![]() ![]() I can see on both the client and server side that the RDP connection succeeds to a certain point. This could be due to a CredSSP encryption oracle remediation. But of course, we don’t want to use the IP as the cert validation would fail anyway.Īn authentication error has occurred. This works within the domain, but not outside it.īasically, we always see this CredSSP error when NTLM is disabled and NLA is enabled and going cross-domain, no matter which encryption method is utilised:Īlso tried with IP-only – same result. Sadly, setting all this up, with NLA still enabled, doesn’t even show the certificate warning dialog that one sees when connecting to a host for the first time. Some say that it can be done, but the authentication is done with a server-side SSL/TLS certificate and the encryption is done over TLS 1.0 (seems to be the most recent TLS protocol in the RDP security group policy). Some say that having NTLM disabled but with NLA enabled is not currently possible. I’ve scoured many forums, articles, blogs, etc Are Microsoft under the impression that RDP (cross-domain) should still work after NTLM is disabled but with NLA still enabled?ĭisabling NTLM breaks cross-domain RDP, unless NLA is disabled.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |