The Local Security Authority cannot be contacted - Azure VM RDP Connection Error

Similar Messages

• 2008 r2 RDP SSL NLA problem "Local Security Authority cannot be contacted"

  Hi!
  I have run into an issue with RDP settings for 2008 R2 servers (all of them) whenever I enable NLA. That happens on user accounts that do NOT enforce password expiration (and so passwords are not expired) and MSTSC supporting NLA (client computers are win7
  or win8).
  In fact those same clients can use NLA just fine for connections to other win7/win8 workstations (domain members) using NLA, no probs!
  SSL certificates are automatically issued by enterprise CA. All computers/servers have current and valid Computer certificates.
  For some strange reason, I cannot enable NLA on RDP settings for any of 2008 R2 servers (various roles, ranging from physical DC running multiple roles, through dedicated virtual DC or dedicated virtual Print Servers up to dedicated Remote Desktop Services
  host), because all of them at once stop accepting RDP connections, always with same error message:
  An authentication error has occurred.
  The Local Security Authority cannot be contacted
  Remote computer: server.domain.local
  This could be due to an expired password.
  Please update your password if it has expired.
  For assistance, contact your administrator or technical support.
  That same message also appears on DC (2008 R2) running the enterprise CA role ... irony ...
  Please keep in mind that domain member computers running windows 7 x64 or windows 8.1 x64 can accept NLA enabled and SSL encrypted RDP traffic at same time without issues while using the same user accounts to connect.
  To make it even funnier, I can set RDP on 2008 R2 acting as Remote Desktop Services server to accept only SSL RDP traffic and keep NLA disabled and all works just fine. So, it is strictly the NLA causing trouble here, but why? WS 2008 R2 unable to use Kerberos
  authentication for RDP?
  WS 2012 R2 can accept NLA/SSL RDP connections without trouble, just as win7/win8 workstations can, so issue is narrowed down to only 2008 R2 servers (physical or virtual).
  Is there a hotfix for this problem on 2008 R2? sounds to me like it is a bug in 2008 r2 regarding Kerberos authentication for RDP... is MS ever planning to fix it or we have to upgrade all servers to 2012R2 to "fix it" ...

  In case this is of use to anyone, I traced this issue down to some group policy settings restricting the use of NTLM. If you're connecting to a server from a Windows client within the same domain, this won't be an issue, as Kerberos is used for authentication.
  However, when connecting from a machine outside the domain, or from a non Windows client (e.g. Wyse ThinOS terminal as we were), it seems NTLM is used for authentication.
  Since we have quite a secure environment setup, the following group policy had been set throughout the domain:
  Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  Network security: Restrict NTLM: Incoming NTLM traffic - Deny all domain accounts
  Network security: Restrict NTLM: NTLM authentication in this domain
  - Deny for domain accounts to domain servers
  What was needed was to apply a new policy to the RDS servers being connected to from outside the domain with the following settings and so that the new GPO took precedence over the standard GPO applying the above:
  Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  Network security: Restrict NTLM: Incoming NTLM traffic - Allow all
  Network security: Restrict NTLM: NTLM authentication in this domain - Disable
  In addition, the domain controller policy had to be updated with these settings:
  Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication -
  Enabled with either all RDS servers listed, or use a wildcard name which will capture all RDS servers
  Network security: Restrict NTLM: Add server exceptions in this domain - Enabled with either all RDS servers listed, or use a wildcard name which will capture all RDS servers
  Took me a while to figure this one, so hopefully it will help someone somewhere :)

• Allow anonymous SID/Name translation - Setting via registry instead of the Local Security Policy (or GPO)

  I have a Windows 2008 R2 server and I am building a script to set a bunch of security settings via the registry.
  I am stuck on one.
  I am trying to set: Network Access - Allow anonymous SID/Name translation to 'Disabled' via the registry, I know this can be done through the local security policy or via a GPO but that is not what I am interested in. I want to do it making
  changes to the registry.
  I found some people saying this can be done at:
  HKLM\System\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock
  However, when I browse to the registry this TurnOffAnonymousBlock registry key does not exist. Even if I set the policy to enabled or disabled manually in the local security policy. The key doesn't exist. This leads me to believe this is not the correct
  registry key that controls this setting.
  Can anyone shed light what the appropriate key is in the registry?

