RDP was not accessible for Windows server 2019

0

Hi,
We are unable to connect to Remote Desktop to the Windows Server 2019 from the last two days. Following is the error we are getting while try login to the server

"An authentication error has occurred.
The function requested is not supported
Remote computer: <computer name="">
This could be due to CredSSP encryption oracle remediation.
For more information, see https:/go.microsoft.com/fwlink/?linkid=866660"

We also installed latest windows updates using AWS System Manager to check if it resolves the issue, But it did not help.

MaddyB
asked 4 years ago1916 views
1 Answer
1

I'm sure you've moved on from this issue, but I am going to provide a solution for others since I have been messing with this very issue all afternoon while studying for the SAA exam.

Assuming you have RDP inbound on port 3389 allowed in the security group, the problem is with the Network Level Authentication setting on the Windows Server. It is located in Settings - System - Remote Desktop, and then click on advanced settings. To be able to RDP into server from outside the VPC (as in, my house), I had to uncheck the box. Then, I could RDP into the system as the AWS documentation says you should.

Be aware this is not the recommended setting and may make your machine vulnerable, but there was no other way to get the CredSSP error to go away.

To figure this out, I had to create a Linux instance with the MATE GUI in the same VPC just so I could RDP to the Windows instance from the Linux instance using Remmina.

I then took the time to figure out how to do it through Powershell. I installed the Session Manager role and agent on the Windows instance so I could connect to Powershell through the AWS console.

First, get the Windows hostname...
PS c:> $env:computername

Then, set a new env variable for the computer name...
PS c:> $ComputerName = "EC2AMAZ-******" (or whatever the name is)

Finally, enter this command...
PS c:> (Get-WmiObject -class Win32_TSGeneralSetting -Namespace root\cimv2\terminalservices -ComputerName $ComputerName -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)

After all that, you should be able to RDP in. You might reboot the instance to be sure the new policy takes effect.

answered 3 years ago
  • Confirmed that unchecking the "Network Level Authentication" box worked with Server 2019 Datacenter. Much appreciated.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions