Cannot Access Windows Server 2008 Terminal Server Using Vista Client

Cannot Access windows 2008 terminal server using a vista client.  Note that this vista client computer can connect to terminal services on a Windows Server 2003.  Note also that XP clients have no problems accessing the Windows 2008 Terminal well as accessiing terminal services on a windows server 2003.

Note also that under Terminal Services configuration, Negotioate using network layer security only is off.  All configuration options under rdp-tcp have been set to allow "lowest common denominator".  Also, all configurations in active directory are correct because access can be made by all xp clients to the windows server 2008 terminal services.  

The only problem is that vista clients cannot access Server 2008 terminal services via their RDP.
Who is Participating?
cruisepakConnect With a Mentor Author Commented:
More Research......(on my own issue mind you).

It looks like credssp looks to be the issue.  XP clients do not utilize CredSSP (disabled in SP3).  thus, when XP clients connect to Windows Terminal Server, Kerbos is the common authentication protocol.  Conversely, when vista clients connect to a Windows 2003 Terminal Server, CredSSP is not present in Server 2003...and thus Kerbos is the lowest common denominator.  XP to a Server 2003 session is governed by Kerbos.

The problem lies therefore in CredSSP being the default protocol between vista clients and windows Server 2008 terminal server sessions.  The trick now is to either a) disable CredSSP on the windows 2008 server so that kerbos is used...or to disable CredSSP in Vista clients (all flavors).

I can't find any group policies in Server 2008 to allow this and Vista Home Premium and Basic have no group policy editor (gpedit.msc) so there is no way to disable it in vista.

Does Anyone have any suggestions....preferably for a windows 2008 server side modification?
On the Vista machine, Go Start -> Run -> type "MSTSC" and hit enter. Then go to "Options" and then the "Advanced" tab. What option is selected under "Server Authentication"?
cruisepakAuthor Commented:
Authentication Options on vista client are "Always Connect, even if authentication fails".  i've tried all those options. It's funny as well that all vista clients are having this issue so it does point me to the Windows Server 2008 side of the issue.    
Neil ThompsonSenior Systems DeveloperCommented:

I've had problems with using older clients (RDP 5) with Terminal Server 2008 and what I found is that the Remote Desktop settings on the server seem to be over riding the terminal services settings.

To get it to work I had to un-install the terminal services role and get remote desktop working (dropping security/encryption) and once that worked, re-installed the terminal services role.

Hope that helps.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.