2.2.1.1.1 RDP Negotiation Request (RDP_NEG_REQ)

The RDP Negotiation Request structure is used by a client to advertise the security protocols which it supports.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

type

flags

length

requestedProtocols

type (1 byte): An 8-bit, unsigned integer that indicates the packet type. This field MUST be set to 0x01 (TYPE_RDP_NEG_REQ).

flags (1 byte): An 8-bit, unsigned integer that contains protocol flags.

Flag

Meaning

RESTRICTED_ADMIN_MODE_REQUIRED

0x01

Indicates that the client requires credential-less logon over CredSSP (also known as "restricted admin mode"). If the server supports this mode then it is acceptable for the client to send empty credentials in the TSPasswordCreds structure defined in [MS-CSSP] section 2.2.1.2.1.<2>

REDIRECTED_AUTHENTICATION_MODE_REQUIRED 0x02

Indicates that the client requires credential-less logon over CredSSP with redirected authentication over CredSSP (also known as "Remote Credential Guard"). If the server supports this mode, the client can send a redirected logon buffer in the TSRemoteGuardCreds structure defined in [MS-CSSP] section 2.2.1.2.3.

CORRELATION_INFO_PRESENT

0x08

The optional rdpCorrelationInfo field of the 224 Connection Request PDU (section 2.2.1.1) is present.

length (2 bytes): A 16-bit, unsigned integer that specifies the packet size. This field MUST be set to 0x0008 (8 bytes).

requestedProtocols (4 bytes): A 32-bit, unsigned integer that contains flags indicating the supported security protocols.

Flag

Meaning

PROTOCOL_RDP

0x00000000

Standard RDP Security (section 5.3).

PROTOCOL_SSL

0x00000001

TLS 1.0, 1.1, or 1.2 (section 5.4.5.1).

PROTOCOL_HYBRID

0x00000002

Credential Security Support Provider protocol (CredSSP) (section 5.4.5.2). If this flag is set, then the PROTOCOL_SSL (0x00000001) flag SHOULD also be set because Transport Layer Security (TLS) is a subset of CredSSP.

PROTOCOL_RDSTLS

0x00000004

RDSTLS protocol (section 5.4.5.3).

PROTOCOL_HYBRID_EX

0x00000008

Credential Security Support Provider protocol (CredSSP) (section 5.4.5.2) coupled with the Early User Authorization Result PDU (section 2.2.10.2). If this flag is set, then the PROTOCOL_HYBRID (0x00000002) flag SHOULD also be set. For more information on the sequencing of the CredSSP messages and the Early User Authorization Result PDU, see sections 5.4.2.1 and 5.4.2.2.

Show: