Hi,
I have special circumstances where I need to connect (RDP using MSTSC) to a Windows server that enforces RDP over TLS, but without NLA (enablecredsspsupport:i:0 in the RDP file, the server allow this).
On some clients (I saw this only with Windows Server 2012 R2 clients) I'm getting the following error: "The connection cannot proceed because authentication is not enabled . . .".
The only thing I found online was to change the authentication level, which didn't help.
I analyzed the traffic using Wireshark and I believe the problem is with the RDP negotiation, where the client sends a list of it's supported security protocols. If I connect from the same client with NLA (enablecredsspsupport:i:1) I get this:
requestedProtocols:
.... .... .... .... .... .... .... ...1 = TLS security supported: True
.... .... .... .... .... .... .... ..1. = CredSSP supported: True
.... .... .... .... .... .... .... 1... = Early User Authorization Result PDU supported: True
But if I connect with enablecredsspsupport:i:0 I get this:
requestedProtocols:
.... .... .... .... .... .... .... ...0 = TLS security supported: False
.... .... .... .... .... .... .... ..0. = CredSSP supported: False
.... .... .... .... .... .... .... 0... = Early User Authorization Result PDU supported: False
Where I would expect this (I do get this with some clients):
requestedProtocols:
.... .... .... .... .... .... .... ...1 = TLS security supported: True
.... .... .... .... .... .... .... ..0. = CredSSP supported: False
.... .... .... .... .... .... .... 0... = Early User Authorization Result PDU supported: False
It seems like for some reason disabling CredSSP on the client also disables TLS.
I would appreciate if someone could help me figure out what's happening.
Thanks,
Gabriel