I want to connect via remote desktop to a Windows Server 2008 R2.
On the Windows server’s remote desktop connection properties, it is set to «safer». Specifically, the selected option is «Allow connections only from computers running Remote Desktop with Network Level Authentication.»
On my Ubuntu system, I tried using Remmina to connect to the Windows server. Remmina can not connect to that server with the option «Network Level Authentication» (as mentioned in the previous paragraph). The error message Remmina returns is as follows:
Disable the connection to the server RPD: IPWINDOWSSERVER2008
How can I connect Remmina (or another program) by remote desktop to a Windows Server 2008 host with the «Network Level Authentication» option selected?
Braiam
67.1k31 gold badges177 silver badges265 bronze badges
asked Dec 8, 2011 at 14:25
As of Ubuntu 12.04, you can use Remmina to connect to Windows servers with Network Level Authentication enabled.
sudo apt-get -y install remmina
Remmina uses FreeRDP for RDP connections and NLA support was added to FreeRDP in version 1.0, which is available to Ubuntu 12.04 and above. If you happen to be using an earlier version of Ubuntu and cannot upgrade, here’s an updated version of remmina here, although I can’t vouch for its stability: https://launchpad.net/~freerdp-team/+archive/freerdp
If that doesn’t work, you might be able to connect directly:
- Install the above PPA
sudo apt-add-repository ppa:freerdp-team/freerdp
- Install the freerdp package:
sudo apt-get install freerdp
xfreerdp --plugin cliprdr -g 1024x768 -k no -u {username} -d {domain-name} {target-machine}
If you do the latter, you can can always create an alias in ~/.bash_aliases:
alias rdp='xfreerdp --plugin cliprdr -g 1152x864 -k no -u username -d DOMAIN'
answered Jan 23, 2012 at 21:56
bmaupinbmaupin
4,7921 gold badge44 silver badges68 bronze badges
2
I solved this issue by right clicking on the entry in Remmina, going to edit, clicking on the advanced tab, and then changing the security field to «RDP» from «Negotiate»
answered Jun 2, 2014 at 22:59
user214195user214195
761 silver badge1 bronze badge
1
New command formatting
After my last update, I got confronted with FreeRDP 1.2.0 (probably it changed already with version 1.0.2 — and got though also relevant for most Ubuntu users). Its protocol changed how to connect. Try the following example:
xfreerdp /u:<username> /v:<hostname> /size:<WxH>
Additional features
There are a lot of features you might want to discover on the development page https://github.com/FreeRDP/FreeRDP/wiki/CommandLineInterface
answered Nov 24, 2014 at 17:18
strpeterstrpeter
1461 gold badge2 silver badges10 bronze badges
I solved problem on 13.04 with setting TLS when connecting to Windows 2008 R2 Enterprise server. Auto-negotiation didn’t work.
answered Sep 13, 2013 at 7:51
1
I was unable to connect with remmina, finally tried freerdp from the command line:
xfreerdp [serverip]
I was prompted for my password, then received the message that the host key for this IP had changed. I deleted the known_hosts file (~.freerdp/known_hosts) and remmina was able to connect.
answered Jan 12, 2014 at 5:10
I know this is old but I had same problem in 12.04 remmina and solution was setting security to RDP. I don’t know why «auto» doesn’t work.
jap1968
3943 silver badges13 bronze badges
answered Aug 29, 2013 at 10:28
1
It doesn’t work with NLA for me either. You can set the Windows Remote Desktop to the middle option (without Network Level Authentication) and then it works.
If you are on a local area network and ports are behind a firewall for the outside world, it shouldn’t be too insecure.
answered Apr 6, 2012 at 23:24
RedsandroRedsandro
3,6546 gold badges36 silver badges46 bronze badges
For me it worked with (even on Windows Server 2012) using:
Sound: Local
Security: Negotiate
Attach to console: Checked
answered Feb 9, 2015 at 16:09
If Remmina previously worked, the certificate on the server may have been changed.
To check this, go in your home directory into the subdirectory .freerdp
, have a look at the file known_hosts
, and compare the certificate fingerprint. If the fingerprint differs, you can change it to the new one.
