[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2756
  • Last Modified:

network level authentication for RDP

I am running windows server 2008 R2, with the NLA enabled.

On my windows 7 pro desktop, it looks like my NLA is not supported, so how do I install NLA on my PC, so I can RDP into my server?
0
afacts
Asked:
afacts
1 Solution
 
slidingfoxCommented:
Windows 7 has the Remote Desktop client that supports NLA built in. You shouldn't have to install anything.

Are you getting an error when you try to connect?
0
 
XaelianCommented:
Have you configured NLA like this?
http://technet.microsoft.com/en-us/library/cc732713.aspx

Windows 7 has NLA build in, but I've seen your issue before. The following steps will guide you through the process of making it work.

1.Click Start, click Run, type regedit, and then press ENTER.
2.In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3.In the details pane, right-click Security Packages, and then click Modify.
4.In the Value data box, add tspkg. Leave any data that is specific to other SSPs, and then click OK.
5.In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6.In the details pane, right-click SecurityProviders, and then click Modify.
7.In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8.Exit Registry Editor.
9.Restart the computer.
0
 
afactsAuthor Commented:
Thanks, the NLA was not supported was my message, but I followd your instructions from 1 to 9, and everything was there, except the credssp.dll (file), I added that, restarted and now it works.   Awesome, somehow the installation got corrupt or something.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
MaybethCommented:
I am having the same issue however, when I check my registry settings for Lsa under step 2 I find it already has tspkg and others:
kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
livessp

and when I check the SecurityProviders in step 5, the credssp.dll is already there as well and yet I still cannot connect.  I am using Windows 7 with RDP version 8.1  Any ideas?
0
 
afactsAuthor Commented:
Maybeth, I followed this process everytime and it worked everytime.

Have you configured NLA like this?
http://technet.microsoft.com/en-us/library/cc732713.aspx

Windows 7 has NLA build in, but I've seen your issue before. The following steps will guide you through the process of making it work.

1.Click Start, click Run, type regedit, and then press ENTER.
2.In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3.In the details pane, right-click Security Packages, and then click Modify.
4.In the Value data box, add tspkg. Leave any data that is specific to other SSPs, and then click OK.
5.In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6.In the details pane, right-click SecurityProviders, and then click Modify.
7.In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8.Exit Registry Editor.
9.Restart the computer
0
 
MaybethCommented:
We do not have RD Session Host Server installed.  The way it was set was through the Remote Settings on the System using the control panel.  We selected the "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) on the server.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now