SP3 One thing is that Remote Desktop is updated to V6.1. Check out the related webpages and learn that Remote Desktop with 6.0 or higher supports NLA (Network Level Authentication). NLA says it's the way to authenticate before you go to the remote desktop, instead of authenticating it when you log in. By default, Vista is "only allowed to run remote computer connections with network authentication." Ever since, I have failed with SP3 and Vista.
The online solution is to set the remote desktop connection mode of vista to "Allow any version of Remote Desktop Connection". This downgrade to adapt to XP, I thought it was a retrogression, otherwise upgrading XP remote desktop to 6.1 does not make any sense. Therefore, in the partner newsgroup, I asked Microsoft engineers:
The initial answer from Microsoft engineers was that XP does not support NLA. I later corrected that SP3 supports NLA and told me to follow the following methods to make XP support NLA. He gave me a KB: http://support.microsoft.com/kb/951608/
The NLA operation is:
1. Click Start, click Run, type regedit And press ENTER.
2. In navigation pane,locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa
3. In the details pane, right-click SecurityProviders, then Single Click to modify.
4. In the Value data box, type tspkg. Leave any data specific to other SSPs, and then click OK.
5. In navigation pane,locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders
6. in details pane, right-click SecurityProviders, and then click Modify .
7. In the Value data box, type credssp.dll. Leave any data specific to other SSPs, and then click OK.
8. exit Registry Editor.
9. Please restart your computer.
By KB operation, you can see support for network level authentication in XP Remote Desktop.
Enter the IP of the vista host, hey, yes, require authentication:
Unfortunately, an authentication error occurred: an authentication error occurred (code: 0x80090303)
again to Microsoft engineers, engineers do not know the specific location, but provides some troubleshooting methods, and finally to troubleshoot network packet to crawl through, I found that because the input when making a remote connection is IP address, not computer name (VISTA joined the domain, XP does not add domain, and XP's DNS is different from VISTA, not on the same network segment), causing Kerberos authentication to fail. Add domain name and domain name resolution of the vista machine to the HOST file, and finally connect successfully.
Why should I enter the computer name instead of IP puzzled, because we are usually used to connect to the target host ip, engineers answer given is:
this is kerberos The characteristics of the verification are determined. To perform kerberos verification, the SPN (service principle name) is used. The SPN is registered with the computer name. So we must use the computer name to connect to Windows Vista, not the IP address. I don't know much, but this question is a dead end.