Of course, You should double-check that the fingerprint is correct and not manipulated. If you are within a secure environment, you may alternatively delete the belonging line in known_hosts. A new one will appear during the next connection.
guntbert
13k37 gold badges45 silver badges86 bronze badges
answered Nov 7, 2015 at 18:06
I set the security option to ‘negotiate’ instead of ‘NLA’ and directly got me connected.
Before that I was not able to connect with proper credentials. Kept saying ‘Wrong username or password’ knowing the password was correct.
answered Mar 18, 2014 at 16:29
You must log in to answer this question.
Not the answer you’re looking for? Browse other questions tagged
.
Not the answer you’re looking for? Browse other questions tagged
.
Enable Windows Server 2008 R2 Remote Desktop Services
- On the Windows ® Server 2008 R2 computer, click Start > Administrative Tools > Server Manager.
- Click Roles, and then click Add Roles.
- Select Remote Desktop Services, and then click Next.
- Select the Remote Desktop Session Host and Remote Desktop Licensing check boxes.
What is the RDP service name in Windows 2008?
Terminal Services Remote Desktop Services
Terminal Services has been renamed to Remote Desktop Services. In Windows Server 2008 R2, all Remote Desktop Services role services have been renamed….In this article.
Previous name | Name in Windows Server 2008 R2 |
---|---|
Terminal Services | Remote Desktop Services |
Terminal Server | Remote Desktop Session Host (RD Session Host) |
How do I start Windows Remote Management Service?
Automatically start the WinRM service Set Startup to “Automatic (Delayed Start)” and click the “…” next to Service name and search for Windows Remote Management (WS-Management) and select it. Finally, set Service action to “Start service”. Click OK to save the settings.
How do I give remote access to a server 2008 R2?
- Go to your domain name.
- Click on user name and go to its property.
- Set its property and give its policy.
- Remove EVERYONE policy and click to ADD and add your username give your created policy to that user.
How do I enable Remote Desktop Services?
Set up the PC you want to connect to so it allows remote connections:
- Make sure you have Windows 10 Pro.
- When you’re ready, select Start > Settings > System > Remote Desktop, and turn on Enable Remote Desktop.
- Make note of the name of this PC under How to connect to this PC.
How do I enable Remote Assistance?
How do I enable Remote Assistance?
- Start the System Control Panel applet (Start, Settings, Performance and Maintenance, System).
- Select the Remote tab.
- Ensure that the “Allow Remote Assistance invitations to be sent from this computer” check box is checked.
What service runs RDP?
Remote Desktop Services
Other names | Terminal Services |
---|---|
Operating system | Microsoft Windows |
Service name | TermService |
Type | Remote desktop software |
Website | docs.microsoft.com/en-us/windows/win32/termserv/terminal-services-portal |
What is WinRM command?
WinRM is a command-line tool that is used for the following tasks: Remotely communicate and interface with hosts through readily available channels/ports within your network, including workstations, servers and any operating system that supports it.
Is WinRM the same as RDP?
Each of these protocols have a different aim: Remoting (or WinRM) is roughly a remote management protocol. SSH provides a Secure Shell for text based management. RDP provides remote GUI access for GUI management.
How do I setup Remote Desktop Services?
Procedure
- Log in to the RDS host as an administrator.
- Start Server Manager.
- Select Add roles and features.
- On the Select Installation Type page, select Role-based or feature-based installation.
- On the Select Destination Server page, select a server.
- On the Select Server Roles page, select Remote Desktop Services.
How do I turn on Remote Desktop in Windows 8?
Remote Desktop Connection
- Step 1: Open your Windows 8 Control Panel (You can either search it from your Start window or through your computer’s Taskbar).
- Step 2: Click on System Security.
- Step 3: Select Allow Remote Access.
- Step 4: On the Remote Tab, select Allow remote connections to this computer.
How do I run remote commands in PowerShell?
Running Remote Commands. You can run commands on one or hundreds of computers with a single PowerShell command. Windows PowerShell supports remote computing by using various technologies, including WMI, RPC, and WS-Management. PowerShell Core supports WMI, WS-Management, and SSH remoting. RPC is no longer supported.
