We use SSO Protect Remote Desktop credentials with Windows Defender Remote Credential Guard on "Windows Server 2016" and "Windows Server 2019" servers. There are no problems. We have many users with "Windows Hello for Business + Key Trust" technology and there is an RDS farm (Broker + TS's) on "Windows Server 2016". We have configured the registry on all servers of the RDS farm. But use the connection "mstsc.exe /remoteGuard" fails.
All the latest updates are installed on the servers, and the check was performed through the Microsoft servers.
WindowsProductName : Windows Server 2016 Standard
WindowsCurrentVersion : 6.3
OsVersion : 10.0.14393
OsBuildNumber : 14393
Using the command mstsc.exe /remoteGuard:
An error occurs when trying to connect to a shared name - "An authentication error has occured. \r\n The function requested is not supported \r\n Remote computer: xxx \r\n This could be due to CredSSP encryption oracle remediation."
When trying to connect directly to the TS server, RDP opens, the session starts, and an error occurs inside the RDP screen - "The requested session access is denied." But if add a user to the Administrators group, everything works - but it's not right! On the server, an entry is recorded in the event log - "Session 5 has been disconnected, reason code 12".
Questions:
- Will it work - "RDS and Protect Remote Desktop credentials with Windows Defender Remote Credential Guard" ?
- What update should I install for Windows Server 2016 to fix the problem with Administrators / Remote Desktop Users groups (perhaps some update is missing) ?