Don’t allow connections to this computer
Allow connections from computers running any version of Remote Desktop (less secure)
Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)

windows_server_2008_remote_desktop_properties

At first blush, you would probably choose the “more secure” option. Practically, this mainly means that it only allows connections from the latest Remote Desktop software in Windows Vista. It is probably another attempt by Microsoft to force consumers and businesses into upgrading to Windows Vista. But… I digress.

When connecting with an older Terminal Services (TS) client in XP or even Vista, you will get this message:

“Remote computer requires Network Level Authentication, which your computer doesn’t support”

the-remote-computer-requires-network-level-authentication11

Not all is lost. There are two ways around this. The first and most obvious solution is to select the less secure option and disabled Network Level Authentication (NLA). If you are in an environment that does not allow this change, or there are some other circumstances where you need to keep Network Level Authentication enabled, you can get a Remote Desktop connection from Windows XP.

The first step is to download the latest Remote Desktop Client for Windows XP. As of the writing of this article, the latest version is 6.1.

For XP SP3: here

For XP SP2: here

That is not it. For XP, you need to enable CredSSP – Credential Security Service Provider.

CredSSP is a new Security Service Provider (SSP) that is available in Windows XP SP3 by using the Security Service Provider Interface (SSPI). CredSSP enables a program to use client-side SSP to delegate user credentials from the client computer to the target server.

Directions on how do do this are available at Microsoft here:

http://support.microsoft.com/kb/951608/

The quick and dirty summary:

Click Start, click Run, type regedit, and then press ENTER.
In the navigation pane, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
In the details pane, right-click Security Packages, and then click Modify.
In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
In the navigation pane, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
In the details pane, right-click SecurityProviders, and then click Modify.
In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
Exit Registry Editor.
Restart the computer.

==============================================================================

Configure Network Level Authentication for Remote Desktop Services Connections

Network Level Authentication is an authentication method that can be used to enhance RD Session Host server security by requiring that the user be authenticated to the RD Session Host server before a session is created.

Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears. This is a more secure authentication method that can help protect the remote computer from malicious users and malicious software. The advantages of Network Level Authentication are:

It requires fewer remote computer resources initially. The remote computer uses a limited number of resources before authenticating the user, rather than starting a full remote desktop connection as in previous versions.
It can help provide better security by reducing the risk of denial-of-service attacks.

To use Network Level Authentication, you must meet the following requirements:

The client computer must be using at least Remote Desktop Connection 6.0.
The client computer must be using an operating system, such as Windows 7, Windows Vista, or Windows XP with Service Pack 3, that supports the Credential Security Support Provider (CredSSP) protocol.
The RD Session Host server must be running Windows Server 2008 R2 or Windows Server 2008.

Use the following procedure to configure Network Level Authentication for a connection.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at
http://go.microsoft.com/fwlink/?LinkId=83477
.

To configure Network Level Authentication for a connection

On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point toAdministrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
Under Connections, right-click the name of the connection, and then click Properties.
On the General tab, select the Allow connections only from computers running Remote Desktop with Network Level Authentication check box.If the Allow connections only from computers running Remote Desktop with Network Level Authentication check box is selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and has been applied to the RD Session Host server.
Click OK.

The Network Level Authentication setting for an RD Session Host server can also be set in the following ways:

During the installation of the RD Session Host role service in Server Manager, on the Specify Authentication Method for Remote Desktop Session Host page in theAdd Roles Wizard.
On the Remote tab in the System Properties dialog box on an RD Session Host server.If the Allow connections from computers running any version of Remote Desktop (less secure) is not selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and has been applied to the RD Session Host server.To configure the Network Level Authentication setting by using the Remote tab in the System Properties dialog box on an RD Session Host server, see Change Remote Connection Settings.
By applying the Require user authentication for remote connections by using Network Level Authentication Group Policy setting.This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC). Note that the Group Policy setting will take precedence over the setting configured in Remote Desktop Session Host Configuration or on the Remote tab.

To determine whether a computer is running a version of Remote Desktop Connection that supports Network Level Authentication, start Remote Desktop Connection, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. Look for the phrase Network Level Authentication supported in theAbout Remote Desktop Connection dialog box.

Leave a comment

Posted by Rezwan on February 10, 2013 in Information Technology

How to Fix Windows Update Error 800B0001

05 Feb

It can be rather difficult to understand just how to fix Windows Update error 800b0001 because it is one of those errors that do not have a simple and easy to understand solution. This does not mean that you need the help of a specialist to solve this particular error because I have looked at every possible cause and the solutions you can use to solve the error.

The exact error message is:

An error occurred while checking for new updated for your computer. Error found: Code 800B0001 Windows updated encountered an unknown error.

Obviously the error is not unknown, there is a code for it and if you search the Microsoft technical pages you will find that this error means that Windows cannot find the cryptographic service provider or that a Microsoft Update catalog is corrupted. This alone gives you an idea of the files that we are going to repair in order to make this error go away.

Anyone of these solutions may work for you so make sure that you try everyone until you stumble upon the one that will fix error 800b0001 for you. The one thing I can guarantee you is that this is the complete list of solutions so, inevitably, one will solve the problem for you.