How is the remote computer displayed in the command prompt?
The command prompt changes to display the name of the remote computer. Any commands that you type at the prompt run on the remote computer and the results are displayed on the local computer. For more information about the Enter-PSSession and Exit-PSSession cmdlets, see:
What remote computing technologies does Windows PowerShell support?
Windows PowerShell supports remote computing by using various technologies, including WMI, RPC, and WS-Management. PowerShell Core supports WMI, WS-Management, and SSH remoting. RPC is no longer supported. For more information about remoting in PowerShell Core, see the following articles:
How do I connect a Windows Server 2008 to another computer?
On the computer you wish to use as the management machine (running either Windows Server 2008 R2 or Windows & with RSAT), open Server Manager. Right-click on the Server Manager item and select “Connect to Another Computer”. In the Connect to Another Computer window, type the name or browse to the server you wish to connect to.
Server 2008 Lesson 9
So we will click on domain. And then I go ahead and type in the domain that I wanted to go on so I’m gonna type in my last name which is part of my domain. I can type in dot. Local. And hit OK.
How do I Connect my Computer to Client Server?
Log on to the computer that you want to connect to the server.
Open an Internet browser, such as Internet Explorer .
The Connect your computer to the server page appears.
In the file download security warning message, click Run.
How do I Remotely Access a Windows 2008 Server?
On the Windows ® Server 2008 R2 computer, click Start > Administrative Tools > Server Manager.
Click Roles, and then click Add Roles.
Select Remote Desktop Services, and then click Next.
Select the Remote Desktop Session Host and Remote Desktop Licensing check boxes.
Click Next.
How do I Configure my Client Server and IP Address?
Click Start.
Rightclick Network and click Properties.
Click Local Area Connection.
Click Details.
Click Close.
In the Local Area Connection Status dialog box, click Properties.
In the checked list box, click Internet Protocol Version 4 TCP/IPv4
Click Properties.
Server 2008 R2
So please select bridge adapter and come to advanced here just change these denis to the hello all and after that just click on OK. Now just run your Windows 7 client.
How do I Add a Computer to Windows Server 2008?
Go to Run and type NCPA.
Configure IP address , Subnet Mask, Gateway IP if any and DNS IP address.
Ensure connectivity by pining to DNS server / Domain Controller.
Right click on Computer and click on properties.
What are the Steps in Joining a Client Computer to a Domain?
To join a computer to a domain
Navigate to System and Security, and then click System. Under Computer name , domain, and workgroup settings, click Change settings. On the Computer Name tab, click Change. Under Member of, click Domain, type the name of the domain that you wish this computer to join, and then click OK.
How do I Join a Domain in Windows Server 2008 R2?
Under Server Summary, click change system properties option as shown above. Select Computer Name tab. Click change button as shown above. Under member of option, choose domain and type the domain name.
Joining A Computer To A Domain — Windows Server 2008 R2
Remote Desktop lets users control their desktop computer remotely. It’s a simple concept that, properly implemented, can have a dramatic impact on your organization’s productivity so that staff can work from home — even if they don’t have a mobile computer.
Until Microsoft Windows Server 2008, the network connection itself has been the biggest challenge. Your private network probably uses private Internet Protocol addresses, which prevent users from connecting directly to their desktop computers from the Internet. Even if you offered users a virtual private network connection, many firewalls block VPNs.
To work around these limits, Windows Server 2008 introduces the Terminal Services (TS) Gateway role, which acts as a proxy server between the Internet and your internal network. As illustrated, the Remote Desktop client uses encrypted Hypertext Transfer Protocol over Secure Sockets Layer to communicate with the TS Gateway. Because HTTPS is primarily used to browse the Web, almost all firewalls allow it. The TS Gateway authenticates the user (via either a password or a smart card), verifies that the user is authorized to connect to the destination computer and then uses Remote Desktop Protocol (RDP) to complete the connection on your private network.
