While working on domain-controlled systems, upon trying to remotely access computers, users have reported the following error:
“The remote computer that you are trying to connect to requires network level authentication (NLA), but your windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the remote tab of the System Properties dialog box.”
The crux of the error suggests that the domain controller cannot be contacted, thus network level authentication cannot be performed. The error has been reported even when Network Level Authentication was enabled.
Our strategy towards dealing with the issue would be to totally disable Network Level Authentication. While the NLA provides extra security, we perhaps have no choice here.
Solution 1] – Delete Default.rdp file
1. Go to My documents and if you find a file named Default.rdp , just delete it. Try again.
If it does not work , Remove the machine from the domain then add it again. Now, check if the problem persists.
Solution 2] Disable NLA using Properties
1] Press Win + R to open the Run window and type the command sysdm.cpl. Press Enter to open the System Properties window.
2] In the Remote tab, uncheck the option for “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended).”
3] Click on Apply and then OK to save the settings.
Solution 3] Disable NLA using Registry
If the above method does not work, we can disable NLA from the Registry itself.
1] Press Win + R to open the Run window and type the command regedit. Press Enter to open the Registry Editor.
2] Select File and then click on Connect Network Registry.
Connect to the network Device by entering details.Wait till the network connects.
3] Navigate to the following path:
- Terminal Server
4] Change the values of the entries SecurityLayer and UserAuthentication to 0.
5] Close the Registry Editor.
6] Restart the system.
Solution 4] Disable NLA using Powershell
1] Press Win + R to open the Run window and type the command PowerShell. Press Enter to open the Powershell window.
2] Copy-paste the following command in Powershell:
$TargetMachine = “Target-Machine-Name”
Hit Enter and then enter command below.
(Get-WmiObject -class Win32_TSGeneralSetting -Namespace root\cimv2\terminalservices -ComputerName $ComputerName -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
3] Press Enter to execute the command and restart the system once done.
Hope it helps!