Tuesday, October 4, 2016

Installing VMware Horizon View agent onto Windows 7 desktop causes RDP to no longer work

Problem

You’ve installed or upgraded to the latest VMware Horizon Agent onto a Windows 7 virtual desktop:

image

… but quickly noticed that you are no longer able to RDP to the virtual machine as the following error message is thrown:

This computer can’t connect to the remote computer.

Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

image

Proceeding to review the System logs on the Windows 7 virtual desktop displays the following error message every time you attempt to remote desktop to the machine:

Log Name: System

Source: Schannel

Event ID: 36871

Level: Error

image

One of the common troubleshooting steps that typically show up during searches on the internet is to Enable the Require use of specific security layer for remote (RDP) connections and set the Security Layer to Negotiate as shown in the following screenshot:

image

Unfortunately, the solution above does not correct the problem.

Windows 10 virtual desktops does not appear to exhibit this issue.

Solution

One of the reasons why installing the Horizon View 7 agent would cause this issue is because the installation appears to disable TLS 1.0 on the Windows 7 desktop if it is not already disabled.  You can confirm this by launching the registry editing on the desktop and navigating to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server\

image

Note that the Enabled REG_DWORD in the screenshot above is set to 0 which is disabled.  You can quickly get RDP to work again by changing the value to 1 but this is not the best solution as it is best practice to leave TLS 1.0 off.

----------------------------------------------------------------------------------------------------------------------------------------------------------------

**Note that downgrading the View agent to 6.2 would actually remove the TLS 1.0 key in the registry thus re-enabling it and causing RDP to work again:

image

----------------------------------------------------------------------------------------------------------------------------------------------------------------

The proper steps to correct this issue is to ensure that the patch supplied in the following KB article is installed onto the Windows 7 desktop:

Update to add RDS support for TLS 1.1 and TLS 1.2 in Windows 7 or Windows Server 2008 R2
https://support.microsoft.com/en-us/kb/3080079

Download the .msu file:

image

Complete the install:

image

image

… and RDP should now work again.

1 comment:

deeksha said...

I got your script, for me also one problem i got trouble shooting initialization state errors in vmware. I am unable to provision the linked clone desktop pool as well as customization error is coming. Can you tell me a solution.


Vmware Training in Chennai