Can't get there from here


I recently upgraded my home network server from Windows Server 2003 to Windows Server 2008. It has a nice interface, better security, and is noticably faster than its predecessor.

The server is in a big vertical rack in a corner of my office with no chair or desk space in front of it, so using it as a console or desktop station is uncomfortable. But it's a server, so none is needed, right?

To manage it (change user settings, check backup logs, etc.), I have always used Remote Desktop (RDP) from my main desktop machine. It's a fast LAN connection and I never even need to turn on the monitor on the server once everything is configured and running smoothly.

In fact, the first time I needed to access the server after it was all configured was when I was out of the office. I had already setup port-forwarding through the router and the previous server had worked well to host remote sessions, so I launched RDP and hooked in through the internet. But I quickly discovered one of the security enhancements to Windows Server 2008, called Network Level Authentication (NLA), needed to be turned on in my client connection software.

After some searching, I discovered that in XP Pro Service Pack 3 (SP3), RDP 6.1 was installed which supports NLA. After installing SP3 and rebooting, I definitely had RDP 6.1, but strangely, NLA was still not activated.

Back to the search engines, I finally ran across a Microsoft Knowledgebase document informing me that NLA is turned off by default? Huh? Why? OK, so where's the checkbox to turn it on? Sorry, it's not that simple. You have to edit the registry and make two very unintuitive modifications. I wonder how many support calls this will generate over the next few months as companies start moving to Windows Server 2008? (By the way, there are plenty of articles explaining how to turn this security setting off in the server--but why would you want to do that when security might be one of the reasons you upgraded the server in the first place?)

Finally, after making those two registry hacks and rebooting again, I logged in successfully.

But that's not the end of the story.

So now, back at home, I have a need to get on the server. Why not use RDP instead of standing in front of the physical machine? That way I can use my wide screen monitor and chat with a friend as well. Launching RDP gives me deja vu as I get the original "NLA not supported" message. Ah, no problem--I know what to do.

I loaded Windows Update to make sure I had SP3 installed. But I only have SP2 and no updates are available. Hmm... Oh, I'm using Windows XP 64 on my main desktop at home and SP3 specifically excludes Windows XP 64. Uh, OK--what now? The latest update for Windows XP 64 is SP2 and it was released for Windows Server 2003 as well. That seems kind-of strange. But what about RDP 6.1 and NLA? I can't seem to find any reference to Windows XP 64 and RDP 6.1 in the same paragraph anywhere on the internet.

So, after upgrading to the latest and greatest Windows server, and using a high-end operating system for my desktop, and making sure I have all updates, it looks like I'm locked out of one little feature that Microsoft forgot: NLA-enabled remote desktop for Windows XP 64. Unless I missed something somewhere.

However, there's always away around everything: I can load up a VMWare session with Windows XP Pro (32-bit version) and NLA-enable that. But at this point, I'm willing to just walk 4 feet over to the server and stand there for the few minutes a week I really need to spend on the server!

Add new comment