Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1108
  • Last Modified:

Cannot Access Windows Server 2008 Terminal Server Using Vista Client

Cannot Access windows 2008 terminal server using a vista client.  Note that this vista client computer can connect to terminal services on a Windows Server 2003.  Note also that XP clients have no problems accessing the Windows 2008 Terminal Server...as well as accessiing terminal services on a windows server 2003.

Note also that under Terminal Services configuration, Negotioate using network layer security only is off.  All configuration options under rdp-tcp have been set to allow "lowest common denominator".  Also, all configurations in active directory are correct because access can be made by all xp clients to the windows server 2008 terminal services.  

The only problem is that vista clients cannot access Server 2008 terminal services via their RDP.
  • 2
1 Solution
On the Vista machine, Go Start -> Run -> type "MSTSC" and hit enter. Then go to "Options" and then the "Advanced" tab. What option is selected under "Server Authentication"?
cruisepakAuthor Commented:
Authentication Options on vista client are "Always Connect, even if authentication fails".  i've tried all those options. It's funny as well that all vista clients are having this issue so it does point me to the Windows Server 2008 side of the issue.    
cruisepakAuthor Commented:
More Research......(on my own issue mind you).

It looks like credssp looks to be the issue.  XP clients do not utilize CredSSP (disabled in SP3).  thus, when XP clients connect to Windows Terminal Server, Kerbos is the common authentication protocol.  Conversely, when vista clients connect to a Windows 2003 Terminal Server, CredSSP is not present in Server 2003...and thus Kerbos is the lowest common denominator.  XP to a Server 2003 session is governed by Kerbos.

The problem lies therefore in CredSSP being the default protocol between vista clients and windows Server 2008 terminal server sessions.  The trick now is to either a) disable CredSSP on the windows 2008 server so that kerbos is used...or to disable CredSSP in Vista clients (all flavors).

I can't find any group policies in Server 2008 to allow this and Vista Home Premium and Basic have no group policy editor (gpedit.msc) so there is no way to disable it in vista.

Does Anyone have any suggestions....preferably for a windows 2008 server side modification?
Neil ThompsonSenior Systems DeveloperCommented:

I've had problems with using older clients (RDP 5) with Terminal Server 2008 and what I found is that the Remote Desktop settings on the server seem to be over riding the terminal services settings.

To get it to work I had to un-install the terminal services role and get remote desktop working (dropping security/encryption) and once that worked, re-installed the terminal services role.

Hope that helps.

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now