Partager via


2.2.1.2.2 RDP Negotiation Failure (RDP_NEG_FAILURE)

The RDP Negotiation Failure structure is used by a server to inform the client of a failure that has occurred while preparing security for the connection.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

type

flags

length

failureCode

type (1 byte): An 8-bit, unsigned integer that indicates the packet type. This field MUST be set to 0x03 (TYPE_RDP_NEG_FAILURE).

flags (1 byte): An 8-bit, unsigned integer that contains protocol flags. There are currently no defined flags, so the field MUST be set to 0x00.

length (2 bytes): A 16-bit, unsigned integer that specifies the packet size. This field MUST be set to 0x0008 (8 bytes).

failureCode (4 bytes): A 32-bit, unsigned integer that specifies the failure code.

Value

Meaning

SSL_REQUIRED_BY_SERVER

0x00000001

The server requires that the client support Enhanced RDP Security (section 5.4) with either TLS 1.0, 1.1 or 1.2 (section 5.4.5.1) or CredSSP (section 5.4.5.2). If only CredSSP was requested then the server only supports TLS.

SSL_NOT_ALLOWED_BY_SERVER

0x00000002

The server is configured to only use Standard RDP Security mechanisms (section 5.3) and does not support any External Security Protocols (section 5.4.5).

SSL_CERT_NOT_ON_SERVER

0x00000003

The server does not possess a valid authentication certificate and cannot initialize the External Security Protocol Provider (section 5.4.5).

INCONSISTENT_FLAGS

0x00000004

The list of requested security protocols is not consistent with the current security protocol in effect. This error is only possible when the Direct Approach (sections 5.4.2.2 and 1.3.1.2) is used and an External Security Protocol (section 5.4.5) is already being used.

HYBRID_REQUIRED_BY_SERVER

0x00000005

The server requires that the client support Enhanced RDP Security (section 5.4) with CredSSP (section 5.4.5.2).

SSL_WITH_USER_AUTH_REQUIRED_BY_SERVER

0x00000006

The server requires that the client support Enhanced RDP Security (section 5.4) with TLS 1.0, 1.1 or 1.2 (section 5.4.5.1) and certificate-based client authentication.<4>