Planning Your Terminal Services Gateway SSL Certificate
Because clients use HTTPS to connect to the TS Gateway, the TS Gateway will need an SSL certificate — just like an electronic-commerce Web server. To simplify the configuration of the Remote Desktop clients, purchase an SSL certificate from one of the many public certificate authorities (CAs) that Windows trusts by default (a search for “ssl certificate” will turn up several available for less than $20 per year). When configuring the SSL certificate, specify the full host name that clients will use to connect to the TS Gateway from the Internet. If the host name doesn’t match what the users enter in the Remote Desktop Client, the server authentication will fail.
Although you can use a temporary or internal SSL certificate for testing purposes, client computers must trust the certificate’s CA. Because many remote access scenarios involve computers that aren’t members of your Active Directory domain (such as home computers), only SSL certificates issued by trusted public CAs will work by default.
Configuring the Terminal Services Gateway
To add the Terminal Services Role to Windows Server 2008, follow these steps:
- Log on to your Windows Server 2008 computer as an administrator. Click Start, and then click Server Manager.
- Right-click Roles, and then click Add Roles.
The Add Roles Wizard appears. - On the Before You Begin page, click Next.
- On the Select Server Roles page, select Terminal Services. Then, click Next.
- On the Terminal Services page, click Next.
- On the Role Services page, select TS Gateway. When prompted, click Add Required Role Services. Then, click Next.
- On the Server Authentication Certificate page, select an SSL certificate, and then click Next.
- On the Authorization Policies page, click Now, and then click Next.
- On the TS Gateway User Groups page, click Add to select the user groups that can connect through the terminal server gateway. Typically, you should create an Active Directory security group for Remote Desktop users connecting from the Internet, and add all authorized users to that group. Then, click Next.
- On the TS CAP page, enter a name for the Terminal Services Connection Authorization Policy, and choose whether to allow authentication using passwords, smart cards or both. Click Next.
- On the TS RAP page, enter a name for the Terminal Services Resource Authorization Policy. Then, choose whether to allow remote clients to connect to all computers on your internal network or just computers in a specific domain group. For best results, create an Active Directory security group, and add the computer accounts for all authorized Remote Desktop servers to that group. Click Next.
- Complete any other wizard pages that appear for dependant roles by accepting the default settings, and then click Install on the Confirmation page.
- After the installation is complete, click Close, and then click Yes to restart the computer if required.
- After the computer restarts, log back on and click Close in the Resume Installation Wizard.
Later, you can use the Server Manager console to modify the CAPs or RAPs by clicking the roles\terminal services\ts gateway manager\computer_name\policies node.
If necessary, configure your firewall to allow incoming HTTPS connections to your TS Gateway on TCP port 443. Additionally, the TS Gateway must be able to communicate to Remote Desktop servers using TCP port 3389.
Configuring the Remote Desktop Client
You must configure the Remote Desktop Client with the IP address of the TS gateway before connecting to a Remote Desktop server on your internal network. To configure the Remote Desktop Client, follow these steps:
- If the client computer is running Windows XP with Service Pack 1 or Windows Server 2003 with Service Pack 1 or 2, install the Terminal Services Client 6.0. You can download the software at support.microsoft.com/kb/925876. Windows Vista and Server 2008 have the client built in. Older versions of Windows cannot use the updated Terminal Services Client and thus cannot connect through a TS Gateway.
- Open Remote Desktop Connection from the Start menu.
- If necessary, click the Options button to display the Remote Desktop Connection settings.
- On the General tab, type the Remote Desktop server’s name or IP address (not the TS Gateway), even if the IP address is private and not directly reachable.
- Click the Advanced tab, and then click the Settings button.
- On the Gateway Server Settings dialog box, click Use these TS Gateway server settings. Then, type the server name (it must exactly match the name in the server’s SSL certificate) and select a logon method. Click OK to save the settings.
- After customizing any other settings, click the General tab, and click Save As to save the settings to an RDP file. Because the RDP file includes the TS Gateway settings, you can distribute it to any computer with the Remote Desktop Client version 6.0 or later.
To connect to the server, open the RDP file, and click Connect. If prompted, provide credentials for both the TS Gateway and the Remote Desktop server. In a few seconds, you should have complete control over the Remote Desktop server.
