NLA Disabled. Still can't RDP; "requires Network Level Authentication"

Similar Messages

• Remote Desktop Network Level Authentication

  Recently, I began getting failed connections from a Windows 7 Enterprise client to another Windows 7 Enterprise host where the host is requiring NLA. This has been a problem on and off for YEARS and I have found no link that can tell me to configure something
  that I haven't already configured. Neither system underwent any configurations changes that I know of with the exception of Windows security updates/patches. In fact, some people in my company have the same issue while other do not. I can find no rhyme or
  reason to it. Heres where I'm at:
  "The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support."
  But I do. when i click the upper left hand corner of my RDP client window and select "About", I see this:
  "Remote Desktop Connection
  Shell Version 6.1.7601
  Control Version 6.1.7601
  Network Level Authentication Supported.
  Remote Desktop Protocol 7.1 supported."
  And the above info is exactly what it says on the host.
  Here's the SecurityProvider registry settings on the client:
  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
  "SecurityProviders"="credssp.dll"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SaslProfiles]
  "GSSAPI"="Kerberos"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
  "EventLogging"=dword:00000001
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuites]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
  "DisabledByDefault"=dword:00000001
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest]
  "Debuglevel"=dword:00000000
  "Negotiate"=dword:00000000
  "UTF8HTTP"=dword:00000001
  "UTF8SASL"=dword:00000001
  "DigestEncryptionAlgorithms"="3des,rc4"
  Every link I have looked at tells me to look at those things. Anyone got something new? :)
  Also if someone knows how to log the RDP failures that would be cool too. Presently I have turned on Audit Other Security Events in GPO but it doesn't tell me if someone attempted to authenticate with a less then desirable security protocol.
  As a fix, for now, I have reduced the security requirements on the host to not require NLA. <-- This is the only consistent fix I have ever seen that works.
  By the way, just about every link I see also starts talking about setting up RD session host service. I am not running Windows Server 2008. This a Windows 7 to Windows 7 problem

  Hi,
  On both Windows 7, Please go to System Properties,
  Remote tab and make sure that Allow connections only from computers running Remote Desktop with Network Level Authentication
  is unchecked.
  If problem persists, please check if there was any Windows updates need to install, if so, try to install updates for test.
  Roger Lu
  TechNet Community Support

• Network Level Authentication

  We have enabled Network Level Authentication on all of our test servers.  We are now having issues with 2 servers where folks are receiving an error stating that the remote computer Network Level Authentication which your computer does not support.
  All clients are Windows 7 SP1, and can access other servers that have Network Level Authentication.
  When comparing the servers to working servers, there doesn't appear to be any differences.
  Any Ideas?
  DJ

  Hi DJ,
  From the current description it seem is the self-signed certificate corrupt, please perform the following action, open the Certificate Management mmc snap-in with the Local
  Computer account. You will find the self-signed certificate in the 'Remote Desktop' store of the server.
  Delete the certificate here.
  For Windows 2003/ 2008, a server restart is required for this certificate to be re-generated.
  On Windows 2008 R2, you can restart the Remote Desktop Services Configuration service to get the certificate re-generated.
  The similar thread:
  Configure Certificate for NLA...
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/d7d45464-dcb6-4dc6-b840-cb29578a9f23/configure-certificate-for-nla
  Windows Server 2008 R2: Why Use Network Level Authentication?
  https://technet.microsoft.com/en-us/magazine/hh750380.aspx
  Secure RDS (Remote Desktop Services) Connections with SSL
  https://technet.microsoft.com/en-us/magazine/ff458357.aspx
  Configure Server Authentication and Encryption Levels
  https://technet.microsoft.com/en-us/library/cc770833.aspx
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• AD "Log on to" restriction causes RDP connections with network level authentication to fail

  I am running a Server 2008 R2 environment and have recently enabled network level authentication for RDP connections. Since the change, users who have their logons restricted to specific servers via AD, now get an error when logging on via RDP:
  An Authentication error has occured
  The Local security authority cannot be contacted
  After investigating this error and reading technet I found that removing the "log on to" restriction within their user object solved the problem even tho they had rights to this server. Adding the users client PC name to the "Log on
  to" list also solves this issue.
  My question is, is there another way around this? We have an environment where some users may require an RDP connection from a client PC not on the same domain (over VPN) as the server. It will not be practical to add many different client PC names
  to the log on to list and I don't understand why client PC's must be specified in the Log on to list and not just the actual server they are logging onto.
  Any pointers appreciated

  I have just come across this problem on one of my client’s domains; they have recently enforced a policy to “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)”  and users with “Log on To” restrictions
  on their account are no longer able to RDP using their second account.
  After a lot of fiddling around I finally resolved the problem by adding the connecting computer name into “Log on To” list.  Ultimately it appears that Network Level Authentication (NLA) requires authentication to take place on both the host initiating
  the connection and the remote host.

