3.3.5.3.2 During Version and Capability Negotiation
If a client has negotiated the NTLM extended authentication mode during transport setup, it MUST set the ExtendedAuth field of the HTTP_HANDSHAKE_REQUEST_PACKET (section 2.2.10.10) to HTTP_EXTENDED_AUTH_SSPI_NTLM.
If the RDG server supports the NTLM extended authentication mode, it MUST include HTTP_EXTENDED_AUTH_SSPI_NTLM in the ExtendedAuth field of the HTTP_HANDSHAKE_RESPONSE_PACKET (section 2.2.10.11) that it sends to the client.
If a client has negotiated the NTLM extended authentication mode during transport setup, and it receives an HTTP_HANDSHAKE_RESPONSE_PACKET that does not include HTTP_EXTENDED_AUTH_SSPI_NTLM in the ExtendedAuth field, it MUST close the connection.