After installing the KB4103718 update on my Windows 7 computer, I cannot connect remotely to the server. Windows Server 2012 R2 via RDP remote desktop. After I specify the RDP server address in the mstsc.exe client window and click “Connect”, the error appears:

Remote Desktop Connection

An authentication error occurred.

The specified function is not supported.
Remote computer: computername

After I uninstalled the KB4103718 update and rebooted the computer, the RDP connection began to work fine. If I understand correctly, this is only a temporary workaround, next month a new cumulative update package will arrive and the error will return? Can you recommend anything?

Answer

You are absolutely right that it is pointless to solve the problem, because you thereby expose your computer to the risk of exploitation of various vulnerabilities that are covered by patches in this update.

You are not alone in your problem. This error can appear on any Windows or Windows Server operating system (not only Windows 7). For users of the English version of Windows 10, when trying to connect to an RDP/RDS server, a similar error looks like this:

An authentication error has occurred.

The function requested is not supported.

Remote computer: computername

The RDP error “An authentication error has occurred” may also appear when trying to launch RemoteApp applications.

Why is this happening? The fact is that you have installed on your computer current updates security (released after May 2018), which fixes a serious vulnerability in the CredSSP (Credential Security Support Provider) protocol used for authentication on RDP servers (CVE-2018-0886) (I recommend reading the article). However, on the side of the RDP / RDS server to which you connect from your computer, these updates are not installed, and the NLA (Network Level Authentication) protocol is enabled for RDP access. The NLA protocol uses CredSSP mechanisms to pre-authenticate users via TLS/SSL or Kerberos. Your computer, due to the new security settings introduced by the update you installed, simply blocks the connection to remote computer, which uses a vulnerable version of CredSSP.

What can you do to fix this error and connect to your RDP server?

1. Most correct The way to solve the problem is to install the latest Windows security updates on the computer/server to which you connect via RDP;
2. Temporary method 1 . You can disable Network Level Authentication (NLA) on the RDP server side (described below);
3. Temporary method 2 . You can, on the client side, allow connections to RDP servers with an insecure version of CredSSP, as described in the article linked above. To do this you need to change the registry key AllowEncryptionOracle(REG ADD command
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle /t REG_DWORD /d 2) or change local policy settings Encryption Oracle Remediation/ Fix encryption oracle vulnerability), setting its value = Vulnerable / Leave vulnerability).

   This is the only way to access a remote server via RDP if you do not have the ability to log into the server locally (via the ILO console, virtual machine, cloud interface, etc.). In this mode, you will be able to connect to a remote server and install security updates, thus moving to the recommended method 1. After updating the server, do not forget to disable the policy or return the key value AllowEncryptionOracle = 0: REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle /t REG_DWORD /d 0

Disabling NLA for RDP on Windows

If NLA is enabled on the side of the RDP server you are connecting to, this means that CredSPP is used to pre-authenticate the RDP user. You can disable Network Level Authentication in the system properties on the tab Remote access(Remote) , unchecking the “Allow connection only from computers running Remote Desktop with Network Level Authentication (recommended)” checkbox (Windows 10 / Windows 8).

In Windows 7 this option is called differently. On the tab Remote access you need to select the option " Allow connections from computers running any version of Remote Desktop (dangerous)/ Allow connections from computers running any version of Remote Desktop (less secure)".

You can also disable Network Level Authentication (NLA) using the Local Group Policy Editor - gpedit.msc(in Windows 10 Home, the gpedit.msc policy editor can be launched) or using the domain policy management console - GPMC.msc. To do this, go to the section Computer Configuration –> Administrative Templates –> ComponentsWindows–> Remote Desktop Services – Remote Desktop Session Host –> Security(Computer Configuration –> Administrative Templates –> Windows Components –> Remote Desktop Services – Remote Desktop Session Host –> Security), turn off policy (Require user authentication for remote connections by using Network Level Authentication).

