locked
Remote App Publishing and access from Windows XP Clients RRS feed

  • Question

  • Hi, I can see that this subject has had quite a lot of interest and communication over the past few months. I dont seem to find an answer to the problem I am having though. Basically I have set up UAG and the RDS Servers (both separate), both are Domain joined. I have applied TMG SP1 and UAG Update 1 etc. I have two test clients (that are NOT domain joined) - one is Windows XP and the other is Windows 7. The Windows XP client is SP3 and has RDP7.x installed, also the necessary CredSSP reg changes, and also the necessary updates for the Remote Desktop Gateway 'fix'. I have also done the necessary with the registry to allow the ActiveX components to be enabled for the Remote Desktop Gateway 'tunneling' RDP Over HTTPS. I am using an internal CA but the CRL and AIA paths are resolvable and the respective revocation file(s) can be 'seen'. Right, now to the problem, I can use the RemoteApp stuff without any issues from the Win 7 client, but from the WinXP machine it errors straight away with '.... Remote Desktop server address is unreachable or incorrect'. Well, it cant be because the Win 7 client can resolve it okay. If I look at the Log Monitor (in TMG) the connection from the Win XP machine doesnt even start to try any connect. I have installed Network Monitor on the Win XP client too and even in here you can see that the damn thing doesnt even bother to try and start the connection to the UAG instance of the Remote Desktop Gateway! I am rapidly loosing hope of life because of this. Can I ask if anyone has got Win XP working with RemoteApps 'through' UAG? If so how did you magic that up? I hope someone can point me in the right direction? Thanks fro any help. Regards. Phil
    Saturday, August 21, 2010 11:49 AM

Answers

  • I have fixed this now. For anyone else that maybe having the issues noted in my original post please make sure that the XP Client has these updates installed:-

     

    1) KB961742-v3

    2) WindowsXP-KB953760-v2-x86-ENU

    3) WindowsXP-KB969084-x86-enu.exe

    Also, you need to add these registry updates/deletions (I have created a custom REG file for ease):-

     

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
      00
    "Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
      00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
      6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,74,\
      00,73,00,70,00,6b,00,67,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation]
    "AllowDefaultCredentials"=dword:00000001
    "ConcatenateDefaults_AllowDefault"=dword:00000001
    "AllowDefCredentialsWhenNTLMOnly"=dword:00000001
    "ConcatenateDefaults_AllowDefNTLMOnly"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials]
    "1"="TERMSERV/*"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefCredentialsWhenNTLMOnly]
    "1"="TERMSERV/*"

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7584c670-2274-4efb-b00b-d6aaba6d3850}]

     

    I hope this helps anyone avoid the days of time it has taken me to get to a working point.

     

    Regards

     

    Phil

    • Marked as answer by Philip Luke Wednesday, August 25, 2010 6:52 AM
    Wednesday, August 25, 2010 6:52 AM

All replies

  • I have fixed this now. For anyone else that maybe having the issues noted in my original post please make sure that the XP Client has these updates installed:-

     

    1) KB961742-v3

    2) WindowsXP-KB953760-v2-x86-ENU

    3) WindowsXP-KB969084-x86-enu.exe

    Also, you need to add these registry updates/deletions (I have created a custom REG file for ease):-

     

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
      00
    "Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
      00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
      6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,74,\
      00,73,00,70,00,6b,00,67,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation]
    "AllowDefaultCredentials"=dword:00000001
    "ConcatenateDefaults_AllowDefault"=dword:00000001
    "AllowDefCredentialsWhenNTLMOnly"=dword:00000001
    "ConcatenateDefaults_AllowDefNTLMOnly"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials]
    "1"="TERMSERV/*"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefCredentialsWhenNTLMOnly]
    "1"="TERMSERV/*"

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7584c670-2274-4efb-b00b-d6aaba6d3850}]

     

    I hope this helps anyone avoid the days of time it has taken me to get to a working point.

     

    Regards

     

    Phil

    • Marked as answer by Philip Luke Wednesday, August 25, 2010 6:52 AM
    Wednesday, August 25, 2010 6:52 AM
  • Thanks for sharing!

    Dennis

    Wednesday, August 25, 2010 6:59 AM
  • I have fixed this now. For anyone else that maybe having the issues noted in my original post please make sure that the XP Client has these updates installed:-

     

    1) KB961742-v3

    2) WindowsXP-KB953760-v2-x86-ENU

    3) WindowsXP-KB969084-x86-enu.exe

    Also, you need to add these registry updates/deletions (I have created a custom REG file for ease):-

     

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
      00
    "Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
      00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
      6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,74,\
      00,73,00,70,00,6b,00,67,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation]
    "AllowDefaultCredentials"=dword:00000001
    "ConcatenateDefaults_AllowDefault"=dword:00000001
    "AllowDefCredentialsWhenNTLMOnly"=dword:00000001
    "ConcatenateDefaults_AllowDefNTLMOnly"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials]
    "1"="TERMSERV/*"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefCredentialsWhenNTLMOnly]
    "1"="TERMSERV/*"

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7584c670-2274-4efb-b00b-d6aaba6d3850}]

     

    I hope this helps anyone avoid the days of time it has taken me to get to a working point.

     

    Regards

     

    Phil


    Hi, Phil

    I have the same problem with WinXp SP3 client to access RemAPP through UAG 2010 server

    But this solution don’t helped me

    Probably because my UAG and TMG server has not Update 1 and SP1?

    What do you think about this?

    P.S.

    Your OS (UAG server) Windows 2008 R2 have SP1 for R2?

    Regards

    Arkadiy

     


    MCP, MCSA2003
    Thursday, June 16, 2011 9:22 AM