While setting up a lab running Remote Desktop Gateway on Windows Server 2012 R2 I came across a strange problem. I was able to connect through the RD Gateway using some machines but not others.
On the machines that were failing I got the following message when trying to connect:
"Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance."
After much pulling of hair I narrowed it down to something to do with the KB2592687 update. This update installs RDP version 8.0 on Windows 7 SP1 machines. This update was present on both the machine I was trying to connect to and on the clients that were failing. There is a list of known problems in knowledge base article but none of them applied to my setup.
More searching found loads of red herrings, then I discovered this post. It mentions LAN manager authentication level settings (Local security policy->Local Policies->Security Options->Network Security: LAN Manager authentication level). On the failing client it was set to "Send LM & NTLM - user NTLMv2 session security if negotiated." Changing it to "Send NTLMv2 response only" (which seems is the default on Vista and above) made the connection work.
I often find myself searching the internet for things I know can be done, but can't quite remember how to do. This blog attempts to bring some of these cerebrally elusive items together along with information or opinions on subjects I find myself interested in or having to do as a Sys Admin.
Sunday, 15 December 2013
Remote desktop gateway connections failing when KB2592687 installed.
Labels: KB2592687, LAN Manager authentication level, RDP 8, Remote Desktop Gateway, Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to
Subscribe to: Post Comments (Atom)
I spent three days trying to resolve this problem until I found this page. Another article suggested making a change to the LAN Manager but it was the wrong setting. As soon as I changed the value to "Send NTLMv2 response only" the error went away.ReplyDelete
Thank you! straight and to the point