Also needed in politics " Require a special level of security for remote RDP connections» (Require use of specific security layer for remote (RDP) connections) select Security Layer - RDP.

To apply the new RDP settings, you need to update the policies (gpupdate /force) or restart the computer. After this, you should successfully connect to the remote desktop server.

Sandbox

Enabling Remote Desktop in Windows 7

Friends!

Just the other day I was faced with the problem of enabling “Remote Desktop” on Windows 7.
Many immediately thought: “Oh, he probably has some kind of Win 7 Home Premium or even Starter.” However, this is not at all true. I have a full-fledged Windows 7 x64 Professional, in which it would seem that everything should work instantly and without reservations.

Standard switching algorithm

Go to computer properties Start->Computer (right click)->Properties
On the left in the list, select “Remote access setup”
In the “Remote Desktop” section, select the second or third item. Difference: second point - any OS, third - Vista and higher
Click the select users button and add the ones you need. (For example, your user on this computer. Or you can create a separate user for the remote desktop)
Setup complete

For me it all looked completely different. And point number 3 was not available to me. There are items, but they are disabled.

This is roughly what my RDP enable settings looked like:

Various types of searches did not lead me to an unambiguous and clear answer to the question: “What to do with such nonsense”?
Just pieces of scattered information that I would like to bring together. Having dealt with this small problem, I decided that it was worth sharing its solution with the public.

So let's get started.
We will need:

• Computer
• Eyes/hands/head
• Administrator rights

Non-standard inclusion algorithm

1. Go to services (Start->Control Panel->Administration->Services)

2. Find the Windows firewall there. We give him automatic start, and start the service.

Something like this:

3. Go to local security policies (Start->Control Panel->Administration->Local Security Policy OR Start->Run->Enter secpol.msc)

4. Select Windows Firewall with Advanced Security there - Local Group Policy Object -> Rules for outgoing connections.

5. In the right part of the snap-in, select “Create Rule” by right-clicking the mouse. Next step by step (each point is a link to a picture with a step):

• Protocol type - select TCP. Local port - 3389. Remote port - all ports
• Any IP addresses (if you want to come from anywhere, if you are not sure, allow all)
• Mark the networks where you would like your computer to accept these connections

In the end you should end up with something like this:

6. Go to the local group policy editor (Start -> Run -> gpedit.msc).

7. Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections

• Allow remote connections using Remote Desktop Services
• Sets remote control rules for user sessions of Remote Desktop Services (choose the parameter value yourself, I personally set it to “Full control without client permission”).

In total you will get:

9. Go to computer properties Start->Computer (right click)->Properties

10. On the left in the list, select “Setting up remote access”

11. In the “Remote Desktop” section, select the second or third item. Difference: the second point - any OS, the third - Vista and higher.

12. Click the select users button and add the ones you need. (For example, your user on this computer. Or you can create a separate user for the remote desktop)

RDP (Remote Desktop) is a remote desktop that has been built into Windows operating systems since version XP. This is a protocol that allows connect to the target computer from anywhere in the world where there is access to the Internet. Currently, RDP can also be used on MacOS and almost all mobile devices

What you need to know before use

Initially it was assumed that RDP would be used in local network. Those. at enterprises, or at home on computers connected to one router.

But now for such a connection you can use Internet, which we’ll talk about below.

To connect you need to know Device IP address, to which you need to connect. You also need to know what address is used on the computer. static or dynamic.

We are interested precisely static address. Let's look at how to set it.

There is another way - this is to change the address distribution settings to router. Here we need tie specific ip to the MAC address of the device. We won’t go deeper, because... if the user knows how to configure the router, then there will be no problems, but if not, then quite long setup instructions will be required.

How to set up the system

The next thing to do is allow access via RDP to the target computer. It's easy to do - let's go to Control Panel and click on the icon System.

On the left we are looking for an item Remote Access Settings

In the window that opens, you must activate elements that are shown in the screenshot below. You can also set permissions to allow certain users to use this feature.

