I experienced an issue at a customer site with with a new Remote Desktop Services deployment on Windows Server 2008 R2 when building a Server Farm.
When Windows 7 PC's accessed a RemoteApp or attempted create a remote desktop session using the Microsoft Terminal Services Client (MSTSC.exe) they were able to connect to the farm without problems.
When an Windows XP PC accessed the remote desktop farm, the following error was experienced:
"Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to.  Contact your network administrator for assistance."
After researching the issue it turned out that the RD Session Hosts needed to be configured to use RDP Security as the Security Layer. After installing a custom trusted certificate to the RDP-Tcp connection to ensure users connecting to the session hosts do not receive RDP Certificate not trusted warnings the issue started occuring.
These configuration options can be found under "Remote Desktop Session Host Configuration"
By default the Security layer was set to Negotiate.
Set all servers to RDP Security Layer in your farm to ensure both XP and Windows 7 clients can connect.
 

 
 

 
This comment has been removed by a blog administrator.
ReplyDeleteHello,
ReplyDeleteThanks to all the information it rely helpful to us i need more information's about it.........
Computer shop in Bhubaneswar
This was extremely helpful, thank you very much.
ReplyDeleteThank you so much. This has been a headache for us and luckily I came across your site!
ReplyDeleteVery informative and well written post! Quite interesting and nice topic chosen for the post.
ReplyDeleteHP - Geek Squad Certified Refurbished ENVY 15.6" Laptop - 8GB Memory - Natural Silver
Very helpful. But I have SQL service running the server itself. If I changed to RDP security layer, the SQL users can't authenticate to the server. But if I changed to SSL layer then I can't remote login with RDP. So, should I leave it negotiate ? I have tested yet. Will it works ?
ReplyDeleteClint, I used to get a similar error prompt when I was using Remote Desktop Connection. Eventually I gave up on it. (I'm no tech MVP like yourself... lol) But thankfully, I found RHUB's service, and it's been smooth sailing ever since.
ReplyDeleteClint, I tried your solution and the XP clients with RDP version 7 can now connect. Now all users need to enter their password twice. They are prompted with a Windows 2008 login screen and enter their passwords. The screen blinks and the same screen is presented a second time. This time when they enter the correct password they are logged into the terminal server. I suspect that the first login is for the gateway, and the second is the terminal server they were directed to. It would appear that the RDP Security Layer option does not pass a clients credentials from the RD Gateway to the terminal server.
ReplyDeleteAll servers are Windows 2008R2 Datacenter.
Is there a workaround for this?
Thank you very much, so simple the solution and so helpful!
ReplyDeleteThanks very helpful!
ReplyDeletegreat stuff, this worked with a similar issue I had with a windows xp and windows 8 host connecting to a 2008 r2 host.
ReplyDeleteReal fix for this is to enable credssp for Windows XP - https://support.microsoft.com/en-us/kb/951608. This allows you to keep using TLS rather than go back to RDP security.
ReplyDeleteThanks shareing very nice information...................
ReplyDeleteDesktops Sale in Bhubaneswar
I can't find RD-TCP properties on my computer. please help
ReplyDelete