• Remote Desktop Connection - Windows Network Level Authentication

  Hi
  I'm trying to find a piece of Remote Desktop "Manager" software for Mac which supports Network Level Authentication (NLA). When NLA is enabled on a Windows Server I am unable to connect via CoRD or Royal TSX.
  The reason I say "Manager" is because I have many, many windows servers I need to connect to and so I like to use software such as the above to save a list of all the servers for ease of access - this saves me having to type in the name of the server each time.
  At the moment, for those servers with NLA enabled, I have to fire up Remote Desktop Connection for Mac and enter the name. I realise I could save this each time but then I would have LOADS of shortcuts.
  Any ideas/proposals on pieces of software that can cater for this?
  Thanks!

  Hi!
  Royal TSX actually supports NLA but you have to use the FreeRDP plugin instead of CoRD and enable the setting in the advanced settings of your RDP connection.
  cheers,
  felix

• Configure Network Level Authentication for Remote Desktop client

  We publish Remote Desktop in our Windows 2008 R2 terminal server.
  However, in Windows 2008R2 , the remote desktop client will a lillte bit slow
  I found out that if I modify the setting in default.rdp
  authentication level:i:0
  enablecredsspsupport:i:0
  it will increase the speed a lot
  however, how can I set all user use remote desktop will disable those feature as well?
  Thanks

  Hi Kenneth, 
  I suggest you to see similar thread "disable
  Network Level Authentication Terminal Server 2008"
  If above thread does not helps, seek help from RDS/TS experts in here.
  Or wait until any of our moderator move this post to respective forum.
  Thank you for understanding.
  Regards, Ravikumar P

• 10.5.2 - Still Can't Remember Wireless Network.

  I've had this problem way prior to 10.5.2. Leopard intermittently remembers/forgets wireless networks I have joined.
  It seems the latest update has not corrected this.
  Have tried dumping keychain network accesses repeatedly but still no go.
  Anyone else having this problem?

  I also have the same problem even with an Apple Airport Extreme. This happened after I installed Leopard the first time on top of Tiger. This should not be happening! Please someone at Apple help us out because this is a major concern and bug. We should at least know how to be able to reset the wireless networks.

• Installed AE to iMac G5 but still can't detect network

  Sorry for another thread but I've been searching the forums for this answer.
  I installed an Airport Extreme card on my 1.8 Ghz PowerPC iMac G5.
  After installing the software and updating all my software, I still can't find any networks on my Airport Extreme card. I have two other Macbooks and they are able to detect networks from my Airport Extreme Base station and also detect the neighbor nextdoor.
  I can't seem to find a signal to any networks or connect to them. Please advise to what I need to do to get my iMac to detect my wireless networks.
  Thank you

  djriddler, Welcome to the discussion area!
  The antenna wire connects pushes into the card farther than most people think. Compare your installation with the photos in KB 108039, Properly attaching the antenna on an AirPort Extreme Card.

• Can´t see my Networks adapters in the Device manager!

  Help!
  I´m using Yoga 2 pro/windows 8.1
  I can´t see the Networks adapter in the Device manager?!
  (and no internet/WIFI connection is not working any more)
  I´ve tried to install the latest Wireless Driver from lenovos homepage but it there is still problems. The laptop still can´t find any network adapter and the wifi connection doesn´t work, as it did last week!
  Any one who has the same exeperience/or knew how to deal with these kind of issues?
  /Rasmus

  hi Rasmus,
  Can you try these steps:
  1. Check if you have a Network Controller entry in the Device Manager and follow this guide to get the hardware ID and on how identify the device.
  2. If there's no Network Controller entry in the Device Manager, then it's possible that the Wi-Fi card might have been disabled.
  Things to try:
   - Boot into the BIOS either by pressing Fn+F2 on boot-up, the OneKey Recovery button, or via the UEFI Firmare Settings. 
   - In the BIOS, navigate to the Configuration tab and disable the Wireless setting  hit Fn+F10 to Save and Exit then shut off the machine. 
   - Boot back into the BIOS and enable the Wireless setting then hit Fn+F10 to Save and Exit and observe if you can now detect wireless networks.
  Let me know how it goes.
  Regards
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
  Follow @LenovoForums on Twitter!

• Can't rdp to a newly created Win2012 vm on azure

  <p>whenever I try to connect to a VM I create on azure from my mac via RDP , I get error. &lt;/p&gt;&lt;p&gt;&lt;span style="font-size:0.75em;line-height:1.5;"&gt;Not sure of what might be going wrong or I am doing
  wrong. &lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="font-size:0.75em;line-height:1.5;"&gt;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="font-size:0.75em;line-height:1.5;"&gt;Attaching
  screenshots of errors I encounter.</p><p></p><p><img alt="" src="https://social.msdn.microsoft.com/Forums/getfile/636593" /><img alt="" src="https://social.msdn.microsoft.com/Forums/getfile/636594"
  /></p>

