Remote Desktop Connection (RDC) 6.1 for Windows Server 2003

Posted on Updated on

I read and hear a lot of questions about why Remote Desktop Connection 6.1 or later doesn’t exist for Windows Server 2003. Well, if you’re wondering, I have good news for you: RDC 6.1 does exist for Windows Server 2003!

First of all, Remote Desktop Connection (RDC) is the Microsoft RDP client, previously called Terminal Services Client (TSC). It’s by far the most common tool to connect to a Remote Desktop Protocol (RDP) server, which is actually every somewhat modern Windows system. The RDP server component of Windows systems (clients and servers) is called Remote Desktop Services (RDS), formerly known as Terminal Services (TS). Some of those Windows systems can be put in a special mode to allow more remote connections/sessions, making the system a so-called Remote Desktop Session Host (RDSH) or Terminal Server (TS) (the former name).

The last version of RDS, RDP and RDC is 7.1, introduced with SP1 of Windows 7 and Windows Server 2008 R2. This version doesn’t exist for Windows Server 2003 though. Hell no, the latest version of RDC supported for Windows Server 2003 was 6.0. Till recently… Microsoft has published an update for RDC 6.0 and 6.1, upgrading those versions to the latest build of 6.1. This update is also valid for Windows Server 2003, meaning you can upgrade your RDC 6.0 on WS03 to the latest build of 6.1!

Well, it’s still not the same as 7.0 or 7.1, which implies you still can’t get things like multimedia redirection (WMP redirection), true multimonitor support, audio recording (and thus getting a form of bidirectional audio redirection), the so-called “enhanced graphics”, RemoteFX, etc. on a WS03 machine in the client role (also note that starting from RDC 7.0 you can’t connect to Windows 2000 systems anymore!). But you do get RDP signing, Easy Print, a new bulk compressor (RDP6.1-BC) and the ability to explicitly connect to administrative sessions (with the /admin switch instead of the /console switch). And Network Level Authentication (NLA)?

Well, yes and no. For the RDC client itself, yes. But the thing is it only works when the Security Service Provider (SSP) CredSSP is available and that’s not the case in WS03. For Windows XP it is available, but it’s disabled by default; you can enable it, but it doesn’t make sense to do the same for WS03, because it’s just not there. So at the end this means no NLA from a WS03 machine, even with RDC 6.1!

IMHO this is a pity… First of all WS03 is still very widely used and it’s difficult to understand all of at least many of the newest features aren’t supported at RDP client level! Secondly, NLA is perhaps even the most important feature missing! The reason is simple: if a company implements RDS farms with high security requirements, NLA should be enabled. NLA requires the client to provide all the credentials before the actual RDP connection to the target is made. So forget about making a connection and then entering your password into the Winlogon desktop (that’s how it’s called, as it is actually a desktop too, although not the application desktop we typically refer to). Does this sound stupid to you? Well, it isn’t! With NLA authentication happens before the actual RDP connection is made, i.e. during the Kerberos/SSL/NTLM setup, meaning server authentication is required too. This is a good thing security-wise and performance-wise, because bad attempts are blocked earlier and take less resources. I could tell you more about how and why exactly, but I guess it’s best not to go outside the scope of this article, otherwise I end with my opinions about the political situation in Lagos, Nigeria or something similar 🙂
The thing is you can’t connect from your old WS03 working environment to your new highly secured working environment, so if you’re moving from a WS03 to a WS08(R2) RDS farm, it’s not a nice thing. The only thing you can do is to connect to another system and connect to your new WS08(R2) farm from there. Or reduce your security, at least for a while… If your old working environment is XP though, there is no problem at all, because there NLA is possible (after enabling it though).

Anyway, it seems most people are not aware of the fact RDC 6.1 can be run on WS03 for the moment. That is the message I’m trying to spread! For completeness, the latest build for 6.1 is 6.0.6001.18564 and is also supported on XP (you need at least SP2), Vista and WS08; for WS03 you need at least SP1. More information can be found in KB2481109 at http://support.microsoft.com/kb/2481109. This update is available through Microsoft Update (MU). If you really want to know: before this update the last version of RDC for WS03 was 6.0.6000.16459 (a build of version 6.0), available through KB925876 for WS03 SP2. Well, AFAIK, that is.

Greetz,
Pedro

PS: don’t be confused by the version numbering. 6.0.6000.x builds belong to the main version 6.0, while 6.0.6001.x builds belong to the main version 6.1.

Advertisements

4 thoughts on “Remote Desktop Connection (RDC) 6.1 for Windows Server 2003

    siva said:
    29/06/2011 at 20:10

    Dude, you just saved my life. Our QA started complaining about missing admin console for a session we were launching through mstsc. We were checking if mstsc ver was <6.1 to use /console. Not sure why they went with 6.0.x scheme to name something 6.1

    Stefan said:
    28/06/2012 at 11:04

    As far as I understood that’s not quite true (unfortunately). Remote Desktop Connection 6.1 should support Remote Desktop Protocol 7.x (and multi monitor support). Unfortunately even after installing the security update and having mstsc version 6.0.6001 it still only supports RDP 6.1 and has no multi monitor switch 😦

      Padre Pedro said:
      05/07/2012 at 12:39

      Stefan, AFAIK RDC 6.1 should support RDP 6.1 and not 7.0. If I take a look at RDC 6.1 clients (even on WS03!) I indeed see RDP 6.1 is used, according to the Info dialog box of RDC. This means every feature of 6.1 is supported (like Easy Print for example), except for NLA. That is, NLA uses a Security Service Provider (SSP) from the OS and the SSP that NLA needs isn’t there on WS03, so at the end NLA isn’t supported on WS03, even with the RDC 6.1 client. I think everything seems okay in your case, except for the fact you thought RDC 6.1 should use RDP 7.0. Concerning multi monitor support: true multimonitor support is only supported starting from RDC/RDP 7.0, but “legacy” multimonitor support is supported though in RDC/RDP 6.1 (by the way, the multimonitor checkbox is only present in RDC 7.0 and higher, thus when there is so-called “true multimonitor support”).

        Stefan said:
        05/07/2012 at 12:58

        Pedro, I just had a look at the RDC on a Windows 2008R2. It’s version 6.1.7601, supports RDP 7.1 and has the ‘Use all my monitors’ checkbox. I am not talking about the ‘/span’ switch. That works even with RDC/RDP 6.x but is not what our users require.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s