How to connect to desktop

Often using the standard remote desktop feature does not require installation of additional components. However, in Home versions operating system there is no such function.

To launch the connection window in versions of Windows 8 and 10, just start typing “ remote Desktop».

On older versions you will need launch from start menu. To do this, go to point Standard and launch the connection shortcut.

If this shortcut is not in Start, you can try to find it in system folders. Open the disk C\Windows\System32 and look for the file mstsc.exe.

When the window starts, it will be enough set ip address The PC you want to connect to, then specify login And password. After a few seconds, the desktop of the remote computer will open.

By going through the bookmarks you can specify many settings such as screen resolution, launched programs, device redirection, etc.

Using RDP on MacOS

In the event that you need to connect to Windows computer with MAC, it will be necessary from App Store download the application Microsoft Remote Desktop.

After installation launch program, looking for an icon plus and click on it. In the window that opens you need create a new connection, where you will need to set ip, login, password and specify any name.

As in Windows, here you can install options screen and other settings. After all the manipulations, close the window, look for the specified name in the list and launch. If everything is configured correctly, the computer desktop will open.

Use on Android and iOS

You can also use this technology on mobile OS. Connection on Android phones and tablets, as well as iPhones and iPods, is practically no different from Windows.

We are looking for an application in google play or app store Microsoft Remote Desktop And install his.

After launch, regardless of the operating system, a window will open in which you need to enter the same data that was indicated in the previous sections. If the settings are correct, the device will connect to the PC.

Using RPD via the Internet

The principle of operation of Remote Desktop via the Internet is no different from those described above, but there are some peculiarities.

First of all, here you will no longer need interior(local), and external static ip address. In addition, you need to do port forwarding to the target computer.

Also, in the case of an external connection, specifying the ip is not enough; you will need to put it after a colon port.

It is worth noting that this method is often used in enterprises or firms, because At home, you will need to contact your provider to forward the port. Best used at home specialized programs for working with remote desktop.

Technical support for users of your own software product, administration and control of a corporate network - all this requires remote control of the client’s computer. And the field software products for remote access is not empty: the tools are provided both by the Windows 7 operating system itself and by numerous third-party programs. Built-in tools are good for their accessibility, third-party tools have an intuitively simple interface, “tailored” for ordinary users. Having analyzed the principles of operation, the pros and cons of each method, you will be fully armed, and the network and users will be under control.

Setting up Windows 7 Remote Desktop

Remote Desktop is available in Windows 7 Premium edition and higher. You will need it if you need to work with it on computers running Windows 7 Home Edition (the cheapest), provide support for multiple remote desktops - to connect to several computers at the same time - or change the port address used by the RDP service. To do this, you will need non-trivial settings that can be made to the system using the system registry editor or third-party programs. But it is better to spend a little of your time than a large amount of money on buying a new operating system.

Remote Desktop Port

The RDP service, whose functions ensure the functionality of the remote desktop, uses port No. 3389 as standard. The likelihood of hacker attacks on this port is very high, so to increase the level of network security, the port number can be changed. Since there are no settings for this in the Control Panel, you will have to use the system registry editor.

1. From the command line, run Registry Editor with system administrator rights.

   Launching Registry Editor to change the RDP port address

2. In the editor window, navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber. A list of registry branch variables will be displayed on the right side of the window.

   The required variable is hidden deep in the depths of the system registry

3. From the context menu, select “Change” and enter the new port address, first making sure that the value entry mode is decimal.

   Switch the number system to decimal and enter a new port address value

4. Now, to connect to a computer, you will need to enter not its network name, but an address with a port number, for example, 175.243.11.12:3421.

Changing the port address from the standard 3389 to a custom one will not allow the Remote Assistance service to work on computers running Windows XP. Take this into account if you have any on your network.

