WHAT YOU NEED TO KNOW:
When attempting to RDP into Windows Server 2008/2008R2 and Windows 7 machines, users are receiving the below errors related to Network Level Authentication.
The error is related to the systems incorrectly using the RDP template certificate that exists on systems. The issues started as systems obtained a renewal of the RDP certificate from the DOI template in early January and did not know how to associate the renewed certificate with RDP authorization. Working with DOI, a powershell script was created that will fix computers with these older OS’ to correctly handle the certificates and allow RDP access.
A BigFix fixlet named USGS-Wide: DOI RDP Template Fix for Windows 7/2008/2008R2 Only has been created to run against all Windows Server 2008R2 and Windows 7 boxes in the environment. The ePatching team will issue a mandatory action to apply the fixlet to all ePatching systems. This action will run in the background and not require a restart starting at 6 pm on the evening of 1/30/2019. Systems that are not part of ePatching will need to apply the BigFix fixlet USGS-Wide: DOI RDP Template Fix for Windows 7/2008/2008R2 Only at a site level to resolve the issue.
WHAT YOU NEED TO DO:
No action is needed on the part of local IT that is part of ePatching. Sites may also issue their own action to run this fixlet.
Systems that are not part of ePatching will need to apply the BigFix fixlet USGS-Wide: DOI RDP Template Fix for Windows 7/2008/2008R2 Only at a site level to resolve the issue.
If local IT needs to directly apply the fix to systems, the powershell script can be found at: \\gs\di\bwtst\downloads\rdpfix.ps1.
