Despite the fact that the Windows XP OS support already over 6 months ago – many external and internal customers continue to use this OS, and it seems that nothing will drastically change in the nearest future :(. Recently found the problem: Windows XP RDP clients cannot connect to the newly deployed Remote Desktop Services terminal farm on Windows Server 2012.
XP users have complained about such rdp client errors as:
Having searched in Microsoft documentation, in the first place we decided to update the versions of RDP clients on the machines with Windows XP. After installing the RDP client 7.0 (rdp 8.0 can not be installed on XP), the problem was solved for a half of the clients. The second half was left….
After studying the issues of RDS server on Windows 2012, we have found that the default 2012 server requires mandatory support of NLA (Network Level Authentication); if a client doesn’t support NLA, it won’t be able to connect to the RDS server.
There are two conclusions from the above – to allow the rest XP clients to connect to the Windows Server2012 via RDP, you have to:
- Disable the NLA check on the servers of the Remote Desktop Services 2012 farm
- Or enable NLA support on the XP clients
How to Disable NLA on the RDS 2012 Server
To disable mandatory use of NLA by clients, in Server Manager console go to Remote Desktop Services -> Collections -> QuickSessionCollection, then Tasks -> Edit Properties, click Security and uncheck Allow connections only from computers running Remote Desktop with Network Level Authentication.
Of course, you need tounderstand that disabling NLA at the server level reduces the system security and generally is not recommended. It is preferable to use the second method.
How to Enable NLA at the Level of Windows XP Client
NLA support appeared in Windows XP starting from SP3, but it is disabled by default. It is possible to enable NLA support only from the registry. To do it:
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders, edit the value of SecurityProviders key by adding credssp.dll at the end (separated from its current value by comma)
- Then in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa add the line tspkg to the value of Security Packages setting
- After making these changes, restart your computer
After these actions are performed, a computer with Windows XP SP3 should easily connect to the terminal farm on Windows 2012 via rdp.