  Hi,
  As others mentioned, we can change the value of registry key “HKLM\System\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock”
  to set Network Access - Allow anonymous SID/Name translation to ‘Disabled’.
  In your case, this registry key does not exist.
  Please try to add this registry key to your Windows 2008 R2 server, then find out if this registry key could solve your issue.
  Here are some links below could be helpful to you:
  Configure a Registry Item
  http://technet.microsoft.com/en-us/library/cc753092.aspx
  You may not be able to connect to an instance of SQL Server by using an anonymous login
  http://support.microsoft.com/kb/839569
  I hope this helps!
  Best Regards,
  Amy Wang

• Cannot Start Microsoft Outlook. Cannot open the Outlook Window. The set fo folders cannot be opened. You must connect to Microsoft Exchange with the current profil

  Cannot Start Microsoft Outlook. Cannot open the Outlook Window. The set fo folders cannot be opened. You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data file (.ost)
  OK. This is a new outlook setup on a laptop. The mail account is on a MS Exchange Server 2010. The user can log on to their laptop no problem with their AD login and password. To setup the outlook profile we have checked the name OK. When we click finish
  and try to start outlook we get the above error message. It is driving me pots as I have tried also of things. I have tried to connect without catching the files. The error message then says that the Exchange Server is down, yet we checked the name OK and
  I can log on to the MS Exchange server and see the setup.
  What else is it that I need to look at as I have tried everything. I will add that they one service I see not running is the Exchange RPC service. If I try to start it, it fails saying Some services stop automatically if they are not in use by other services
  or programs.
  What can I do?

  The major cause of this problem is a corrupted Navigation Pane settings file – profilename.xml, where “profilename” is the name of your Outlook profile. A good sign that the
  file is corrupted is when the size of the file is shown 0 KB. No one knows the precise reason why this takes place, but all versions of Outlook from 2003 to 2013 may get affected.
  Other causes may be when you run Outlook in the compatibility mode, or if you are using a profile generated in an older Outlook version, or if the Outlook data file (.pst or .ost)
  was removed or damaged as the result of faulty uninstallation or reinstallation of MS Outlook.
  Follow the steps given below to resolve this problem
  1. Recover Navigation Pane configuration file
  2. Repair your Outlook PST file using Inbox Repair tool
  3. Create a new Outlook profil and import data from the old PST file
  4. Turn off Compatibility Mode
  5. Start Outlook in Safe Mode
  For more info, you can visit http://www.ablebits.com/office-addins-blog/2013/12/06/cannot-start-microsoft-outlook-solutions/

• The Web Dynpro component cannot be generated due to serious (syntax) errors

  Hi everybody,
  While I was developing a web dynpro application, I had an error but I couldn't understand this error. Before I took this error message, only I changed bound one context node to another context node in a RadioButtonGroupByKey.Therefore, when I pushed activate button, I took an error message.This error message said "The Web Dynpro component cannot be generated due to serious (syntax) errors". What does it mean ? How can I find out where is the error in the application. Also, I think the reason of this error message is about a BC problem. I am waiting for your comment urgently.

  Hi ,
  Just delete the context (by using the context binding) and bind the field with the correct node and try to activate .
  One more suggestion is that after deleting the binding and before binding to other node check it that whether that binding was properly deleted or not.Some times its not deleting the binding.
  Hopely my suggestion may work.
  Regards,
  Satya

• HT1483 I get a message "The Itunes server could not be contacted, check your internet connection" when trying to check for Ipod Nano software updates. I have a 1st generation Nano and haven't updated the software for a while. My internet connection is wor

  I get a message "The Itunes server could not be contacted, check your internet connection" when trying to check for Ipod Nano software updates. I have a 1st generation Nano and haven't updated the software for a while. My internet connection is working. Was thre a change in the internet address for NANO software updates? Do I have to reconfigure something in Itunes to point to the correct address?

