The "The remote computer requires Network Level Authentication, which your computer does not support." error is what you get when you try to connect to computer running Windows Vista with using recently updated Remote Desktop Client.
It looks like Windows XP doesn't support Network Level Authentication even with the new Remote Desktop Client so you will have to turn NLA off in Vista.
Got to System Properties and select "Allow connections from computer running any version of Remote Desktop (less secure). It's less secure, but it works.
Solution:
To enable NLA in XP machines; first install XP SP3, then edit the registry settings on the XP client machine to allow NLA
• Configure Network Level Authentication
1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Exit Registry Editor.
9. Restart the computer.
Now when you run remote desktop you will notice that Network Level Authentication is supported. To check this, right-click the top left hand corner of a remote desktop session and choose, Help > About
http://support.microsoft.com/kb/951608/
Description of the Credential Security Support
Provider (CredSSP) in Windows XP Service Pack 3
CredSSP is a new Security Support Provider (SSP) that is available in Windows XP SP3 by using the Security Support Provider Interface (SSPI). CredSSP enables a program to use client-side SSP to delegate user credentials from the client computer to the target server. (The target server is accessed by using server-side SSP). Windows XP SP3 involves only the client-side SSP implementation. The client-side SSP implementation is currently being used by Remote Desktop Protocol (RDP) 6.1 Terminal Services (TS). However, the client-side SSP implementation can be used by any third-party program that is willing to use the client-side SSP to interact with programs that are running server-side SSP implementations in Windows Vista or in Windows Server 2008.
To download the CredSSP protocol specification, visit the following Microsoft Web site:
For more information about the AcquireCredentialsHandle (CredSSP) function, visit the following Microsoft Web site:
For more information about CredSSP Group Policy settings, visit the following Microsoft Web site:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: AllowDefaultCredentials
Value data: 00000001
REG_DWORD: ConcatenateDefaults_AllowDefault
Value data: 00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials
"1"="TERMSRV/*"
To download the CredSSP protocol specification, visit the following Microsoft Web site:
http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/%5BMS-CSSP%5D.pdf
(http://download.microsoft.com/download/9/5/e/95ef66af-9026-4bb0-a41d-a4f81802d92c/%5bms-cssp%5d.pdf)
Note By default, CredSSP is turned off in Windows XP SP3.(http://download.microsoft.com/download/9/5/e/95ef66af-9026-4bb0-a41d-a4f81802d92c/%5bms-cssp%5d.pdf)
Back to the topHow to turn on CredSSP
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:322756
(http://support.microsoft.com/kb/322756/
)
How to back up and restore the registry in Windows
(http://support.microsoft.com/kb/322756/
)
How to back up and restore the registry in Windows
- Click Start, click Run, type regedit, and then press ENTER.
- In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- In the details pane, right-click Security Packages, and then click Modify.
- In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
- In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
- In the details pane, right-click SecurityProviders, and then click Modify.
- In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
- Exit Registry Editor.
- Restart the computer.
Scenarios for using CredSSP
Scenario 1: Programmatically use the SSP
You can now use CredSSP to perform client-side authentication in Windows XP SP3. You can use CredSSP together with authentication APIs to successfully authenticate the server-side counterpart programs that are running in Windows Vista or in Windows Server 2008.For more information about the AcquireCredentialsHandle (CredSSP) function, visit the following Microsoft Web site:
http://msdn2.microsoft.com/en-us/library/aa965463(VS.85).aspx
(http://msdn2.microsoft.com/en-us/library/aa965463(VS.85).aspx)
For more information about the InitializeSecurityContext (CredSSP) function, visit the following Microsoft Web site:(http://msdn2.microsoft.com/en-us/library/aa965463(VS.85).aspx)
http://msdn2.microsoft.com/en-us/library/aa965582.aspx
(http://msdn2.microsoft.com/en-us/library/aa965582.aspx)
(http://msdn2.microsoft.com/en-us/library/aa965582.aspx)
Scenario 2: Use Terminal Services to connect to Windows Vista or to Windows Server 2008 from Windows XP SP3
- Use Terminal Services together with the Single Sign-On experience to connect to a Windows Vista-based computer or to a Windows Server 2008-based computer from a Windows XP SP3-based computer by using default (preset) credentials. This feature requires you to modify registry keys that are related to credential delegation.
