Enable NLA on Windows XP for RDP

Overview

Windows XP presents some barriers to Remote Desktop (RDP) when connecting to computers with Network Level Authentication (NLA) enabled.  Luckily, Microsoft has released a couple of hot fixes and VNCScan has written into it a feature that still allow you to connect to Windows 7 and above computers with NLA enabled.

You will need to do this if you cannot connect to a remote computer with NLA and if you get the following error:

“An authentication error has occurred. The specified target is unknown or unreachable.”

Warning: The hotfixes from Microsoft below are not fully regression tested and should be installed in a lab environment before placing it into production.

Downloads

For your convenience, I have placed direct download links to the hotfixes below. 

•  Microsoft RDP 7.0 Update for Windows XP SP3
•  WindowsXP-KB953760-v2-x86-ENU.exe (For XP SP3 only)
•  WindowsXP-KB953760-x86-ENU.exe (For XP SP3 only)
•  Bozteck VNCScan RDP Manager (Latest version)

Instructions

1. Download all of the items above
2. Install the RDP 7.0 update
3. Install both of the hot fixes and then reboot
4. Install Bozteck VNCScan and run it for the first time.  If prompted, please reboot.

When VNCScan is ran for the first time, it checks to see if NLA has been enabled for the RDP client on your computer.  If not, it sets it to be enabled and then prompts you to reboot your computer for it to take effect.

You could also enable NLA manually by following the instructions below if you do not wish for VNCScan to do it for you:

1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Exit Registry Editor.
9. Restart the computer.