Blogging about Royal TS/X, Royal Server and Royal Passwords

Microsoft’s March 13, 2018 updates and Royal TSX

Update March 14, 2018:
A new version of the FreeRDP plugin (V3.3.6) that fixes the issue is now available. You can install the update as usual via “Royal TSX – Check for Updates…”.


On March 13, 2018 Microsoft released updates for several Windows versions that include a fix for a security vulnerability in the Credential Security Support Provider protocol (CredSSP, also known as Network Level Authentication or NLA).
You can learn more about the vulnerability and associated patch here.

The respective updates that include this fix are…

Unfortunately, the security update breaks compatibility with 3rd party Remote Desktop clients which use the open source library, FreeRDP. We’re already in touch with the FreeRDP developers and hope to have a fix available soon.
You can follow the developments on the FreeRDP project’s Github page.

In our testing, affected Windows operating systems include Windows 10, Windows Server 2016, Windows 8.1, Windows Server 2012 R2, Windows 7 SP1 and Windows Server 2008 R2.


Until a proper fix is available for FreeRDP, here are some workarounds to keep you connected to your remote systems:

  1. Use Microsoft Remote Desktop
    Microsoft’s own Mac RDP client doesn’t seem to be affected by the problem, so it’s probably your best bet until an update for Royal TSX is available. You can get it on the Mac App Store.
  2. Uninstall the Windows update
    Uninstalling the Windows update (or putting it into the “Absent” state) that contains the security patch will allow you to access the system using Royal TSX again.
  3. Disable NLA
    By disabling the requirement for NLA on the server side and forcing Royal TSX to connect with TLS encryption instead you can also work around the problem.
    Here’s how to:

    1. Connect to the remote host using Microsoft Remote Desktop
    2. Run “SystemPropertiesRemote.exe” (or manually open “System Properties – Remote”)
    3. Disable “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”
    4. In Royal TSX open the properties of your RDP connection and switch to the “Advanced – Authentication” section
    5. Disable “Network Level Authentication (NLA)”
    6. Enable “TLS Encryption”

We’re really sorry for any inconvenience caused by this and will update this article as soon as new information becomes available.

You must be logged in to post a comment.