22.214.171.124.1 RDP Negotiation Response (RDP_NEG_RSP)
The RDP Negotiation Response structure is used by a server to inform the client of the security protocol which it has selected to use for the connection.
type (1 byte): An 8-bit, unsigned integer that indicates the packet type. This field MUST be set to 0x02 (TYPE_RDP_NEG_RSP).
flags (1 byte): An 8-bit, unsigned integer that contains protocol flags.
An unused flag that is reserved for future use.
Indicates that the server supports credential-less logon over CredSSP (also known as "restricted admin mode") and it is acceptable for the client to send empty credentials in the TSPasswordCreds structure defined in [MS-CSSP] section 126.96.36.199.1.<3>
Indicates that the server supports credential-less logon over CredSSP with credential redirection (also known as "Remote Credential Guard"). The client can send a redirected logon buffer in the TSRemoteGuardCreds structure defined in [MS-CSSP] section 188.8.131.52.3.
length (2 bytes): A 16-bit, unsigned integer that specifies the packet size. This field MUST be set to 0x0008 (8 bytes)
selectedProtocol (4 bytes): A 32-bit, unsigned integer that specifies the selected security protocol.
Standard RDP Security (section 5.3)
TLS 1.0, 1.1 or 1.2 (section 184.108.40.206)
CredSSP (section 220.127.116.11)
Credential Security Support Provider protocol (CredSSP) (section 18.104.22.168) coupled with the Early User Authorization Result PDU (section 22.214.171.124).