Remote Desktop in Windows 7 Home Premium with support for multiple remote desktops

To encourage users to spend more money, Microsoft has severely limited the capabilities of its Remote Desktop service depending on the OS version. For example, in “Home Advanced” and below there is no ability to connect remotely at all, and in any others the number of sessions is limited to one, that is, you will not be able to connect remotely to two or more computers at the same time. The manufacturer believes that for this you should purchase a special edition server version of the system (Terminal Edition).

Fortunately, caring enthusiasts have worked to resolve this difficult problem. The result of their efforts is the RDP Wrapper Library software package. Once installed, it injects itself as an intermediary between the Remote Desktop Service (RDP) and the service manager, and then tricks them into emulating the network presence of Windows Server Terminal Edition and enabling the RDP service on computers running Windows 7 Home.

The program is available for download from the author's page and is completely free. After downloading and running the installer, all settings are made automatically, including making changes to the firewall rules.

RDP Wrapper Library - installation is automatic

The included RDPConf.exe utility allows you to enable or disable remote access on the fly, change the number of simultaneous access sessions and the port number for accessing the RDP service.

Using Rdpwrapper you can configure remote access settings

How to allow or deny remote access

All options for allowing or denying remote access to your computer are located in the “Computer Properties” section of the Control Panel. You can enable or disable remote control in just a few steps. Don't forget that you must be logged in with an account with administrator rights to make these changes.

1. Press the Win+Pause key combination to display the system properties window.

   The Win+Pause keys will help enable “System Properties”

2. In the left column of additional actions, click on the “Setting up remote access” link.
3. The following control settings are available in the dialog box that opens:
4. It should be noted that for remote control to be possible, the user account opening such a session must have administrator rights. To provide remote control to a regular user, you should add his name to the list of permissions, which can be accessed using the “Select users” button.

   If the user you want to grant remote access does not have administrator rights, you can add him in this dialog box

Video: how to allow remote access to your computer

Remote Desktop Connection

Connecting to a remote desktop is very simple. Naturally, before this you need to enable all the necessary permissions on the client machine and create a list of users on it who will be allowed remote control.

1. Call up a standard command line dialog and run the mstsc.exe utility using it.

   Calling a remote desktop client program

2. On the “General” tab, enter the name of the computer to connect in the top column of the dialog box, and the user name in the bottom column (if you need a name different from the one under which you logged in). Don't forget that the user account must have administrator rights.

   Entering the computer name on the network for remote control

3. In the “Interaction” tab, select the planned connection speed based on the capabilities of your network. If you find it difficult to choose settings, leave them on automatic. The system will test the channel speed and select the optimal values.

   Select the channel speed based on your network capabilities

4. If everything was done correctly, and remote access is allowed on the client machine, you will see a window for entering your username and password. Enter the username and password of the client machine.
5. After clicking the “Connect” button, a window with the desktop of the remote PC will appear. It can be expanded to full screen and create the complete illusion of working on a client machine.

Avoid working in high-resolution video modes: this will create a large load on the network, and the interface of the remote PC will be displayed jerkily. The ideal option is a resolution of 1280x1024 pixels and a color depth of 16 bits.

What to do if remote desktop does not work

Problems connecting to a remote computer can be caused by many reasons. Among the most common, the following should be noted:

• on the client machine, permissions to access the remote desktop and remote assistant are not enabled in the settings;

  Make sure your settings allow remote access to your PC

• the account with which you are trying to access remotely does not have administrator rights;

  Make sure your account has administrator rights

• your computer and the client computer are not part of the same computer working group or a domain on the local network;

  The slave and master computers must be members of the same workgroup

• the local network router used by both computers blocks port 3389, through which Windows 7 remote control services communicate;

  Enabling a firewall in a router without additional configuration blocks most ports

• Outgoing requests from Remote Desktop Services are blocked by the antivirus package.

  The Remote Desktop Service may be blacklisted in your antivirus package

remoteapp is disabled

A message about disabling remote access often awaits the user when trying to connect to it, and a dialog box also appears that can confuse an inexperienced user.

