I am trying to Offer unsolicited Remote Assistance from one client machine to another in the Domain. I get event id which states bad username or bad password. I have looked down and noticed this as well. This is a Domain with an external kerberos realm trust. Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - I am not sure why it is trying ntlm when I know that will not work since this is a kerberos account to the external kerberos realm trust. I have set the security level for remote assistance to negotiate on both machines I have added my user account in the helpers group for the destination client and host client I have tried setting both the host client and destination client computer account for kerberos delegation I am not sure what else to do to force remote assistance to use kerberos authentication.

Hi, I am currently standing by for an update from you and would like to know how things are going. If you have any feedback, please let us know. Niki TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere Niki Han TechNet Community Support

Hi Niki, I have set Computer Configuration/Administrative Templates/Windows Components/Remote Desktop Session Host/Security Require use of specific security layer for remote (RDP) connections Enabled Security Layer RDP NLA seem to always break Auth to a external kerberos trust so it never works. We have to disable NLA to even get RDP working. We do not allow ntlm since our accounts are just shadow accounts with random passwords. Reading the information provided, this seems to be related to a terminal server, which we are not running. Also it's only suggestions are NLA, SSL/TLS or certificates. So does this mean Remote assistance does not support passing of a external kerberos realm ticket since the introduction of NLA? -Phil