Thoughts from the EPS Windows Server Performance Team
Useful Microsoft Blogs
REMOTE DESKTOP CLIENT 6.x
Description: The Remote Desktop Client, or RDC, is the official name for the client used to connect to a Windows Server 2003 or Windows Server 2008 Terminal Server. As the features of Terminal Server evolve, a new RDC version is typically released to support these features. The current version of the RDC is 6.1 and is available for Windows XP SP2 and Windows Vista Service Pack 1. The 6.1 version of the RDC client is also automatically installed if you install Windows XP Service Pack 3. The interim release of RDC was officially dubbed RDC 6.0 and shipped with Windows Vista. There was also a downloadable version of RDC 6.0 released for Windows XP SP2 and Windows Server 2003. After the release of RDC 6.1, the 6.0 version was rendered obsolete on the Windows XP and Windows Vista platforms.
Scoping the Issue: Most of the issues seen with the RDC 6 client are related to changes in behavior that were made to support the features of Windows Vista and Windows Server 2008. Visually, the RDC 6.0 and RDC 6.1 clients look almost identical, so it is very important that you determine what version you are running by looking at the RDC client help.
To determine the RDC client version, do the following:
Data Gathering: In all instances, collecting either MPS Reports with the General, Internet and Networking, Business Networks and Server Components diagnostics, or a Performance-oriented MSDT manifest must be done. Additional data required may include the following:
Troubleshooting / Resolution: The following are a few of the most common issues that we have seen with the RDC 6.0 and 6.1 and how to troubleshoot them.
Connecting with /console switch no longer functions
This issue affects the 6.1 client as the /console switch was replaced with /admin and /console is silently ignored. To connect to a Windows Server 2003 or Windows Server 2008 server using Remote Desktop for the purpose of doing administration, the /admin switch must now be used. Please see the following article for more information: Microsoft KB Article 947723: Changes to remote administration in Windows Server 2008
RDC now asks for credentials before making a connection to the Terminal Server
The Remote Desktop Client now uses Network Level Authentication when connecting to a Windows Server 2008 Terminal Server. Network Level Authentication (NLA) is a new authentication method that finishes user authentication before you establish a full Remote Desktop connection and before the logon screen appears. Windows XP SP3 uses RDC 6.1 to support NLA. This feature improves the authentication method, and it can help protect the remote computer from malicious users and malicious software. NLA has the following benefits:
By default, Network Level Authentication (NLA) is disabled in Windows XP Service Pack 3. To enable NLA, you have to turn on the Credential Security Service Provider (CredSSP). For more information about how to turn on CredSSP, click the following article number to view the article in the Microsoft Knowledge Base: Microsoft KB Article 951608: Description of the Credential Security Service Provider (CredSSP) in Windows XP Service Pack 3
Unknown publisher is displayed when accessing a Terminal Server via Remote Desktop Web Connection
Windows XP SP3 or Vista SP1 will see a dialog box prompt them when opening an RDP connection via Remote Desktop Web Connection (2003) or TS Web Access (2008). The dialog box will be similar to the following:
The user can click Connect and they are still connected to the server.
This problem occurs because the RDP 6.1 client requires server authentication and when accessing a server via the internet, the Remote Desktop server cannot verify its identity to the client without using a Certificate.
The solution is to use TS Web Access in Windows Server 2008 and sign the RDP files using RemoteApp Manager or rdpsign.exe command-line tool. Using the Remote Desktop Web Connection tab on the TS Web Access page will always prompt, even if the RDP files are signed, so to provide a standard connection to users that will be signed, install TS Web Access on the Remote Desktop server and click on the following check box in RemoteApp managerr:
Show a remote desktop connection to this terminal server in TS Web Access
This will create a signed RDP file listed under RemoteApps that will connect back to the same server.
See the following blogs for more information about the changes to the RDP client and how to sign RDP files:
How to enable Single Sign On for Terminal Services on Windows XP SP3 clients
Single-Sign-On is a new feature of Windows Server 2008 that allows the RDC client to send the credentials of the currently logged-on user to the Terminal Server so that the user does not have enter them again when making a connection. SSO is configured by using group policies that control credentials delegation, and Windows XP clients must have CredSSP enabled in order for SSO to function. The Terminal Server (now Remote Desktop Services) product team has a good write-up on how to configure Single Sign On for systems running both Windows XP and Windows Vista: RDS Team Blog: How to Enable Single Sign On for Terminal Server Connections.