If your employees have computers at home and broadband Internet connections, you can allow them to use Remote Desktop to control their desktop computers at work. Instantly, the users gain access to their files, applications, printers and other network resources on your internal network as if they were sitting at their desks. There’s no fussing with firewalls or VPNs either — all users need to do is double-click an RDP file you provide.
Tony Northrup is a developer, security consultant and author with more than 10 years of professional experience developing applications for Microsoft Windows.
Solution 1
I solved this issue by right clicking on the entry in Remmina, going to edit, clicking on the advanced tab, and then changing the security field to «RDP» from «Negotiate»
Solution 2
As of Ubuntu 12.04, you can use Remmina to connect to Windows servers with Network Level Authentication enabled.
sudo apt-get -y install remmina
Remmina uses FreeRDP for RDP connections and NLA support was added to FreeRDP in version 1.0, which is available to Ubuntu 12.04 and above. If you happen to be using an earlier version of Ubuntu and cannot upgrade, here’s an updated version of remmina here, although I can’t vouch for its stability: https://launchpad.net/~freerdp-team/+archive/freerdp
If that doesn’t work, you might be able to connect directly:
- Install the above PPA
sudo apt-add-repository ppa:freerdp-team/freerdp
- Install the freerdp package:
sudo apt-get install freerdp
xfreerdp --plugin cliprdr -g 1024x768 -k no -u {username} -d {domain-name} {target-machine}
If you do the latter, you can can always create an alias in ~/.bash_aliases:
alias rdp='xfreerdp --plugin cliprdr -g 1152x864 -k no -u username -d DOMAIN'
Solution 3
New command formatting
After my last update, I got confronted with FreeRDP 1.2.0 (probably it changed already with version 1.0.2 — and got though also relevant for most Ubuntu users). Its protocol changed how to connect. Try the following example:
xfreerdp /u:<username> /v:<hostname> /size:<WxH>
Additional features
There are a lot of features you might want to discover on the development page https://github.com/FreeRDP/FreeRDP/wiki/CommandLineInterface
Solution 4
I know this is old but I had same problem in 12.04 remmina and solution was setting security to RDP. I don’t know why «auto» doesn’t work.
Solution 5
I solved problem on 13.04 with setting TLS when connecting to Windows 2008 R2 Enterprise server. Auto-negotiation didn’t work.
Related videos on Youtube
03 : 44
How to connect to Windows Server 2008 Remote Desktop with Network Level Authentication Required?
05 : 36
How to enable network level authentication via group policy on Windows Server 2016
05 : 54
ENABLE NETWORK LEVEL AUTHENTICATION (NLA) VIA GROUP POLICY?
02 : 21
Securing RDP access to Windows Server 2008 R2: is Network Level Authentication enough?
04 : 32
Fix The Remote Computer Requires Network Level Authentication (NLA) on Windows 11/10/8/7
Comments
-
I want to connect via remote desktop to a Windows Server 2008 R2.
On the Windows server’s remote desktop connection properties, it is set to «safer». Specifically, the selected option is «Allow connections only from computers running Remote Desktop with Network Level Authentication.»
On my Ubuntu system, I tried using Remmina to connect to the Windows server. Remmina can not connect to that server with the option «Network Level Authentication» (as mentioned in the previous paragraph). The error message Remmina returns is as follows:
Disable the connection to the server RPD: IPWINDOWSSERVER2008
How can I connect Remmina (or another program) by remote desktop to a Windows Server 2008 host with the «Network Level Authentication» option selected?
-
Sorry, but care to edit your answer and elaborate?
-
When answering a question, please give a description of the steps you took to fix the problem, and as much information as you can offer.
-
When I tried it, FreeRDP worked with NLA and is in the Ubuntu 13.10 repositories.
-
This works great also on Arch Linux. Thank you! I now can keep my Windows machine with the security of «Network Level Authentication».
-
using default settings on Ubuntu 16.04.1
RDP
didn’t worked for me and defaultNegotiate
did the job whereNetwork Level Authentication
was enabled on server.