  Hi Bhondush;
  Thank you for your post.. There is a new updated
  RDP client for Mac. This tool will also resolve the issue that a lot of people are reporting when they try to connect to Microsoft Azure VM from a Mac client.
  Another workaround would be to use CoRD
  which is a Mac OS X remote desktop client for Microsoft Windows computers using the RDP protocol.
  First ensure you've disabled the "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)" setting. To do that, first connect to the remote Windows Server 2012 R2 using RDC on a Windows client,
  then go to Server Manager:
  Go to Local Server -> Remote Desktop. Make sure the NLA setting is unchecked:
  Now get CoRD from http://cord.sourceforge.net/
  Add the server, making sure you've got the correct domain name for the Windows login:
  Now you should be able to connect successfully to the remote Windows 2012 R2 server in the cloud.
  On other versions of remote Windows servers you may also have success trying the following with the Microsoft RDC client for Mac:
  Close Remote Desktop Connection for Mac
  Go to: Finder -> Documents -> RDC Connections
  Move the Default.rdp file to Trash
  Open RDC again and connect to the server.
  When the Enter your credentials window pops up, the Domain field is populated with the DNS name of the host, which isn't necessarily the correct domain name. Try the correct domain name or try clearing this field.
  Just supply the correct username and password. Click OK.
  Warm Regards;
  Prasant

• Still can't connect to WiFi on iOS 6 iPhone 4S?

  I have read all the workarounds for convincing iPhone 4S updated to iOS 6 to connect to my wireless network and it still will not connect. I've used it in other places with no issues (networks with no security) but I can't connect to my home wireless network (Airport Extreme). My other devices connect fine and there were no issues before upgrading but I have tried restarting the Airport anyway and changing the security settings and still nothing. Half the time when I go into WiFi settings on the phone, the network doesn't even show up in the list. Whenever it does, I try to connect and either get "Cannot connect to network," or I am asked for the password and I enter it and I get the same error message. I've tried resetting my network settings and doing a soft reset of the phone but nothing seems to help. I also tried removing security on the wireless network completely and it still can't find the network or connect to it.
  Has anyone found a workaround for this short of reseting/restoring the phone or a problem with the Airport Extreme that might be causing the issue?

  Update: I tried restoring the Airport Extreme to factory settings and used a new network name. It connects at first, but then loses the connection after a minute or two and the network disappears from the list...infuriating.

• Unable to connect via RDP 5.2 when multiple RDP-TCP connection setup with NLA disable

  Hi All,
  Need help urgently, I had setup a multiple RDP-TCP connection for separate RDP connection with different IP.
  Problem I face after setting up multiple RDP-TCP connection, the old version of RDP 5.2 non longer working even with NLA disable. RDP 6 and above no problem connecting to the RDP session.
  Error message on RDP 5.2 shown as:
  "Because of security error, the client could not connect to the remote computer. Verify that you are logged on the network, and then try connection again."

  Hi,
  Please try the steps in the article below and see how it works.
  Because of a security error, the client could not connect to the Terminal Server
  http://support.microsoft.com/kb/329896
  Thanks.
  Jeremy Wu
  TechNet Community Support

• I've been having an issue of connecting to wifi. I have restored and set up my phone as a new one and i still can't connect. Also i have restored my network setting also. The wifi button is still grey and i cant switch it on or off.

  I've been having an issue of connecting to wifi. I have restored and set up my phone as a new one and i still can't connect. Also i have restored my network setting also. The wifi button is still grey and i cant switch it on or off.

  Hi _Pchay,
  Accordign to the artcle below, it looks like you have done all the troubleshooting steps and your next step may be to contact Apple Support. 
  iOS: Wi-Fi settings grayed out or dim
  -Griff W. 

• TS2446 I just got my Ipad and I can not download apps.  I get a message saying my Apple ID has been disabled.  I have reset my password, I can access itunes and icloud but still can not download apps.  Can someone please tell me how to get my ID activated

  I just got my Ipad and I can not download apps.  I get a message saying my Apple ID has been disabled.  I have reset my password, I can access itunes and icloud but still can not download apps.  Can someone please tell me how to get my ID activated?  TY

  Depending on why it's been disabled you might be able to re-enable it via this page : http://appleid.apple.com, then 'reset your password'
  Or you might need to contact Apple : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page
  If it then works on your computer's iTunes but not your phone/iPad then try logging out of your account on the phone/iPad by tapping on your id in Settings > Store (Settings > iTunes & App Stores on iOS 6) and then log back in and see if that 'refreshes' the account on it

• HT1688 My iphone 3GS is showing no service your network is restriced you can choose a different network in settings ive tried a restore and upgrading software/downgrading still no fix just no service searching...

  My iphone 3GS is showing no service your network is restriced you can choose a different network in settings ive tried a restore and upgrading software/downgrading still no fix just no service searching...
  I have no idea why this has happend ive been using the phone for 2years bought it on pay as you go and now all of a sudden its stating the above error i have never come across this problem before and currently im using 3GS and Iphone 4S

  Sounds like it's been blacklisted.
  Even if it hasn't, downgrading voids any warranty and forfeits all rights to support. You hacked your phone. You can't get help here.