When trying to RDP the Windows 2019 devices using the PAM RDP applet, the following error message occurs:
"An error occurred in NTLM handshake"
Privileged Access Manager, all versions
The most common cause for this issue is related to the following GPO policy settings.
When the GPO is set to those values, the built-in RDP client will not be at a new enough version whenever Microsoft releases a new RDP client and the server will stop allowing it to connect.
The recommendation is to use the following GPO settings in order for the PAM RDP applet to work.
If the security policy can only be set to "Protection Level: Force Updated Clients," then the built-in RDP applet cannot be used for these servers. Instead, please configure a TCP/UDP service to launch mstsc.exe locally on the workstation.
If the RDP (Mstsc.exe) has not been patched on the remote workstation that the PAM Client is executing on, the same errors will occur because the RDP client is not at the latest version.