JOE-BULLITT
asked on
Cannot log into TS Web Access or TS Gateway from (only) XP computers
Hello.
I am running Server 2008 R2 and am hosting terminal services, with RemoteApp web access and TS Gateway access.
Everything works fine from Vista and Windows 7, but every XP machine is unable to run RemoteApp or RDP.
The XP machine can get past the login page at RemoteApp, but trying to run any applications results in the server requesting the password over and over. On the server, the security logs report bad password attempts, but it is absolutely not an issue of the password being mistyped.
I am aware of the CredSSP feature and have made the registry adjustment to turn it on. http://support.microsoft.com/kb/951608
Can anyone suggest something to try next, please? I am totally stumped here. XP clients can connect, but absolutely refuse to authenticate.
Thanks for any advice!
Joe
I am running Server 2008 R2 and am hosting terminal services, with RemoteApp web access and TS Gateway access.
Everything works fine from Vista and Windows 7, but every XP machine is unable to run RemoteApp or RDP.
The XP machine can get past the login page at RemoteApp, but trying to run any applications results in the server requesting the password over and over. On the server, the security logs report bad password attempts, but it is absolutely not an issue of the password being mistyped.
I am aware of the CredSSP feature and have made the registry adjustment to turn it on. http://support.microsoft.com/kb/951608
Can anyone suggest something to try next, please? I am totally stumped here. XP clients can connect, but absolutely refuse to authenticate.
Thanks for any advice!
Joe
Adrian Cantrill
what version of mstsc are on the clients... is the server set to require network level authentication, and can the client version support it...6.1 or over i think.
RemoteApp (or TS RemoteApp) is a special mode of Remote Desktop Services, available only in Remote Desktop Connection 6.1 and above (with Windows Server 2008 being the RemoteApp server), where a remote session connects to a specific application only, rather than the entire Windows desktop. The RDP 6.1 client ships with Windows XP SP3, KB952155 for Windows XP SP2 users,[11] Windows Vista SP1 and Windows Server 2008
---
I guess im checking what SP the windows XP machines are running ?
---
I guess im checking what SP the windows XP machines are running ?
ASKER
Thanks for all the comments.
I have tried this with XPSP2/RDP 6.1, and also XPSP3/RDP 6.1, and XPSP3/RDP 7.0 And have no success getting an account from XP machine to authenticate.
(It seems like it should work. I figured it anything it could have been CredSSP, but alas it is not.)
I have tried this with XPSP2/RDP 6.1, and also XPSP3/RDP 6.1, and XPSP3/RDP 7.0 And have no success getting an account from XP machine to authenticate.
(It seems like it should work. I figured it anything it could have been CredSSP, but alas it is not.)
What error do you get after repeated password entries, anything on the client or serverside ?
Sorry - not sure if you answered my previous query or not, is your server set to allow connections ONLY from NLA clients ? it maybe worth changing the value to the reverse and observe the result.
ASKER
Hi Woolnoir.
The error message is 4625 unknown username or bad password. But I am am absolutely entering the correct password with the correct username sysntax (domain\username). I have even tried it with the local administrator credentials, and it will not accept a password.
When you ask about the server only accepting NLA clients, do you mean in the RDP registry?
HKLM\System\CurrentControl
Thanks.
The error message is 4625 unknown username or bad password. But I am am absolutely entering the correct password with the correct username sysntax (domain\username). I have even tried it with the local administrator credentials, and it will not accept a password.
When you ask about the server only accepting NLA clients, do you mean in the RDP registry?
HKLM\System\CurrentControl
Thanks.
ASKER
Oh, right. Sorry for my confusion.
Yes, it is set to allow connections from all computers running any version of RDP.
Yes, it is set to allow connections from all computers running any version of RDP.
then you shouldn't need to configure CREDSSP - im wondering if there is a conflict happening between that and the TS server.
Need to have a think.
Need to have a think.
ASKER
Right, which is why I am baffled that only XP cannot authenticate. (BTW, every XP machine, CREDSSP configured or not, will not pass credentials.)
Still thinking about this one - i guess you haven't had any progress or inspiration in the meanwhile.
ASKER
I am still inspired - but no progress yet. :-)
I am racking my brain here... when I set this up I did have a challenge with the SSL certificate, but I resolved it and have it working. Is there anything with SSL certs that are unique to XP as opposed to Win 7 or Vista?
I am racking my brain here... when I set this up I did have a challenge with the SSL certificate, but I resolved it and have it working. Is there anything with SSL certs that are unique to XP as opposed to Win 7 or Vista?
I think there are some changes to which Certification people the OS supports, but something like that would show up as a pretty obvious error within the browser or OS... I'll have another think about this tonight - just twisting my brain around a Mac issue currently.
ASKER
I appreciate your assistance very much!
do you have a domain or local group on the TS server called "Windows Authorization Access Group" - a associate has suggested adding the TS server machine account to this group if it isnt already. Can you have a poke acount and let me know how it is on your domain/server ?
I am racking my brain here... when I set this up I did have a challenge with the SSL certificate, but I resolved it and have it working. Is there anything with SSL certs that are unique to XP as opposed to Win 7 or Vista?
--------------
who was the SSL certificate from, and do your XP machines trust the SSL certificate being used... just having a think around this sorta area atm.
--------------
who was the SSL certificate from, and do your XP machines trust the SSL certificate being used... just having a think around this sorta area atm.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
V.nice Joe - glad you got there in the end, only hope my random ideas helped in some way :)