One fine day, suddenly I wasn’t able to RDP into one of our Windows 2012 R2 server, there were repeated authentication prompt, as if I am providing incorrect password.  I asked some one else and he was able to RDP fine into the server. I tried remoting into another Windows 2008R2 server in same subnet and was able to do just fine.

Reauthentication prompt to Mac RDP client

Reauthentication prompt to Mac RDP client

The only thing different from usual I was doing, was that today I was using my Mac OS X with its Microsoft Remote Desktop client Version 8.0.9 (Build 25073). So it looks like there was something which wasn’t specifically not letting me RDP.

After some research I figured that Windows 2012 has another level of protection enabled by default when we enable remote desktop, which is Network Level Authentication (NLA).

Few words about  Network Level Authentication

Network Level Authentication is an authentication method that can be used to enhance RD Session Host server security by requiring that the user be authenticated to the RD Session Host server before a session is created.

Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears. This is a more secure authentication method that can help protect the remote computer from malicious users and malicious software.

 Network Level Authentication (NLA) Requirement

The client computer must be using an operating system, such as Windows 7, Windows Vista, or Windows XP with Service Pack 3, that supports the Credential Security Support Provider (CredSSP) protocol.

More About NLA Here

How to Fix it 

Fortunately the solution to my problem was quite Simple, which is disable the added protection of NLA on the server , here is how

  1. Login to the Windows 2012 R2 server with an Admin account
  2. Open command prompt as with elevated priviliges  i.e. right click Run as Admin
  3. Type Start Sysdm.cpl and hit enter, you should have system properties, probably can also open it from control Panel
  4. Click on remote tab and uncheck the last box on the Page “Allow Connections only from computers running Remote Desktop with Network Level Authentication (Recommended)” , refer the image below
Disable Network Level Authentication Server 2012 R2

Disable Network Level Authentication Server 2012 R2

If this doesnt fix your issue and you need urgent support, feel free to reach our paid support here , Else Happy Googling 🙂

The following two tabs change content below.
An automobile enthusiast at heart and computer geek by profession, started my Career with MS in 2005.Left Jobs and started Pledge Technologies (the parent company to Grishbi) back in 2009.We have been providing IT consulting to various Small and Medium businesses across US and UK since then.Our company specialises in Microsoft Server technologies like AD, Exchange, the rest and with numerous Office 365 migrations under our belt, we quite an expert with that too. Whatever we learn in our day to day life, we share it back on Grishbi as a Thank for all the love and support our customers have given us.
%d bloggers like this: