This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
NicoRSA123
New Contributor
New Contributor
ā€Ž2022-12-09 10:22 AM

RSA SecureID SID800 won't connect with certificate in MSTSC on Windows 11 22H2

Jump to solution

RSA SecureID SID800 won't connect with certificate in MSTSC on Windows 11 22H2

Hi,

I'm trying to connect to a remote server session with MSTSC on Windows 11 22H2 using a SHA-384 - PKCS10 with a 2048 bits certificate and i'm obtaning this error :

- An authentication error has occured. The credentials supplied to the package were not recognized. Remote Computer : ***********

This error is only happening in Windows 11 (21H2 and 22H2 tested), we have tested in Windows 10 21H2, 22H2 and it's working perfectly. We have the RSA Smart Card middleware 3.6 installed (Same software from Windows 10 all versions to Windows 11 all version) with all the latest Windows updates installed and still not working.

Is there any software missing for the SID800 key to work with Windows 11 ? Or any specific registery modification that we have to make in difference to Windows 10 ?

Reply
1 Solution

Accepted Solutions
yannickneault
Contributor
Contributor
ā€Ž2022-12-12 04:40 PM

Jump to solution

@NicoRSA123 is my work colleague, he found a workaround :

 

Look at this post : https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&amp%3Bbc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json#how-to-remove-the-lsa-pr...

 

Solution : disable LSA protection

How to disable using the Registry

  1. Open the Registry Editor (RegEdit.exe), and navigate to the registry key that is located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.

  2. Set "RunAsPPL"=dword:00000000 or delete the DWORD.

  3. If PPL was enabled with a UEFI variable, use the Local Security Authority Protected Process Opt-out tool to remove the UEFI variable.

  4. Restart the computer.

 

View solution in original post

Reply
1 Reply
yannickneault
Contributor
Contributor
ā€Ž2022-12-12 04:40 PM

Jump to solution

@NicoRSA123 is my work colleague, he found a workaround :

 

Look at this post : https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&amp%3Bbc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json#how-to-remove-the-lsa-pr...

 

Solution : disable LSA protection

How to disable using the Registry

  1. Open the Registry Editor (RegEdit.exe), and navigate to the registry key that is located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.

  2. Set "RunAsPPL"=dword:00000000 or delete the DWORD.

  3. If PPL was enabled with a UEFI variable, use the Local Security Authority Protected Process Opt-out tool to remove the UEFI variable.

  4. Restart the computer.

 

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.