entranceRemote computer requires authentication at the XP network level. An authentication error occurred
After installing the update KB4103718 on my computer with Windows 7, I can not remotely connect to the C Server Windows Server 2012 R2 via a remote desktop RDP. After I specify the address of the server's RDP in the MSTSC.exe client window and click "Connect", an error appears:
Connect to a remote desktop
An authentication error occurred.
This feature is not supported.
Remote computer: ComputerName.
After I deleted the update KB4103718 and rebooted the computer, the RDP connection began to work normally. If I understand correctly, this is only a temporary bypass solution, next month will the new cumulative update package arrive and the error will return? Can you advise anything?
Answer
You are absolutely right in the fact that it is meaningless to solve the problem, because you are therefore subjected to your computer risk of exploitation of various vulnerabilities that close patches in this update.
In your problem you are not alone. This error may appear in any operating system Windows or Windows Server (not just Windows 7). Users of English windows version 10 When trying to connect to the RDP / RDS server, a similar error looks like this:
An Authentication Error Has Occurred.
The Function Requested Is Not Supported.
REMOTE COMPUTER: COMPUTERNAME
Error RDP "An Authentication Error Has Occurred" can appear when trying to start RemoteApp applications.
Why is this happening? The fact is that on your computer installed actual updates Safety (released after May 2018), which requires a serious vulnerability in the CREDSSP protocol (Credential Security Support Provider) used to authenticate on RDP servers (CVE-2018-0886) (I recommend it to get acquainted with the article). At the same time, on the RDP / RDS side of the server to which you connect from your computer, these updates are not installed and the NLA (Network Level Authentication / Authentication at the network level) is enabled for RDP access (NETWORK LEVEL Authentication / Authentication). The NLA protocol uses Credssp mechanisms to pre-authenticate users via TLS / SSL or Kerberos. Your computer because of the new security settings that have set up the update you have simply blocks the connection to the remote computer, which uses the Vulnerable Credssp version.
What can be done to correct this error and connect to your RDP server?
- Most correct Method of solving a problem - installation recent updates windows security on the computer / server to which you are connected by RDP;
- Temporary method 1. . You can disable network authentication (NLA) on the RDP server side (described below);
- Temporary method 2.
. You can allow you to connect to RDP servers with an unsafe version of Credssp, as described in the article on the link above. To do this, you need to change the registry key AllowENCryptionOcle (team reg add
HKLM \\ Software \\ Microsoft \\ Windows \\ Currentversion \\ POLICIES \\ System \\ Credssp \\ Parameters / V AllowenCryptionOcle / T Reg_DWORD / D 2) or change local policy settings Encryption Oracle Remediation / Correct the vulnerability of the cipher Oracle) by setting its value \u003d Vulnerable / Leave Vulnerability).This is the only way to access a remote RDP server if you have the possibility of local login to the server (through the ILO console, virtual machine, cloud interface, etc.). In this mode, you can connect to a remote server and install security updates, thus move to the recommended 1 method. After updating the server, do not forget to disable the policy or return the value of the key AllowENCryptionOCLE \u003d 0: REG Add HKLM \\ Software \\ Microsoft \\ Windows \\ Currentversion \\ POLICIES \\ SYSTEM \\ CREDSSP \\ PARAMETERS / V ALLOWENCRYPTIONORACLE / T REG_DWORD / D 0
NLA Disabling for RDP Protocol in Windows
If the server is on the RDP side to which you connect, NLA is turned on, this means that CredSPP is used to extend the RDP user. Disable Network Level Authentication in the properties of the system on the tab Remote access (Remote.) After removing the checkbox "Allow connections only from computers on which the remote desktop is running with authentication at the level of the network / Allow Connection Only From Computers Running Remote Desktop with Network Level Authentication (Recommended)" (Windows 10 / Windows 8).
In Windows 7, this option is called differently. On the tab Remote access You need to select the option " Allow connections from computers with any version of the remote desktop (dangerous) Allow Connections from Computers Running Any Version Of Remote Desktop (Less Secure).
