Issue

• You are trying to log on to a computer via Remote Desktop Protocol (RDP) secured by ESA, but the logon fails with message “Incorrect password or username”, even though you are using proper login credentials
• If ESA RDP protection is uninstalled, RDP logon works

Solution

In order to use Remote Desktop protection, RD Session Host must be configured to use SSL (TLS 1.0) or Negotiateas instructed in the product manual, chapter 11 Remote Desktop Protection.

To modify the settings on Windows Server 2008 or earlier, follow the instructions below:

1. Go to the Start menu → Administrative Tools → Remote Desktop Services → Remote Desktop Session Host Configuration.
    
2. In the Connections section, open RDP-Tcp.
    
3. Click the General tab.
    
4. In the Security section, the Security Layer setting must be set to SSL (TLS 1.0) or Negotiate.

To modify the settings on Windows Server 2012, follow the instructions below:

1. Open Server Manager.
    
2. Click Remote Desktop Services from the left pane.
    
3. Open the Collections properties.
    
4. In the Security section, the Security Layer setting must be set to SSL (TLS 1.0) or Negotiate.