- Use Terminal Services to connect from a Windows XP SP3-based computer to a Windows Vista-based computer or to a Windows Server 2008-based computer when Network Level Authentication (NLA) is enforced.
CredSSP Group Policy settings
Windows XP SP3 supports CredSSP Group Policy settings that are specific to credentials delegation as it applies in Windows Vista or in Windows Server 2008. However, the CredSSP Group Policy settings are not available as a Group Policy object (GPO) in Windows XP SP3. The CredSSP Group Policy settings can be applied by creating or by modifying registry entries for the required CredSSP Group Policy setting. The registry entries contain the list of server Service Principal Names (SPNs) for which the associated Group Policy setting applies. Additionally, the registry entries contain the serial number of the servers.For more information about CredSSP Group Policy settings, visit the following Microsoft Web site:
http://msdn2.microsoft.com/en-us/library/bb204773(VS.85).aspx
(http://msdn2.microsoft.com/en-us/library/bb204773(VS.85).aspx)
The following registry keys correspond to Group Policy settings:(http://msdn2.microsoft.com/en-us/library/bb204773(VS.85).aspx)
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: AllowDefaultCredentials
Value data: 1 (enable) 0 (disable)
REG_DWORD: ConcatenateDefaults_AllowDefault
Value data: 1 (enable) 0 (disable)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials
"<serial_no>"="<server SPN>" - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: AllowDefCredentialsWhenNTLMOnly
Value data: 1 (enable) 0 (disable)
REG_DWORD: ConcatenateDefaults_AllowDefNTLMOnly
Value data: 1 (enable) 0 (disable)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefCredentialsWhenNTLMOnly
"<serial_no>"="<server SPN>" - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: AllowFreshCredentials
Value data: 1 (enable) 0 (disable)
REG_DWORD: ConcatenateDefaults_AllowFresh
Value data: 1 (enable) 0 (disable)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentials
"<serial_no>"="<server SPN>" - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: AllowFreshCredentialsWhenNTLMOnly
Value data: 1 (enable) 0 (disable)
REG_DWORD: ConcatenateDefaults_AllowFreshNTLMOnly
Value data: 1 (enable) 0 (disable)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentialsWhenNTLMOnly
"<serial_no>"="<server SPN>" - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: AllowSavedCredentials
Value data: 1 (enable) 0 (disable)
REG_DWORD: ConcatenateDefaults_AllowSaved
Value data: 1 (enable) 0 (disable)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials
"<serial_no>"="<server SPN>" - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: AllowSavedCredentialsWhenNTLMOnly
Value data: 1 (enable) 0 (disable)
REG_DWORD: ConcatenateDefaults_AllowSavedNTLMOnly
Value data: 1 (enable) 0 (disable)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly
"<serial_no>"="<server SPN>" - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: DenyDefaultCredentials
Value data: 1 (enable) 0 (disable)
REG_DWORD: ConcatenateDefaults_DenyDefault
Value data: 1 (enable) 0 (disable)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\DenyDefaultCredentials
"<serial_no>"="<server SPN>" - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: DenyFreshCredentials
Value data: 1 (enable) 0 (disable)
REG_DWORD: ConcatenateDefaults_DenyFresh
Value data: 1 (enable) 0 (disable)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\DenyFreshCredentials
"<serial_no>"="<server SPN>" - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: DenySavedCredentials
Value data: 1 (enable) 0 (disable)
REG_DWORD: ConcatenateDefaults_DenySaved
Value data: 1 (enable) 0 (disable)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\DenySavedCredentials
"<serial_no>"="<server SPN>"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation
REG_DWORD: AllowDefaultCredentials
Value data: 00000001
REG_DWORD: ConcatenateDefaults_AllowDefault
Value data: 00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials
"1"="TERMSRV/*"
APPLIES TO
- Microsoft Windows XP Service Pack 3
http://support.microsoft.com/kb/951608/
