Div | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Background information
The Remote Desktop Servers on hosting are running Windows Server 2016 and it is very important for the end user's PCs to be up to date with Windows Updates. If the latest updates are not installed, the RDP session could appear to freeze regularly (due to message dialog appearing behind the main form) or remote desktop connections could be refused altogether.
Regarding authentication, Microsoft removed support for NTLMv1 in Remote Desktop Services 2012 because it is a significant security risk so it is important to check your network security settings (see LAN Manager Authentication NTLMv2 below)
Check your Firewall
For Skills Hosting our IP range is: 31.28.78.32/28
For DWP Hosting our IP range is: 146.101.18.32/28
All external communications are via HTTPS TCP 443 and the endpoints have a wildcard SSL certificate with URL *.pellcomp.net
We recommend excluding Pellcomp’s IP addresses or *.pellcomp.net from any deep packet inspection on your corporate Firewalls / Web Proxy network appliances.
LAN Manager Authentication NTLMv2
Starting with Windows Server 2012 clients must use NTLMv2 authentication because NTLMv1 is a significant security risk:
...
But the most secure and recommended setting is Send NTLMv2 response only. Refuse LM & NTLM.
Installing Windows Updates
There are a few updates which are required to connect to hosting. As they are security related it is highly likely they are already installed on your device.
All Windows versions - Update CVE-2018-0886 security update to CredSSP
https://support.microsoft.com/en-gb/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
Remote Desktop Servers which have security update KB4103723 installed will refuse connections from client PCs which are missing the CredSSP security patch.
To determine if the client PC has the CredSSP security patch installed look for the following Windows update:
- KB4088776 (Windows 10)
- KB4088787 (Windows Server 2016)
- KB4088876 (Windows 8.1 and Windows Server 2012 R2)
- KB4088875 (Windows 7 SP1 and Windows Server 2008 R2 SP1 - no longer supported)
How to determine if the Updates have been installed previously
This can be done either graphically or via the command line:
Using the GUI
Control Panel > System and Security
Windows Update
View Update History
PowerShell
Rw ui textbox macro |
---|
Get-HotFix -Id KB2592687 |
Command Line
Rw ui textbox macro |
---|
wmic qfe | find "2592687" |
...