Licensing service error will prevent you from starting a remote desktop session

Meanwhile, everything is very simple: the rights of the user who is trying to “raise” a remote desktop session are not enough to change the system registry section responsible for licensing. The error is corrected in two stages.

Why is the remote desktop slow?

Uninterrupted operation of a remote desktop access session requires a high-speed channel, the lion's share of which is consumed by the transmission of the remote desktop image itself. Depending on the operating resolution on the client machine, the traffic can be so dense that it will overwhelm the average office 100-megabit local network. But on the network, in addition to two communicating PCs, there are also clients. To prevent network collapse, the remote access program begins to reduce the number of transmitted frames (frames) per second.

If at 60 frames per second you see a smooth, smooth picture, then at 30 the interface will be displayed with noticeable jerks. Further reducing the screen refresh rate will make the work unbearable: you will not even be able to accurately position the mouse cursor on interface elements. To prevent this from happening, you should optimize both the network connections of the slave and master computers, as well as the screen settings of the client computer.

Remote access to Windows 7 components

In addition to managing a remote desktop by emulating the keyboard and mouse of a client computer, Windows 7 remote access tools also allow you to remotely run programs and system commands from the command line interface, manage the system registry and firewall, as well as restart or shut down the slave PC . This requires fewer network and system resources than remote desktop management and can be done without the user being aware of the computer.

Remote command line

For the needs of system administrators, Microsoft has developed a special service utility. By interacting with the remote access services of the operating system, it allows you to access the command line interface of any computer on the local network, run programs on it, and even remotely install programs before launching them. The utility is called PsExec and is available for free download from the official Microsoft website as part of the PSTools package.

Download the utility from the server, run the installer executable file on the computer from which control will be carried out and, having agreed with the text of the license agreement, carry out the installation.

Install the PSExec utility

Now you can call the utility from the command line and use the full range of its wide capabilities.

Let's take a closer look at the command syntax and additional parameters for its launch: psexec [\\computer[,computer2[,…] | @file][-u user [-p password]][-n s][-l][-s|-e][-x][-i [session]][-c [-f|-v]] [-w directory][-d][-<приоритет>][-a n,n,… ] program [arguments].

Table: psexec command launch options

Examples of the PSEXEC utility

The procedure for working with the PsExec utility is as follows:

1. Launch another computer's command prompt using the psexec \\ command<сетевое имя компьютера>cmd.exe.
2. Open any program on the remote computer. If the program is not on the slave PC, it will be copied from the administrator's machine. To do this, enter psexec \\<сетевое имя компьютера>-c test.exe, where test.exe is the program to be executed remotely.
3. If the program you want to execute remotely is not in the system folder, specify its full path when running the psexec \\ command<сетевое имя компьютера>-c c:\program files\external_test.exe

Video: PSTools - a set of console system administrator utilities

Remote registry

In order to be able to remotely edit the registry, you must first activate the corresponding services on the client computer. This is easy to do if the account has administrator rights. To do this, launch the Service Manager snap-in from the command line window and select the “Remote Registry” service from the list in the main window. Click the Start button on the top control panel.

The Remote Registry service must be running on both client PCs and the administrator's computer.

Now you can connect to the registry of a computer on your local network remotely.

The registry branch of the remote PC will appear in the registry editor window and you can edit it as easily as your local registry.

Remote firewall management

Unfortunately, there is no convenient graphical tool for remote firewall management. Therefore, all manipulations will have to be performed using the command line. First you need to connect to the remote PC using the Telnet service. If the Telnet client is not installed, you need to add it through Add/Remove Windows Components.

Now you need to establish a communication session with a remote computer via the telnet protocol.

