Configure Network Level Authentication for Remote Desktop client

Similar Messages

• App Store keeps asking me to download update for "Remote Desktop Client Update 3.8.2 v1.1 but I have never purchased Remote Desktop Client

  Hi, the App Store keeps asking me to download the update Remote Desktop Client Update 3.8.2 v1.1 but I have never purchased Remote Desktop Client so I am unsure why it is asking me to and worry that someone is trying to spy on me!  Does anyone know why this is?  Thanks in advance!

  I find it interesting that since Screen Sharing is available, and works "just fine" that a Remote Desktop Client would be needed to be installed.
  I installed it, but I'm not sure why.
  I found the updated application in /System/Library/Core Services/RemoteManagement/ARDAgent
  Which is also where the screen sharing and vnc bundles live.  I clicked on it to see what would happen -- nothing.
  I found these ports in another discussion
  TCP and UDP port 3283
  TCP and UDP port 5900.  (Also used for Screen Sharing in OSX 10.5 and later)
  port 22
  This page confirms their use along with the use of other ports:
  TCP and UDP ports used by Apple software products - Apple Support
  Additionally TCP port 5432 is used by ARD
  Having recently noticed (through "network utility" that my computers have had a "ton" of open connections.
  This severely hurt system performance.
  I note that neither my Airport Express nor my Mac can set up a firewall on these ports.
  While I haven't noticed the ARD ports being used, I cannot help but wonder if this is set up for a CIA/NSA backdoor into my computers.
  On a less paranoid level, perhaps Apple is planning on adding on-line help to debug our problems in "real-time".  ;-)

• Password less authentication for Remote Desktop

  Hello
  I am coming from strong linux background.
  We have more than 10 linux servers used by various customers.
  I don't have faith in passwords, so, we use key pair authentication in all our linux servers.
  As anybody can try to guess the passwords in brute-force.
  So please let me know what are the equivalent options available for Microsoft Remote Desktop.
  We have already invested lot of money in Microsoft Windows Products and not interested investing more to secure the authentication, so, please don't suggest any commercial products or SSL Keys.

  Hi,
  Security is always relative, the account lockout method will lockout your account after a number of brute-force, for more authentication method please refer the following
  Windows Authentication KB:
  Windows Authentication
  http://technet.microsoft.com/en-us/library/cc755284(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• AD "Log on to" restriction causes RDP connections with network level authentication to fail

  I am running a Server 2008 R2 environment and have recently enabled network level authentication for RDP connections. Since the change, users who have their logons restricted to specific servers via AD, now get an error when logging on via RDP:
  An Authentication error has occured
  The Local security authority cannot be contacted
  After investigating this error and reading technet I found that removing the "log on to" restriction within their user object solved the problem even tho they had rights to this server. Adding the users client PC name to the "Log on
  to" list also solves this issue.
  My question is, is there another way around this? We have an environment where some users may require an RDP connection from a client PC not on the same domain (over VPN) as the server. It will not be practical to add many different client PC names
  to the log on to list and I don't understand why client PC's must be specified in the Log on to list and not just the actual server they are logging onto.
  Any pointers appreciated

  I have just come across this problem on one of my client’s domains; they have recently enforced a policy to “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”  and users with “Log on To” restrictions
  on their account are no longer able to RDP using their second account.
  After a lot of fiddling around I finally resolved the problem by adding the connecting computer name into “Log on To” list.  Ultimately it appears that Network Level Authentication (NLA) requires authentication to take place on both the host initiating
  the connection and the remote host.

