Enable XP SP3 to use Network Level Authentication

June 10 2013

Network Level Authentication (NLA) as you may or may not know is a new feature of Windows Server 2008 and Vista workstations that adds some extra security as well as improves login performance by offloading some of the initial remote computer resources required at login. Earlier versions of Terminal Services authentication did not occur until the full desktop connection (including all the related processes) were started which chewed up server resources and opened the server up to denial of services attacks. With NLA enabled, the user is "pre-authenticated" before any desktop and related processes are created.

It is recommended to have all Terminal Servers (RDS) use NLA at all times.

XP Service Pack 3 and Remote Desktop 6.0 support NLA but it is not turned on by default which means you may simply not connect or see the error "An authentication error has occurred (Code:0x507)". To fix this on XP SP3 systems use the “fix it” utility from MS: http://support.microsoft.com/kb/951608

Or manually make the edits yourself:

  1. Click Start, click Run, type regedit, and then press ENTER.
  2. In the navigation pane, locate and then click the following registry subkey: HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. In the details pane, right-click Security Packages, and then click Modify.
  4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
  5. In the navigation pane, locate and then click the following registry subkey: HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
  6. In the details pane, right-click SecurityProviders , and then click Modify.
  7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
  8. Exit Registry Editor.
  9. Restart the computer.