Once the connection is established, you can remotely manage the firewall on the remote computer using the netsh command. The following commands will be available to you:

request firewall rules. You can find out the Windows Firewall configuration on a remote PC using the command netsh advfirewall firewall show rule name=all;

enable or disable the firewall with the commands “netsh advfirewall set allprofiles state on” and “netsh advfirewall set allprofiles state off”;

return to default settings using the netsh advfirewall reset command;

opening a port is perhaps the most common task that will need to be performed. For example, you can open port 2117 for a torrent client to work like this: netsh advfirewall firewall add rule name="Utorrent rule" dir=in action=allow protocol=TCP localport=1433;

allowing incoming and outgoing requests to an arbitrary program using netsh advfirewall firewall add rule name="Allow Miner" dir=in action=allow program="C:\Bitcoin\miner.exe";

allowing remote management using the Windows console: netsh advfirewall firewall set rule group= “remote administration” new enable=yes.

Once you have completed the necessary settings, be sure to close the Telnet session with the quit command.

Remote reboot

The standard OS shutdown command allows you to shut down or restart any computer on the local network if it has permissions configured for Remote Assistance and Remote Desktop. From a command prompt window, run the command in the format shutdown / /m \\computername /c “comment” and press Enter.

Table: shutdown command parameters

Good afternoon, dear readers and guests of the blog, today I encountered the following situation: when I tried to connect to a terminal server on Windows Server 2008 R2, I received the error " Can't connect to a remote computer. Try connecting again. If the problem persists, contact the owner of the remote computer." After entering your login and password, which indicates at least that the port is accessible, let's see how we can solve this problem and restore access.

Causes of the "Try to connect again" error

Last time we defeated the blue screen error dpc watchdog violation, we will defeat this one too, but first you need to understand the reason for all this action. This is what the problem looks like:

As I wrote above, it appears after entering the correct login and password.

• This whole rigmarole began back in 2014, after updates KB2992611 and subsequent ones. At the time of installation of these updates, the level of security and encryption was tightened.
• Second possible reason, this is the presence of the CryptoPro or VipNet programs, I had exactly the second option
• Other third party encryption software.

If you look at the Windows logs, you can find the following system warnings:

• The following fatal warning occurred: 36888. Internal error status: 1250

• The X.224 RDP component detected an error in the protocol stream and disabled this client.

How to solve an error with an RDP connection

There are several methods to solve the error "Cannot connect to the remote computer. Try connecting again. If the problem persists, contact the owner of the remote computer." what you should do:

1. Remove required Windows updates
2. Removing or updating "Crypto PRO" and VipNet
3. Installing additional updates

Removing or updating software

I start with this method, since it is the most correct both from the point of convenience and from the point of safety. If you don’t need this software, then I advise you to remove it and clean the system of garbage, but if the programs are needed, then consider updating them to fresh versions that no longer have such problems. In my case, this could not be done, since I needed the old version of VipNet.

Uninstalling update KB2992611

The next method I will recommend is installing new updates that solve this, I can recommend KB3018238 (it now comes with KB2992611) and KB3011780, as time goes on, these updates may overlap with newer ones, so keep an eye on them on the official Microsoft website. If KB2992611 is installed, then try to remove it, check connectivity and install it again.

Download KB2992611 https://www.microsoft.com/ru-ru/download/details.aspx?id=44618

Download KB3011780 https://www.microsoft.com/ru-ru/download/details.aspx?id=44966

Download and update, this is similar to the steps described in the problem where Windows 7 does not find updates, we also installed standalone versions.

Reduced encryption level requirements

Not the most correct solution, as it reduces the level of protection and encryption of traffic, but it can be a lifesaver in some situations. In the terminal server settings, lower the "security/encryption level" level. To do this, go to "Start > Administrative Tools > Remote Desktop > Remote Desktop Session Host Configuration", select "Settings for server", then the "General" tab and two items:

1. Security Level > RDP Security Level
2. Encryption level > Low

Now everyone, reconnect and try to log in via RDP again, the error should disappear, but look for an opportunity to update.