XP SP3 Remote Desktop supports network level authentication

One thing with SP3 is that Remote Desktop has been updated to V6.1. Check out the related webpages and learn that Remote Desktop with 6.0 or higher supports NLA (Network Level Authentication). NLA says it's the way to authenticate before you go to the remote desktop, instead of authenticating it when you log in. By default, Vista is "only allowed to run remote computer connections with network authentication." Ever since, I have failed with SP3 and Vista.

The online solution is to set the remote desktop connection mode of vista to "Allow any version of Remote Desktop Connection". This downgrade to adapt to XP, I thought it was a retrogression, otherwise upgrading XP remote desktop to 6.1 does not make any sense. Therefore, in the partner newsgroup, I asked Microsoft engineers:

The initial answer from Microsoft engineers was that XP does not support NLA. I later corrected that SP3 supports NLA and told me to follow the following methods to make XP support NLA. He gave me a KB: http://support.microsoft.com/kb/951608/

The NLA operation is:

1. Click Start, click Run, type regedit And press ENTER.
2. In navigation pane,locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa
3. In the details pane, right-click SecurityProviders, then Single Click to modify.
4. In the Value data box, type tspkg. Leave any data specific to other SSPs, and then click OK.
5. In navigation pane,locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders
6. in details pane, right-click SecurityProviders, and then click Modify .
7. In the Value data box, type credssp.dll. Leave any data specific to other SSPs, and then click OK.
8. exit Registry Editor.
9. Please restart your computer.

By KB operation, you can see support for network level authentication in XP Remote Desktop.

Enter the IP of the vista host, oh, yes, require authentication:

Unfortunately, an authentication error occurred: authentication occurred Error (Code: 0x80090303)

Once again, to Microsoft engineers, the engineer does not know the specific location, but provides some troubleshooting methods. Finally, it is to check the fault by crawling the network package. It is because I am remotely. When connecting, the IP address is entered instead of the computer name (VISTA joins the domain, XP does not add the domain, and XP's DNS is different from VISTA, not in the same network segment), causing Kerberos authentication to fail. Add domain name and domain name resolution of the vista machine to the HOST file, and finally connect successfully.

I am puzzled why I have to enter the computer name instead of IP, because we usually use ip to connect to the target host. The answer given by the engineer is:

This is also kerberos The characteristics of the verification are determined. To perform kerberos verification, the SPN (service principle name) is used. The SPN is registered with the computer name. So we must use the computer name to connect to Windows Vista, not the IP address. I don't know much, but this question is a dead end.