• Remote Desktop Network Level Authentication

  Recently, I began getting failed connections from a Windows 7 Enterprise client to another Windows 7 Enterprise host where the host is requiring NLA. This has been a problem on and off for YEARS and I have found no link that can tell me to configure something
  that I haven't already configured. Neither system underwent any configurations changes that I know of with the exception of Windows security updates/patches. In fact, some people in my company have the same issue while other do not. I can find no rhyme or
  reason to it. Heres where I'm at:
  "The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support."
  But I do. when i click the upper left hand corner of my RDP client window and select "About", I see this:
  "Remote Desktop Connection
  Shell Version 6.1.7601
  Control Version 6.1.7601
  Network Level Authentication Supported.
  Remote Desktop Protocol 7.1 supported."
  And the above info is exactly what it says on the host.
  Here's the SecurityProvider registry settings on the client:
  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
  "SecurityProviders"="credssp.dll"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SaslProfiles]
  "GSSAPI"="Kerberos"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
  "EventLogging"=dword:00000001
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuites]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
  "DisabledByDefault"=dword:00000001
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest]
  "Debuglevel"=dword:00000000
  "Negotiate"=dword:00000000
  "UTF8HTTP"=dword:00000001
  "UTF8SASL"=dword:00000001
  "DigestEncryptionAlgorithms"="3des,rc4"
  Every link I have looked at tells me to look at those things. Anyone got something new? :)
  Also if someone knows how to log the RDP failures that would be cool too. Presently I have turned on Audit Other Security Events in GPO but it doesn't tell me if someone attempted to authenticate with a less then desirable security protocol.
  As a fix, for now, I have reduced the security requirements on the host to not require NLA. <-- This is the only consistent fix I have ever seen that works.
  By the way, just about every link I see also starts talking about setting up RD session host service. I am not running Windows Server 2008. This a Windows 7 to Windows 7 problem

  Hi,
  On both Windows 7, Please go to System Properties,
  Remote tab and make sure that Allow connections only from computers running Remote Desktop with Network Level Authentication
  is unchecked.
  If problem persists, please check if there was any Windows updates need to install, if so, try to install updates for test.
  Roger Lu
  TechNet Community Support

• Remote Desktop Connection - Windows Network Level Authentication

  Hi
  I'm trying to find a piece of Remote Desktop "Manager" software for Mac which supports Network Level Authentication (NLA). When NLA is enabled on a Windows Server I am unable to connect via CoRD or Royal TSX.
  The reason I say "Manager" is because I have many, many windows servers I need to connect to and so I like to use software such as the above to save a list of all the servers for ease of access - this saves me having to type in the name of the server each time.
  At the moment, for those servers with NLA enabled, I have to fire up Remote Desktop Connection for Mac and enter the name. I realise I could save this each time but then I would have LOADS of shortcuts.
  Any ideas/proposals on pieces of software that can cater for this?
  Thanks!

  Hi!
  Royal TSX actually supports NLA but you have to use the FreeRDP plugin instead of CoRD and enable the setting in the advanced settings of your RDP connection.
  cheers,
  felix

• I have a time capsule connected directly to fiber connection. I have connected a windows server directly to TC and configured it for remote desktop connection. From my interanet I can access srvr but not from my home. What config I need on TC?

  I have a time capsule directly connected to fibre optic point out. All pcs and macs are connected wirelessly to the internet. I have connected a windows server pc to TC. When configured for Remote desktop connection, I can access windows server from within interanet but don't know how to access it from internet. I guess I need to change some settings in TC to get some ip adress for the remote desktop connection from my home. Anyone who can help me out? Appreciate it.
  Narmin

  I am a little lost now.. I have read again your title and your first post.. and they seem inconsistent.
  In the title you state.
  From my interanet I can access srvr but not from my home.
  Interanet is not a word I know.. I assumed intranet...are you talking about internet or intranet? And just to be clear say WAN or LAN.. !! Is your home part of the interanet??
  In the first post you state,
  I can access windows server from within interanet but don't know how to access it from internet.
  Now this is more normal.. the issue is not in the home at all, it is accessible from there but fails from internet. If this is correct, then you can do a few obvious things to determine where the problem is.
  But first I need to know are you actually testing from a different internet connection to your home lan.. you are not just trying the public IP from inside the LAN as that will fail due to the TC not doing NAT Loopback.
  I am also assuming the TC is the only router in the network, and has the public IP on the WAN interface.
  And I am also assuming you have turned on the ping responder and you can actually ping your public ip from the internet and get a response. This helps no end in figuring out where there are issues. Strange but I have no idea if there is a ping responder in the TC WAN so you might need to forward that as well. Also if you have a dynamic public ip address are you using dyndns or no-ip or some other service to connect.
  1. Test bypassing the TC.. plug the internet connection straight into the windows server,, and test if you have access. If yes, the TC is the problem.. if not, your setup on the windows server is wrong.. look at firewall in particular.
  2. Assuming from test 1 the TC is the problem, Post the screen shots of the port forwarding setup for us to look at.. that is by far the easiest way to check it out.
  There are lots of references to port forwarding in the TC.. eg
  http://must-know-mac.blogspot.com/2008/07/how-to-port-forward-time-capsule.html
  The things that generally go wrong are firewall on the computer that is accepting the port.
  The ISP doesn't allow connections on a particular port. (not likely in your case)
  The router is behind another router.. double NAT will kill any port forward.
  Upnp has already allocated a port.. not an issue as TC doesn't use upnp although a reboot of everything after you set port forwards is well worth it.. amazing how things don't stick properly without a reboot.
  IP on the receiving device is not static and so changes.
  Not enough or right type of ports are opened. This is always messier than it looks as one port is often not enough for two way communications.

