Scenario:
I have two machines, a Windows XP and a Windows 7 machine in OU 1. There is another Windows 7 machine in OU 2. Both OUs are subject to exactly the same policies, namely the Windows 7 EC Desktop policy and a firewall policy that allows inbound Remote Desktop exceptions set to * (All). Both OUs have all other policies bar the Default Domain Policy blocked from inheritance.
I can RDP to the third Windows 7 machine in OU 2 from my Windows 7 machine in OU 1 fine. However, I am unable to get a Remote Desktop Connection to the third machine from my Windows XP box in OU 1. The same account are being used throughout. I have also upgraded the RD client on the XP box to 7.0, but it's made no difference. If I disable the Win7EC desktop policy in OU 2, all is well and I can RDP from the XP box.
I assume Windows 7 must be sending some information with improved encryprtion by default. Indeed, looking at the event viewer on the machine in OU 2 I see:
IPsec dropped an inbound clear text packet that should have been secured. If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected. This can also be caused by the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt.
Can anyone suggest what element of the policy I should change (or more to the point, how I should change it) to keep security as strong as possible but allow the XP client to reach the machine via RDP?
Thanks
Simon