Enabling CredSSP Protocol and Network Level Authentication on Windows XP SP3 RemoteApps

RemoteApp is an application delivery method of Windows 2008 Remote Services using remote desktop mechanism. It’s in primitive state and there are security concerns, but it is fast and promising. When we setup this service for the first time, some users could not connect to the remoteapp and a pop up error occurred saying “The remote computer requires Network Level Authentication“. This error occurred only in Windows XP SP3 clients.

The error message

The error message

Network Level Authentication is an authentication method that can be used to enhance RD Session Host server security by requiring that the user be authenticated to the RD Session Host server before a session is created. After some investigation, we found out that to use Network Level Authentication, you must meet the following requirements:

  • The client computer must be using at least Remote Desktop Connection 6.0.
  • The client computer must be using an operating system, such as Windows 7, Windows Vista, or Windows XP with Service Pack 3, that supports the Credential Security Support Provider (CredSSP) protocol.
  • The RD Session Host server must be running Windows Server 2008 R2 or Windows Server 2008.

Since our clients were fully patched, it seemed that CredSSP protocol was not enabled in our XP clients. Looking further on this, we find out a related article from Microsoft at http://support.microsoft.com/kb/951608.

You can download a Microsoft Fix it executable at http://go.microsoft.com/?linkid=9758284 to turn on CredSSP protocol on Windows XP SP3 or try the registry modification mentioned in Microsoft’s article.


3 thoughts on “Enabling CredSSP Protocol and Network Level Authentication on Windows XP SP3 RemoteApps

  1. Hi Nikos Chrissostomidis,

    Thanks much for the useful details, very helpful.

    BTW, I have a question. Is it mandatory to enable CredSSP if we want to enable Network Level Authentication for RDP?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s