Remote Desktop NLA
Users report an error stated below on domain-connected systems when they try to remotely access computer systems. This happens even when Network Level Authentication (or NLA) is enabled on the computer. There are simple workarounds present to resolve this issue. Either you can disable the option directly using properties or you can make some changes to the registry and try restarting the system. Show Or this can also happen: The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support.Note: Before following these solutions, it is essential that you back up your data and make a copy of your registry beforehand. Make sure there are no ongoing tasks on both the computer before carrying on. Solution 1: Disabling NLA using PropertiesNetwork Level Authentication is good. It provides extra security and helps you, as a network administrator control who can log into which system by just checking one single box. If you choose this, make sure that your RDP client has been updated and the target is domain authenticated. You should also be able to see a domain controller. We will go through the Remote Desktop Setting route and keep things simple at the start. If this doesnt work, we have also covered other solutions after this one.
Solution 2: Disabling NLA using RegistryThis method also works if you are unable to execute the first one because of some reason. However, do note that this will require you to restart your computer completely and may mean some downtime if you have a production server running. Make sure you save all your work and commit if anything is still left in the staging environment.
HKLM >SYSTEM > CurrentControlSet > Control >Terminal Server > WinStations > RDP-Tcp
Solution 3: Disabling using PowerShellOne of my favorite methods to disable NLA without getting into much specifics is disabling it using the PowerShell command remotely. PowerShell allows you to tap into the remote computer and after targeting the machine, we can execute the commands to disable the NLA.
Here the Target-Machine-Name is the name of the machine you are targeting. In the example above, the name of the server is member-server. Solution 4: Using Group Policy EditorAnother way to disable the NLA is using the group policy editor. This is useful if you are blanket disabling. Do note that Group Policy Editor is a powerful tool and changing values which you have no idea of can render your computer useless. Make sure you backup all the values before proceeding.
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
Note: If even after all these steps you are unable to connect, you can try removing the machine from your domain and then reading it. This will reinitialize all the configurations and get it right for you. |