• TS2072 Remote Desktop Client for MS Windows Server 2003

  I need to be able to access my work server to obtain information form our Windows 2003 Server. We have our product prices and other information on servers and today I use the remote desktop client that comes with Windows 7. I was hoping to find a suitable solution to allow me to use my macbook pro with OSX 10.7.4 Software. Does anyone know how to use OSX to make a remote desktop connection as you would through windows 7. I've seen CoRD and Microsoft did have a version but it's for older versions of OSX. I could run W7 but then I would have to purcase another copy and VM if I decided to run it virtual.
  Thanks

  This is not an Apple Remote Desktop issue  - ARD is Apple's software for managing networked Macs - but CoRD and Microsoft Remote Desktop Connection for Mac should both work with Windows 2003 and both work on Mac OS X 10.7; I have used both on my systems. iTap Mobile RDP is another option, and the one I use daily since I've found it to be faster than either CoRD or Microsoft RDC, though iTap is not free.
  Regards.

• Remote desktop client for Android

  Dear sir,
  Does Microsoft remote desktop client for Android support RDP 7.0 with remote FX.
  Using this client can I connect to Remote App publish under remote desktop service in windows server 2012.
  In a client device do we need anything else, other than Android 4.0 or above and Microsoft remote desktop client for Android (free) to connect to remote desktop service under windows server 2012.
  Thanks
  Bihar Networking Solution Patna - 801503

  Hi,
  Thank you for posting in Windows Server Forum.
  Yes, the Remote Desktop client supports RDP 7.1 and all previous versions including: RDP 7, RDP 6.1, RDP 6, RDP 5 and RDP 4.
  Note: Support for a specific version of RDP 7 does not include all virtual channels. RemoteFX codecs are not supported in RDP 7.1.
  More information.
  Remote Desktop Client on Android: FAQ
  http://technet.microsoft.com/en-us/library/dn473007.aspx
  Yes, RemoteApp can be connected from this RDC version.
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

  Hello, dear colleagues.
  We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
  Send Message, Disconnect, Logoff options works only for users in Administrators group.
  I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
  To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
  RDP-Tcp, Security tab, add specific user account , AD group or configure
  advanced permissions
  for Remote Desktop Users.  
  But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
  Thanks.
  P.S. If move specific user from Remote Desktop Users group to Administrators group on
  Windows Server 2012 R2 - it works. 

  Hi,
  You can prevent administrators from changing the permissions for a connection by applying the
  Do not allow local administrators to customize permissions Group Policy setting. 
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
  Apart there is one command with which you can set the permission for that check the related
  article. Additionally checkthis
  thread for more detail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Error when uninstalling App-V RDS client: Product: Microsoft Application Virtualization (App-V) Client for Remote Desktop Services 5.0 Service Pack 2 x64 -- Error 1324. The folder path 'C:' contains an invalid character

