One fine day, suddenly I wasn’t able to RDP into one of our Windows 2012 R2 server, there were repeated authentication prompt, as if I am providing incorrect password. I asked some one else and he was able to RDP fine into the server. I tried remoting into another Windows 2008R2 server in same subnet and was able to do just fine.
The only thing different from usual I was doing, was that today I was using my Mac OS X with its Microsoft Remote Desktop client Version 8.0.9 (Build 25073). So it looks like there was something which wasn’t specifically not letting me RDP.
After some research I figured that Windows 2012 has another level of protection enabled by default when we enable remote desktop, which is Network Level Authentication (NLA).
Few words about Network Level Authentication
Network Level Authentication is an authentication method that can be used to enhance RD Session Host server security by requiring that the user be authenticated to the RD Session Host server before a session is created.
Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears. This is a more secure authentication method that can help protect the remote computer from malicious users and malicious software.
Network Level Authentication (NLA) Requirement
The client computer must be using an operating system, such as Windows 7, Windows Vista, or Windows XP with Service Pack 3, that supports the Credential Security Support Provider (CredSSP) protocol.
More About NLA Here
How to Fix it
Fortunately the solution to my problem was quite Simple, which is disable the added protection of NLA on the server , here is how
- Login to the Windows 2012 R2 server with an Admin account
- Open command prompt as with elevated priviliges i.e. right click Run as Admin
- Type Start Sysdm.cpl and hit enter, you should have system properties, probably can also open it from control Panel
- Click on remote tab and uncheck the last box on the Page “Allow Connections only from computers running Remote Desktop with Network Level Authentication (Recommended)” , refer the image below
If this doesnt fix your issue and you need urgent support, feel free to reach our paid support here , Else Happy Googling 🙂
Latest posts by Shishir Chandrawat (see all)
- Exchange 2010 Std: Mailbox server has reached the maximum database limit of 5 Error RcrExceedDbLimitException - December 12, 2016
- Exchange 2010: Unable to add Mailbox Database copies on DAG member servers, Error: An error occurred while processing a request on server - December 12, 2016
- Unable to Mount Microsoft Exchange DAG Database, Error: Failed to determine the mount status of the active database copy - December 12, 2016