While working on domain-controlled systems, upon trying to remotely access computers, users have reported the following error:
“The remote computer that you are trying to connect to requires network level authentication (NLA), but your windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the remote tab of the System Properties dialog box.”
Cause
The crux of the error suggests that the domain controller cannot be contacted, thus network level authentication cannot be performed. The error has been reported even when Network Level Authentication was enabled.
Our strategy towards dealing with the issue would be to totally disable Network Level Authentication. While the NLA provides extra security, we perhaps have no choice here.
Solution 1] – Delete Default.rdp file
1. Go to My documents and if you find a file named Default.rdp , just delete it. Try again.
If it does not work , Remove the machine from the domain then add it again. Now, check if the problem persists.
Solution 2] Disable NLA using Properties
1] Press Win + R to open the Run window and type the command sysdm.cpl. Press Enter to open the System Properties window.
2] In the Remote tab, uncheck the option for “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended).”
3] Click on Apply and then OK to save the settings.
Solution 3] Disable NLA using Registry
If the above method does not work, we can disable NLA from the Registry itself.
1] Press Win + R to open the Run window and type the command regedit. Press Enter to open the Registry Editor.
2] Select File and then click on Connect Network Registry.
Connect to the network Device by entering details.Wait till the network connects.
3] Navigate to the following path:
- HKLM
- SYSTEM
- CurrentControlSet
- Control
- Terminal Server
- WinStations
- RDP-Tcp
4] Change the values of the entries SecurityLayer and UserAuthentication to 0.
5] Close the Registry Editor.
6] Restart the system.
Solution 4] Disable NLA using Powershell
1] Press Win + R to open the Run window and type the command PowerShell. Press Enter to open the Powershell window.
2] Copy-paste the following command in Powershell:
$TargetMachine = “Target-Machine-Name”
Hit Enter and then enter command below.
(Get-WmiObject -class Win32_TSGeneralSetting -Namespace root\cimv2\terminalservices -ComputerName $ComputerName -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
3] Press Enter to execute the command and restart the system once done.
Hope it helps!
Adrian Bennett says
One of our users that use rdp to monitor some machines have had this error today.
Tried disconnecting from the domain and the re-connecting. no difference.
I could have took the easy way and disabling NLA but this isn’t a fix.
What did work is disabling the wifi adapter the re-enabling.
Tone says
What fixed it for me was to modify the RDP client by clicking Show Options (to the left of the Connect button) then on the General tab adding the domain username I wanted to connect as. The username format I used was DOMAIN\user. This allowed me to continue using NLM which was my preferred option.
gdask says
@michael rife, so you are seeing this issue too and turning off and on nla fixes it as a temp. my question is do the workstations you are trying to rdp to, are they ok on the domain and can see the DC? are you sure there is no issue with the actual DC itself. This is such a cryptic odd error message. I agree that turning it on and off etc fixes it, any chance a recent windows 10 update has messed something up on the workstation you are trying to rdp into?
Michael Rife says
Problem not solved, it’s just a cheap insecure band-aid. Try again.
I am battling this problem on numerous domain computers. So far I have not found a solution but have found that if you disable and then re-enable the requirement that it temporarily solves the problem. Unfortunately days or weeks later the problem resumes.
Henry says
Looks like it’s solved to me. The goal is to get the user connected to the network and shutting off the pc’s NLA requirement accomplished that goal. Remember the error is “The remote “computer” that you are trying to connect to requires network level authentication”. It doesn’t say the remote network requires it.
Bob says
You’ve just turned it off rather then solve the issue.
Jo says
ditto to Lucas
Lucas says
Solved? You call this “solve” the problem? You are just avoiding it…