Windows – Remote Desktop Error ‘An authentication error has occurred. The Local Security Authority cannot be contacted’


KB ID 0000826 Dtd 27/06/13


I saw this while attempting to create a remote desktop connection to a Windows 2012 Server. (Though connecting to Windows 8 will be the same).

RDP Error Local Security Authority

I'd only just set this server up, and knew I'd enabled RDP, and I was attempting to connect as the domain administrator, so at first I was a little perplexed.


If you have direct/local access to the machine you are trying to connect to.

1. Press Windows Key+R > In the run box type sysdm.cpl {enter} > Remote.

RDP Error Local Security Authority

2. Remove the tick from "Allow connections only form computers running Remote Desktop with Network Level Authentication (recommended)".

3. Try again.

If you do not have direct/local access to the machine you are trying to connect to.

1. On YOUR Machine > Windows Key+R > type regedit {Enter} > File > Connect Network Registry > Type in the details for the machine you are trying to connect to > OK.

Connect to remote Registry

2. Navigate to;

{remote-machine-name} > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp

Locate the UserAuthentication value and change it to 1 (one) > OK > Exit the registry editor.

UserAuthentication Registry

3. Try again.

Disable RDP Network Level Authentication via Group Policy

If the destination server is in a remote data centre or remote location, and you cannot access the System Properties, you can turn this option off with group policy, and wait a couple of hours.

1. On a DC > Start > Group Policy Management > Either create a new group policy object and link it to the OU containing the problem machine, or edit and existing one. (Here on my test network I'm going to edit the default domain policy - WARNING this will disable this feature on all machines in a production environment!

2. Navigate to;

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security

3. Locate the 'Require user authentication for remote connections by using Network Level Authentication' policy.

GPO Require RDP Network Level Authentication

4. Set the policy to Disabled > Apply > OK > Close the Group Policy Management Editor.

GPO Disable RDP Network Level Authentication

5. How long before the Group Policy will affect the target machine? Group policies are processed when a machine starts up, after this they are processed again, (only if they have changed), the time period varies (so all clients do not update at the same time). The interval is 90 minutes, with a random offset off 30 minutes. So the maximum time it can possibly take is 2 hours (120 minutes). Note: this is the default setting, it can be manually changed up to (45 Days) 64,800 minutes, (though why would you do such a thing?)

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On