Let XP SP3 also support network level authentication!

  
        

Let XP SP3 also support network level authentication!

One thing with SP3 is that Remote Desktop has been updated to V6.1. Check out the related webpages and learn that Remote Desktop with 6.0 or higher supports NLA (Network Level Authentication). NLA says it's the way to authenticate before you go to the remote desktop, instead of authenticating it when you log in. Vista defaults to "only allow remote computer connections with network authentication to be connected". Ever since, I have failed with SP3 and Vista.


The online solution is to set vista's remote desktop connection mode to "Allow any version of Remote Desktop Connection". This downgrade to adapt to XP, I thought it was a retrogression, otherwise upgrading XP remote desktop to 6.1 does not make any sense. The initial answer from Microsoft engineers was that XP does not support NLA. I later corrected that SP3 supports NLA and told me to follow the following methods to make XP support NLA. He gave me a KB: http://support.microsoft.com/kb/951608/

The NLA operation is:

1. Click Start, click Run, type regedit And press ENTER. 2. In navigation pane,locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa 3. In the details pane, right-click SecurityProviders, and then click Modify. 4. In the Value data box, type tspkg. Leave any data specific to other SSPs, and then click OK. 5. In navigation pane,locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders 6. in details pane, right-click SecurityProviders, and then click Modify . 7. In the Value data box, type credssp.dll. Leave any data specific to other SSPs, and then click OK. 8. exit Registry Editor. 9. Please restart your computer. .

By KB operation, you see support for network level authentication in XP Remote Desktop.
Enter the IP of the vista host, hey, yes, require authentication:

Unfortunately, an authentication error occurred: an authentication error occurred (code: 0x80090303)

again to Microsoft engineers, engineers I don't know the specifics, but I provided some troubleshooting methods. Finally, I took the network package to troubleshoot the problem. I found that it was because I entered the IP address instead of the computer name when I made the remote connection (VISTA joined the domain). XP does not add a domain, and XP's DNS is different from VISTA, not in the same network segment, causing Kerberos authentication to fail. Add domain name and domain name resolution of the vista machine to the HOST file, and finally connect successfully.

I am puzzled why I should enter a computer name instead of IP, because we usually use ip to connect to the target host. The answer given by the engineer is: This is also determined by the characteristics of kerberos authentication. To perform kerberos verification, the SPN (service principle name) is used. The SPN is registered with the computer name. So we must use the computer name to connect to Windows Vista, not the IP address.

Copyright © Windows knowledge All Rights Reserved