automotivela.blogg.se

We have a new Windows Servers 2012R2 RDS server Farm comprising a number of Physical Windows 2012R2 servers and Virtual Windows 2012R2 servers.

Alternatively, if there is a solution to allow the connection to fallback to the RDP Security layer if NLA fails, I would happily accept that as well. In summary, looking for a way to enable SSL/TLS but to disable NLA. We are not interested in using RDweb and are looking for a solution to the problem above. The password change functionality via RDweb. I am aware that there are "patches" available for this issue but I am also aware that they 1) only change the error message displayed on the client side and 2) only enable To me this would seem to indicate NLA is separate from SSL/TLSĪnd that there should be the ability to utilize SSL/TLS WITHOUT NLA. One oddity to note is that Windows Server 2003 allows either the RDP Security layer or SSL/TLS to be used but does not support NLA. To the RDP security layer and the connection just fails. However, in my experience NLA is used if it is supported and there is no mechanism in place for the connection to "fall back" However, if SSL/TLS or negotiate is selected, theĬonnection fails indicating the password is expired without any prompt to change it.ĭocumentation on this is a bit unclear, however it all seems to indicate that this should ONLY be an issue if NLA is REQUIRED. When using the RDP security layer, this is fairly straight forward as they can provide their credentials and are immediately prompted to change their password. When setting up a new user we require that they change Requirement: Enable SSL/TLS for RDP connections to provide RDS host identity validation and use "current" encryption standardsīackground: We have a fairly large number of remote users in a BYOD situation where the user does not EVER have direct access to the corporate network from a corporate device on the network. So the crux of the issue is this: NLA does not allow users with expired passwords or whose account has been configured to require a password change on next logon to log into a Remote Desktop Server.