  Issue:  experienced when attempting to uninstall the App-V 5.0 SP2 RDS client. 
  Event Log:  Product: Microsoft Application Virtualization (App-V) Client for Remote Desktop Services 5.0 Service Pack 2 x64 -- Error 1324. The folder
  path 'C:' contains an invalid character
  Symptoms (when in this current state): 
  Unable to uninstall the SP2 client
  You can upgrade the client (via hotfix) and uninstall the hotfix, but you will not be able to remove the SP2 client
  AppvVfs filter driver will not create an instance, therefore applications will not be able to read into existing streamed VFS content, or trigger sparse files to stream content.  (you can still stream the content via other means, like the UI or powershell)
  Because of the AppvVfs filter driver not instantiating, applications that depend on licences that exist in VFS will not be able to be read causing certain applications to react as if the license does not exist or is an incorrect format

  Resolution:
  Check for the existence of a hidden folder named %appdata% in the C:\Program Files\Microsoft Application Virtualization\Client folder.  (You will need to un-check the folder options box in windows explorer for "Hide
  protected operating system files" to see it)
  If the hidden %appdata% folder exists, delete it.
  Proceed to uninstall the App-V client
  After a clean uninstall and removal of remnants of the client, reinstall the client again and apply the latest hotfix available (Hotfix 2 for SP2 at a minimum).

• Downgrade Microsoft Remote Desktop Client for Mac

  Is there a way to downgrade to a previous version of the microsoft remote desktop client for mac? We are experiencing issues with one of our published remote apps (regarding window focus i.e. which window of the open application is at the front of the
  users screen) since upgrading to 8.0.9. This application was OK in 8.0.5. Can we revert to an older version?

  We are also experiencing similar issues regarding window sizes and display settings with our remote resources, since upgrading. We are using remote desktop application for iPhone/iPad. Upon opening of our Remote App, although we have set the command-line
  argument to open to full screen, we see the application resizing 3 times before it finally opens - and it does not open in full screen. Please assist.

• Feature request for Mac Remote Desktop client.

  Wouldn't be great to have folders or groups in the Mac Remote Desktop Client.
  I am finding that I have more and more Remote Desktop saved connections and storing them in collapsible groups or folders would be great.

  Hi Bill,
  Thanks for your feedback, will pass this request to product group for future research and releases.
  Thanks for your understanding and Support!
  Regards.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Remote Desktop Client for Mac and SSO

  Hi. 
  We have RDS Deployment (Windows Server 2012 R2) with RD Connection Brokers, RD Session Hosts and Web Access.
  Windows clients log on without any issues, credentials must be entered only once (Single Sign On).
  But Mac clients must enter their credentials twice (on CB and SH).
  Does Remote Desktop Client for Mac support SSO and if it does, what special settings are required?
  Mac users use Microsoft Remote Desktop 8.0.13.

  Sorry, I have missed important detail. This problem appears when I open .rdp files.
  Really, if I create connection and save my credentials, I will not enter credentials. But in this case I can't specify Collection
  (loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.SomeCollection - parameter in .rpd file).
  In my case, I open .rdp file, connect to RD Connection Broker, log in to RD CB, RD CB redirects me to RD
  Session Host, I log in to RD SH (enter credential second time) and now I connect. In this chain could be a RD Gateway.
  When I connect to the same farm with the same .rdp file from Windows client, I have enter credential only once (SSO works).
  So my question: Does  Remote
  Desktop Client for Mac support SSO? I know that SSO require CredSSP, is it implemented in Client for Mac?

• Remote Desktop Client For Mac?

  Hi! I wanted to get the remote desktop client by MS onto my iBook g4. I am running leopard, and the webpage says it is a universal application, but when I download the .DMG the Installer application comes up and tells me I need an Intel Processor. Anybody know what's going on here? And does anyone know if the 1.0.3 version will run under Leopard? If it does, would I need to download stuffit expander and Apple Disc Copy like it says, or is that built into Disk utility at this point? And would I need to download the .bin or the .hqx files? Thanks, any help will be appreciated!
  Remote Desktop site:
  http://www.microsoft.com/mac/remote-desktop-client
  Download details for version 2:
  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=68346e0d-44d3-4065-9 9bb-b664b27ee1f0&displayLang=en
  Download details for 1.0.3:
  http://www.microsoft.com/downloads/en/details.aspx?FamilyId=6573F9F1-8AE1-4DA9-A B5C-F8457ECDAF2D&displaylang=en

  Ok. Found the program on the apple website and downloaded and it worked. I solved my own question.