You can also disable network authentication (NLA) using the Local Editor group Policy - gPedit..msc. (In Windows 10 Home, the GPEdit.msc policies editor can be started) or using the domain policy management console - GPMC.MSC. To do this, go to the section Computer Configuration -\u003e Administrative Templates -\u003e ComponentsWindows -\u003e Remote Desktop Services - Remote Desktop Session Node -\u003e Security (Computer Configuration -\u003e Administrative Templates -\u003e Windows Components -\u003e Remote Desktop Services - Remote Desktop Session Host -\u003e Security), disable Require User Authentication for Remote Connections by Using Network Level Authentication).
Also needed in politics " Require the use of a special security level for remote connections via RDP protocol"(Require Use of Specific Security Layer for Remote (RDP) Connections Select Security Level (Security Layer) - RDP..
To apply new RDP settings, you need to update policies (GPUPDATE / FORCE) or restart the computer. After that, you must successfully connect to the remote desktop server.
If you use Windows XP when connected to the server, you may have an error: "Remote computer requires authentication at the network level, which this computer do not support".
This error occurs as follows that initially in Windows XP is not implemented authentication at the network level, this feature Developers were implemented in subsequent OS. Also later the update file was released KB951608. who corrected this error and allowed Windows XP to implement authentication at the network level.
In order for you can connect from your computer running Windows XP to connect to a remote server desktop, you must install Service Pack 3 (SP3), and then do the following:
On the official website of Microsoft on the Russian-speaking page https://support.microsoft.com/ru-ru/kb/951608. Download file automatic correction. Scroll through the page just below and click the "Download" button in the "Help solution" section.
The English-language page is also available. https://support.microsoft.com/en-us/kb/951608. In which you can download this file by clicking the "Download" button in the "How to Turn on Credssp"
After downloading the file will be finished run it on execution. After launch this file You will see the program window. In it in the first step, install a tick on "I accept". In the second step, click "Next"
To execute installation, you will see the following window with the notification "This is a correction Microsoft Fix It was processed. "You can only click" Close ".
After you have pressed the "Close" button, the program will specify you to change the computer to reboot, click "Yes" to restart.
Solve the problem yourself without downloading a file
If you have administrative skills, you can make changes to the registry of your computer manually without resorting to the need to download the correction file.
1. Press the button Start, Select Run, Enter the command regedit. and press the key Enter
Open registry editor.
HKEY_LOCAL_MACHINE \\ SYSTEM \\ CURRENTCONTROLSET \\ Control \\ LSA branch
Open the Security Packages parameter and looking for the word TSPKG. If it is not, add to the already existing parameters.
HKEY_LOCAL_MACHINE \\ SYSTEM \\ CURRENTCONTROLSET \\ CURRAL \\ SecurityProviders branch
Open the SecurityProviders parameter and add to the already existing Credssp.dll providers, if there is no one.
Close Registry Editor.
Now we need to reboot. If this is not done, then the computer will ask us the username and password, but instead of a remote desktop will answer the following:
Here, in fact, all.
Server administrators based on Windows 2008 may be faced with the following problem:
Connecting the RDP protocol to your favorite server from the Windows XP SP3 station fails with the following error:
Remote desktop is disabled.
Remote computer requires authentication at the network level, which this computer does not support. Contact for help to system administrator or in technical support.
And although promising Win7 threatens with time to replace its grandmother WinXP, another year, another problem will be relevant.
This is what needs to be taken to enable authentication mechanism on the network level:
Open registry editor.
Branch HKEY_LOCAL_MACHINE \\ SYSTEM \\ CURRENTCONTROLSET \\ CONTROL \\ LSA
Open the parameter Security Packages. And we are looking for a word tspkg.. If it is not, add to the already existing parameters.
Branch HKEY_LOCAL_MACHINE \\ SYSTEM \\ CURRENTCONTROLSET \\ CONTROL \\ SecurityProviders
Open the parameter SecurityProviders. and add to already existing providers credssp.dll.if there is no one.
Close Registry Editor.
Now we need to reboot. If this is not done, then when you try to connect the computer, you will ask us the username and password, but instead of the remote desktop, the following will answer:
Connect to a remote desktop
Error checking authentication (code 0x507)
Here, in fact, all.