Cannot Access Windows Server 2008 Terminal Server Using Vista Client

Cannot Access windows 2008 terminal server using a vista client.  Note that this vista client computer can connect to terminal services on a Windows Server 2003.  Note also that XP clients have no problems accessing the Windows 2008 Terminal well as accessiing terminal services on a windows server 2003.

Note also that under Terminal Services configuration, Negotioate using network layer security only is off.  All configuration options under rdp-tcp have been set to allow "lowest common denominator".  Also, all configurations in active directory are correct because access can be made by all xp clients to the windows server 2008 terminal services.  

The only problem is that vista clients cannot access Server 2008 terminal services via their RDP.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

On the Vista machine, Go Start -> Run -> type "MSTSC" and hit enter. Then go to "Options" and then the "Advanced" tab. What option is selected under "Server Authentication"?
cruisepakAuthor Commented:
Authentication Options on vista client are "Always Connect, even if authentication fails".  i've tried all those options. It's funny as well that all vista clients are having this issue so it does point me to the Windows Server 2008 side of the issue.    
cruisepakAuthor Commented:
More Research......(on my own issue mind you).

It looks like credssp looks to be the issue.  XP clients do not utilize CredSSP (disabled in SP3).  thus, when XP clients connect to Windows Terminal Server, Kerbos is the common authentication protocol.  Conversely, when vista clients connect to a Windows 2003 Terminal Server, CredSSP is not present in Server 2003...and thus Kerbos is the lowest common denominator.  XP to a Server 2003 session is governed by Kerbos.

The problem lies therefore in CredSSP being the default protocol between vista clients and windows Server 2008 terminal server sessions.  The trick now is to either a) disable CredSSP on the windows 2008 server so that kerbos is used...or to disable CredSSP in Vista clients (all flavors).

I can't find any group policies in Server 2008 to allow this and Vista Home Premium and Basic have no group policy editor (gpedit.msc) so there is no way to disable it in vista.

Does Anyone have any suggestions....preferably for a windows 2008 server side modification?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Neil ThompsonSenior Systems DeveloperCommented:

I've had problems with using older clients (RDP 5) with Terminal Server 2008 and what I found is that the Remote Desktop settings on the server seem to be over riding the terminal services settings.

To get it to work I had to un-install the terminal services role and get remote desktop working (dropping security/encryption) and once that worked, re-installed the terminal services role.

Hope that helps.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.