JSI Tip 6682. Remote assistance connection to Windows Server 2003 with FIPS encryption does NOT work?

Microsoft added the FIPS compliant setting to the options for Terminal Services encryption levels in Windows Server 2003.

NOTE: See How do I configure Windows Server 2003 Terminal Services for secure client communications?

Unfortunately, a Windows Server 2003 with the encryption level set to FIPS compliant does NOT allow Remote Assistance connections from a computer that is running Microsoft Windows XP.

Windows XP and Windows XP SP1a do not support the FIPS compliant encryption level and cannot connect to a FIPS compliant Windows Server 2003 for remote assistance.

FIPS support on the client is handled in the Terminal Services client, not by the operating system. Upgrading to the RDP 5.2 (Windows Server 2003) client permits a client that is running Windows XP to connect to a Terminal Services session on Windows Server 2003 that is configured for FIPS encryption, but it does not permit the Remote Assistance client to connect.

The only workaround is to turn off the FIPS encryption level.

Microsoft is aware of the problem.

NOTE: I have been told that the most recent RDP client fixes the problem.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.