connect, the Windows OS logon screen gives me the option to use my smartcard, and I am able to successfully log into the AD server using the smartcard and pin.

    Ideas?

    Friday, March 16, 2012 6:45 PM