Problem
You’ve installed or upgraded to the latest VMware Horizon Agent onto a Windows 7 virtual desktop:
… but quickly noticed that you are no longer able to RDP to the virtual machine as the following error message is thrown:
This computer can’t connect to the remote computer.
Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.
Proceeding to review the System logs on the Windows 7 virtual desktop displays the following error message every time you attempt to remote desktop to the machine:
Log Name: System
Source: Schannel
Event ID: 36871
Level: Error
One of the common troubleshooting steps that typically show up during searches on the internet is to Enable the Require use of specific security layer for remote (RDP) connections and set the Security Layer to Negotiate as shown in the following screenshot:
Unfortunately, the solution above does not correct the problem.
Windows 10 virtual desktops does not appear to exhibit this issue.
Solution
One of the reasons why installing the Horizon View 7 agent would cause this issue is because the installation appears to disable TLS 1.0 on the Windows 7 desktop if it is not already disabled. You can confirm this by launching the registry editing on the desktop and navigating to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server\
Note that the Enabled REG_DWORD in the screenshot above is set to 0 which is disabled. You can quickly get RDP to work again by changing the value to 1 but this is not the best solution as it is best practice to leave TLS 1.0 off.
----------------------------------------------------------------------------------------------------------------------------------------------------------------
**Note that downgrading the View agent to 6.2 would actually remove the TLS 1.0 key in the registry thus re-enabling it and causing RDP to work again:
----------------------------------------------------------------------------------------------------------------------------------------------------------------
The proper steps to correct this issue is to ensure that the patch supplied in the following KB article is installed onto the Windows 7 desktop:
Update to add RDS support for TLS 1.1 and TLS 1.2 in Windows 7 or Windows Server 2008 R2
https://support.microsoft.com/en-us/kb/3080079
Download the .msu file:
Complete the install:
… and RDP should now work again.
5 comments:
I got your script, for me also one problem i got trouble shooting initialization state errors in vmware. I am unable to provision the linked clone desktop pool as well as customization error is coming. Can you tell me a solution.
Vmware Training in Chennai
banged my head on the desk for 2 days over this
thanks
Finally rolling these agents out and this baffled me for a day....
Post a Comment