Remote Desktop Network Level Authentication Not Supported

network-level-authremote desktopwindows-xp

I'm running Windows XP Professional SP3 x86, trying to connect to a system with Windows 7 Ultimate SP1 x64.

Recently, I updated the Remote Desktop Connection software on the XP system in hopes of using Network Level Authentication (NLA) for my connections to the Windows 7 box. After the update, I connected to the Windows 7 box over RDP and enabled NLA believing that the updated client should support it.

After disconnecting and attempting to reconnect, I'm presented with the following error:

The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support.

So, I checked the About page in Remote Desktop Connection to make sure the update had applied. This is what I see.

Remote Desktop Connection
Shell Version 6.1.7600
Control Version 6.1.7600
© 2007 Microsoft Corporation. All rights reserved.
Network Level Authentication not supported.
Remote Desktop Protocol 7.0 supported.

I thought NLA was supposed to be a part of RDP 7.0 clients. Is there a component I'm missing somewhere?

Best Answer

Microsoft has a KB article on this:

http://support.microsoft.com/kb/951608

Specifically, XP doesn't have the right credential provider enabled to allow it. This credential provider, CredSSP, need to be turned on before NLA will work on XP-Sp3. The linked article has a 'Fix it for me' button, or if you'd rather do it by hand, there are a couple of registry settings that need to be entered. A reboot needs to happen for this to take effect.

    1.  Click Start, click Run, type regedit, and then press ENTER.
    2. In the navigation pane, locate and then click the following registry subkey:
         HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    3. In the details pane, right-click Security Packages, and then click Modify.
    4. In the Value data box, type tspkg. Leave any data that is specific to other
         SSPs, and then click OK.
    5. In the navigation pane, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
    6. In the details pane, right-click SecurityProviders, and then click Modify.
    7. In the Value data box, type credssp.dll. Leave any data that is specific to 
         other SSPs, and then click OK.
    8. Exit Registry Editor.
    9. Restart the computer.

Related Topic