We have a Windows Server 2008 R2 system that can't be accessed remotely via RDC from windows systems (I've tried Windows 10, Windows 7, Windows 2012 R2 all without luck). Paradoxically, our SysAdmins who run MacBooks are able to connect using the MS RDP Client for Mac.
In examining a WireShark trace I see the following for sessions that fail:
- Client - SYN
- Server - SYN, ACK
- Client - ACK
- Client - RDP
- Server - ACK
- Server - RST, ACK
The 'RDP' Packet above has the following information:
- TPKT Version 3
- PDU Type: CR Connect Request
- Type: RDP Negotiation Request
- requestedProtocols: TLS security supported, CredSSP supported, Early User Authorization Result PDU Supported
For the Macs, I see a negotiation that looks like this:
- Client - SYN, ECN, CWR
- Server - SYN, ACK
- Client - ACK
- Client - RDP (Cookie:= .\username, Negotiate Request) [First Try]
- Server - ACK
- Server - RST, ACK
- Client - SYN, ECN, CWR
- Server - SYN, ACK
- Client - ACK
- Client - RDP (Cookie:= .\username, Negotiate Request) [Automatic retry]
- (Normal RDP traffic, I can connect and it works)
The First try RDP packet looks like this:
- TPKT Version 3
- PDU Type: CR Connect Request
- Type: RDP Negotiation Request
- requestedProtocols: TLS security supported, CredSSP supported, Early User Authorization Result PDU Supported
The Automatic retry RDP packet drops the requestedProtocols:
- TPKT Version 3
- PDU Type: CR Connect Request
- Type: RDP Negotiation Request
- requestedProtocols: empty
At this point I'm trying to figure out how to get the windows RDP client to renegotiate like the Mac client. I've had no success yet. Has anyone had to contend with this before?
Additional context:
- I have tried connecting from Windows 10 and Windows 7 with the same results
- I am limited in that I can't change the RDP settings on the 2008 R2 server (extremely limited change control window).