So here is the complete list of solutions for Windows Update error 800B0001

Update:

An easy way to fix this error is to use this tool (click here) to scan your computer and automatically fix the error. If this does not work, try the steps outlined below:

1. Re-register the .dll files that handle the update process

A .dll file is a something that tells Windows just how to run some of the automated processes behind almost anything that you can do on a computer. Obviously, as a regular user there is no need for you to know just how to work these files but here are the simple 3 steps you need to go through in order to solve the windows update error 800b0001.

Go to Start and click on the Run button. If you don’t have it there you can use the search feature and type Run and hit Enter.
In the Run window type cmd
Depending on your version of Windows write the following commands and hit enter after each one.

REGSVR32 SOFTPUB.DLL (for XP, Vista & Win7)

REGSVR32 MSSIP32.DLL (for XP, Vista & Win7)

REGSVR32 WINTRUST.DLL (for XP, Vista & Win7)

REGSVR32 INITPKI.DLL (for XP & Vista)

2. Manually Install Update KB 2720211

This particular update usually comes pre-installed on most Windows versions but sometimes the installation process skips it. So what you need to do is to manually search for KB 2720211 download. Once you find it, download it and install it to your system. It should ask for a reboot but if it does not make sure that you reboot anyway and check if you are still getting the 0x800b0001 message.

3. Reinitialize the Download Folders

This may sound like something fancy but in actuality Windows needs to download every update just like you download the installation kit for you Yahoo messenger. And sometimes those folders get so filled with data that errors turn up. And you can reset those folders by following these steps:

Open a Notepad file by writing notepad in the search option in the Start menu
Write the following code

net stop wuauserv net stop CryptSvc ren %windir%\system32\catroot2 catroot2.old ren %windir%\SoftwareDistribution sold.old net start CryptSvc net start wuauserv pause

Save the file to your Desktop with the file name rename.bat.
Right click on the file on your Desktop and select Run as administrator.
Restart your computer and see if the problem has been resolved.

4. Use the System Update Readiness Tool

If nothing has worked so far you can also try using the Windows automatic repair tool by going to their website and searching for the System Update Readiness Tool. You will have to enter your version of Windows and they will give you a program to install and run. In nothing else has worked than you have essentially eliminated every other possible cause for error and with this program you should be able to get passed the Windows Update error 800B0001.

How to run System Readiness Tool:

Swipe in from the right edge of the screen, and then tap Search. (If you’re using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, and then click Search.)
Type command prompt in the search box.
In the list of results, swipe down on or right-click Command Prompt, and then tap or click Run as administrator.
In the Administrator: Command Prompt window, type the following commands exactly as they appear. Press the Enter key after each command:
- DISM.exe /Online /Cleanup-image /Scanhealth
- DISM.exe /Online /Cleanup-image /Restorehealth
To close the Administrator: Command prompt window, type Exit, and then press Enter.
Run Windows Update again.

Leave a comment

Posted by Rezwan on February 5, 2013 in Information Technology

Aside

04 Feb

Error: ‘Multiple connections to a server or shared resource by the same user’

Today I was trying to map a network drive on my computer. I right-clicked the folder and selected Map Network Drive. After selecting the drive letter I wanted, I clicked OK and got the following error message.

The mapped network drive could not be created because the following error has occurred:

Multiple connections to a server or shared resource by the same user, using more than one user name are not allowed. Disconnect all previous connections to the server or shared resource and try again.

Clicking OK yielded another error.

The network folder specified is currently mapped using a different user name and password. To connect using a different user name and password, first disconnect any existing mappings to this network share.

Hmm. I didn’t think I had any mapped drives. I checked My Computer. Nope, no mapped drives there. I then went to Start > Run and typed net use. I had a mapping showing there, but it wasn’t assigned a drive letter. I had to delete the resource using the command net use /delete \\servername\foldername

I tried to map the drive, and it worked! Amazing how you still need DOS to figure things out easily sometimes.

‘Multiple connections to a server or shared resource by the same user’

Leave a comment

Posted by Rezwan on February 4, 2013 in Uncategorized

WinRM Settings is not properly Configured (SCCM 2012)

17 Apr

Fix: The WinRM settings are not configured correctly | SCCM Unified Installer

Microsoft just released SCCM 2012 to VL customers. Very excited to tear into it. However I got stuck right in the beginning of the installer with:

The WinRM settings are not configured correctly

Well looking at the logs here:

\Users\<user>\AppData\Local\Microsoft System Center 2012\Unified Installer\LOGS

I discovered:

[4/10/2012 9:20:08 AM] DEBUG – Server: localhost, winrm\client\auth\CredSSP = False

All you need to do to fix this is run the following commands on the computer you are running the installer from:

winrm set winrm/config/client/auth @{CredSSP=”True”}

winrm set winrm/config/client @{TrustedHosts=”*”}

Also run these commands on the computer you are installing too (if it’s the same box just run all commands)

winrm qc -q
winrm set winrm/config/service/auth @{CredSSP="True"}
winrm set winrm/config/winrs @{AllowRemoteShellAccess="True"}
winrm set winrm/config/winrs @{MaxMemoryPerShellMB="2048"}

That should take care of you. Just in case it doesn’t the old other thing I had done was to add .Net 3.5.1, all RSAT Tools, and IIS from Roles and Features.

Hope it helps.

Source:
http://digitaljive.wordpress.com/2012/04/10/fix-the-winrm-settings-are-not-configured-correctly-sccm-unified-installer/

Leave a comment

Posted by Rezwan on April 17, 2012 in Windows 2008 Server