  What version of iTunes are you using?  The latest is 10.6.3. In iTunes, choose Help -> About iTunes to check the version number. If it's lower than 10.6.3, download the latest version from here.
  B-rock

• Messages can't communicate with the account "AIM." Cannot log in to AIM. General error. Try again

  Hi,
  For the first time today, I've been having problems connecting to AIM using Messages. I get the "Messages can't communicate with the account "AIM." Cannot log in to AIM. General error. Try again." error. I looked at the forums here and I tried deleting my account, restarting my computer, reinstalling the account but to no avail. I've been using messages and mountain lion for a few weeks and never had a problem with connecting to AIM until now. Any help is greatly appreciated!

  uncheck SSL in server settings....done deal.  Funny part is I was having the same problem...went to genius bar...they couldnt figure it out...told me to call apple support.  Did that...they told me to re install software after an hour of trying to figure it out...that didnt work either.
  amazing the info you can get thru forums.!

• The iTunes Library file cannot be saved. An unknown occurred (error -54).

  I just opened my iTunes and keep getting this message: The iTunes Library file cannot be saved. An unknown occurred (error -54). I have an iPad 3 and an iPhone 5 but they are in a different room. Under "Devices" in iTunes, I see them both. I also have an iPod which I usually hardwire to sync (and charge.) It is not plugged in at the moment. Does anyone know what error -54 means? Or how I might resolve this? Thanks.

  It sounds as if the issue has to do with these other devices.  iTunes has an "eject" button that should always be used when removing i-devices from iTunes.
  So it sounds like you should start by "ejecting" the two devices that you (erroneously) currently see.  If you don't easily find an eject button for each, simply control click on the device's name (each of them) and you should see an eject option there.
  Then you might try restarting your Mac.

• The Windows Installer does not permit installation from a RDP connection.

  Hello!
  Today when was installing Exchange 2013SP1 onto one of my virtual machines I got the following error:
  This error has suprised me in a lot of ways: 1) it was my 10th, or 20th or ... installation of Exchange on to the same test VM and this error has never arised before, 2) it's rather tardy error as Step1 and Step2 completed successfully in spite of
  "The Windows Installer does not permit installation from a RDP connection." 3) I was using
  Virtual machine connection - not RDP connection!
  Thank you in advance,
  Michael

  Hello!
  Today when was installing Exchange 2013SP1 onto one of my virtual machines I got the following error:
  This error has suprised me in a lot of ways: 1) it was my 10th, or 20th or ... installation of Exchange on to the same test VM and this error has never arised before, 2) it's rather tardy error as Step1 and Step2 completed successfully in spite of
  "The Windows Installer does not permit installation from a RDP connection." 3) I was using
  Virtual machine connection - not RDP connection!
  Thank you in advance,
  Michael
  It looks like the installation files are being shared over a terminal services connection (based on what you are saying, I'm guessing you're using Hyper-v and it's using TS to present the files).  I always run into mixed results when I run installs from
  a path not local to the server.  Can you copy the install paths locally and rerun setup?
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

• Troubleshooting "computer is offline.....or the clock on your computer us set incorrectly causing a connection error..."

  I cannot seem to sign in because my "computer if offline...or the clock on your computer us set incorrectly causing a connection error..." Neither is true. How do I fix this?

  spunoney
  What version of Premiere Elements and on what computer operating system is it running?
  Premiere Elements 12 by any chance?
  Please review what I ran into in this regard and what the solution turned out to be for me.
  ATR Premiere Elements Troubleshooting: PE12: Sign In Failure (Connect to Internet or Fix Computer Clock)
  We will be watching for your results even if version other than 12 is involved.
  Thank you.
  ATR

• Just installed Premiere Elements, tring to register I'm getting this message:Either your computer is offline or the clock on your computer is set incorrectly, causing a connection error. An Internet connection is required. Please connect to the Internet o

  Just installed Premiere Elements, tring to register I'm getting this message:Either your computer is offline or the clock on your computer is set incorrectly, causing a connection error. An Internet connection is required. Please connect to the Internet or adjust your clock and try again.". Have tried all suggested steps, no problem registering PSE  one month ago. Win 7 system. Is there a solution?

