Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cannot log into TS Web Access or TS Gateway from (only) XP computers

Posted on 2010-08-23
19
Medium Priority
?
1,517 Views
Last Modified: 2013-11-21
Hello.

I am running Server 2008 R2 and am hosting terminal services, with RemoteApp web access and TS Gateway access.  

Everything works fine from Vista and Windows 7, but every XP machine is unable to run RemoteApp or RDP.  

The XP machine can get past the login page at RemoteApp, but trying to run any applications results in the server requesting the password over and over.  On the server, the security logs report bad password attempts, but it is absolutely not an issue of the password being mistyped.

I am aware of the CredSSP feature and have made the registry adjustment to turn it on.  http://support.microsoft.com/kb/951608

Can anyone suggest something to try next, please?  I am totally stumped here.  XP clients can connect, but absolutely refuse to authenticate.

Thanks for any advice!
Joe
0
Comment
Question by:JOE-BULLITT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 7
19 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 33504368
what version of mstsc are on the clients... is the server set to require network level authentication, and can the client version support it...6.1 or over i think.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33504421
RemoteApp (or TS RemoteApp) is a special mode of Remote Desktop Services, available only in Remote Desktop Connection 6.1 and above (with Windows Server 2008 being the RemoteApp server), where a remote session connects to a specific application only, rather than the entire Windows desktop. The RDP 6.1 client ships with Windows XP SP3, KB952155 for Windows XP SP2 users,[11] Windows Vista SP1 and Windows Server 2008

---

I guess im checking what SP the windows XP machines are running ?
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 33504546
also RDP client 7 is already out


http://support.microsoft.com/kb/969084

I hope this helps !
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:JOE-BULLITT
ID: 33504605
Thanks for all the comments.
I have tried this with XPSP2/RDP 6.1, and also XPSP3/RDP 6.1, and XPSP3/RDP 7.0  And have no success getting an account from XP machine to authenticate.
(It seems like it should work.  I figured it anything it could have been CredSSP, but alas it is not.)
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33504663
What error do you get after repeated password entries, anything on the client or serverside ?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33504694
Sorry - not sure if you answered my previous query or not, is your server set to allow connections ONLY from NLA clients ? it maybe worth changing the value to the reverse and observe the result.
0
 

Author Comment

by:JOE-BULLITT
ID: 33504841
Hi Woolnoir.

The error message is 4625 unknown username or bad password.  But I am am absolutely entering the correct password with the correct username sysntax (domain\username).  I have even tried it with the local administrator credentials, and it will not accept a password.

When you ask about the server only accepting NLA clients, do you mean in the RDP registry?
HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\UserAuthentication

Thanks.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33504878
0
 

Author Comment

by:JOE-BULLITT
ID: 33504938
Oh, right.  Sorry for my confusion.
Yes, it is set to allow connections from all computers running any version of RDP.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33504960
then you shouldn't need to configure CREDSSP - im wondering if there is a conflict happening between that and the TS server.

Need to have a think.
0
 

Author Comment

by:JOE-BULLITT
ID: 33505287
Right, which is why I am baffled that only XP cannot authenticate.  (BTW, every XP machine, CREDSSP configured or not, will not pass credentials.)
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33509656
Still thinking about this one - i guess you haven't had any progress or inspiration in the meanwhile.
0
 

Author Comment

by:JOE-BULLITT
ID: 33511648
I am still inspired - but no progress yet.  :-)

I am racking my brain here... when I set this up I did have a challenge with the SSL certificate, but I resolved it and have it working.  Is there anything with SSL certs that are unique to XP as opposed to Win 7 or Vista?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33511740
I think there are some changes to which Certification people the OS supports, but something like that would show up as a pretty obvious error within the browser or OS... I'll have another think about this tonight - just twisting my brain around a Mac issue currently.
0
 

Author Comment

by:JOE-BULLITT
ID: 33513102
I appreciate your assistance very much!
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33513327
do you have a domain or local group on the TS server called "Windows Authorization Access Group" - a associate has suggested adding the TS server machine account to this group if it isnt already.  Can you have a poke acount and let me know how it is on your domain/server ?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33515226
I am racking my brain here... when I set this up I did have a challenge with the SSL certificate, but I resolved it and have it working.  Is there anything with SSL certs that are unique to XP as opposed to Win 7 or Vista?

--------------
who was the SSL certificate from, and do your XP machines trust the SSL certificate being used... just having a think around this sorta area atm.
0
 

Accepted Solution

by:
JOE-BULLITT earned 0 total points
ID: 33516545
I figured it out!

In Local Policy on the XP machines, I went to "Network security: LAN Manager authentication level" and changed it to "Send NTLMv2 response only" and am now able to authenticate.

On the server the same policy was set to allow only NTLMv2, and I imagine I could have changed it to accept NTLM, but that would not be what I want.  So I now have a solution for XP users!

Thanks very much for helping!
- Joe
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33518353
V.nice Joe - glad you got there in the end, only hope my random ideas helped in some way :)
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question