  Laurenceb70597335 you can find details regarding the activation process at Activation & Deactivation Help.  This includes details on how to activate and deactivate Premiere Elements.

• I cannot get into iCloud, it sites connection error. I am online otherwise. My username and password check out. Anyone else with a similar problem?

  I Cannot getinto iCloud, it sites connection error. I am online otherwise. My username and password check out. Anyone else with this problem?

  SUCCESS! I was trying to get in with Internet Explorer, and getting the error message.
  I switched over to FireFox, and connected immediately!

• When restoring or updating any iPod touch: "...the software update server cannot be contacted."

  When I try to update or restore any iPod touch on my MacBook (year 2007, 10.6.8, iTunes 11.0.4), it puts the iPod into recovery mode and gives an error: "The iPod "iPod" cannot be restored at this time because the iPod software update server could not be contacted or is temporarily unavailable."  This happens after it extracts the software and says "Verifying update with Apple."  Also, the first time I try an update, it gives error code 3004, but it still puts me in recovery mode and when I try restoring it from that it gives the error I posted above.

  Update Server
  Try:
  - Powering off and then back on your router.
  - iTunes for Windows: iTunes cannot contact the iPhone, iPad, or iPod software update server
  - Change the DNS to either Google's or Open DNS servers
  Public DNS — Google Developers
  OpenDNS IP Addresses
  - Try on another computer/network
  - Wait if it is an Apple problem

• I can see my laptop on the local network, but cannot connect to it

  I run my MacBook Pro on a couple of different local networks, at work and at home. When on another computer on the network, I can see the MacBook in the Shared section of the Finder, but when I try to connect to it, it just hangs. An external party who used to be able to connect to my computer for troubleshooting our business software (using a program called Timbuktu) can no longer connect to my laptop either. When on the MacBook however, I can see and connect to other Shared computers without a problem. I have File Sharing enabled. Is there a security preference I am missing somewhere?
  Thanks!
    MacBook Pro,  Intel Core 2 Duo  2.4 GHz Mac OS X 10.5.8

  Can you provide us with a screen grab of the folder so we can see the current structure.

• Infiniti G37 and the iPhone. Pairs, cannot transfer contacts.

  I have a great new phone, and a great new car. Too bad I have no way to transfer my Contacts from the iPhone to the car. Here's why:
  The Infiniti system (software by Zenrin) expects the phone to initiate a transfer. In older phones, such as the Sony Ericcson, this could be accomplished by selecting the contact(s) to transfer, and select 'send via bluetooth'.
  Alas, the iPhone doesn't allow you to beam/send/initiate the transfer of Contacts Or can it?
  Suggestions welcome. And if the iPhone developers are reading these forums, I'd love to see this feature implemented in a future Update

  I'm new to this forum/discussion, but came to it because my new iPhone lost it's connection to the handsfree phone in my 2007 G35 Sedan - it worked fine for a few weeks and then, today...couldn't "find" the phone". I deleted the initial pairing and then tried to re-pair them...no luck! Endless searching. The service guy at the dealer successfully paired his Motorola, so I knew it wasn't the car. The story from that dealership is that there's a problem with iPhones and the Infiniti BT connection. However I found this on the Infiniti website: (http://www.infiniti.com/bluetooth): YES to pairing and basic phone usage (varies a bit w/ or w/o navigation)and NO to transfer of phonebook (as deggie says). NOW, I just have to figure out what happened to my phone/car connection! Could the low battery have been the problem? If so, maybe a car charger would help prevent this in the future?