KB ID 0001375
Seen when attempting to connect to a remote machine via Remote Desktop;
The remote computer that you are trying to connect to requires network level authentication (NLA), but your windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the remote tab of the System properties dialog box.
Well the clue is in the error massage, RDP is enabled but it requires NLA authentication. e.g. This box has been selected.
Now, if you want NLA thats fine, make sure your RDP client has been updated, and you, and the target are domain authenticated, and can see a domain controller. But what if that computer is on a remote site, and you need to get on it? Or it’s in the server room downstairs and you’re lazy like me!
Well the simplest way to get on is to use a LOCAL account on that machine, (if you know the username and password for a LOCAL account,) like so;
Disable NLA Remotely (via Registry)
The drawback of this method is it usually requires a reboot (which we can do remotely, but if it’s a production server that will mean some downtime).
Open Regedit > File > Connect Network Registry > Search for and select your target machine > OK.
Locate the following two values, and set them to 0 (zero)
Give it a try now, but I found I needed to reboot the target first, using the ‘restart-computer’ PowerShell Commandlet.
Disable NLA Remotely (via PowerShell)
I prefer this method as it works instantly, and can be reversed just as quick! Open an administrative PowerShell command window. Execute the following two commands;
$TargetMachine = “Target-Machine-Name“
(Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -ComputerName $TargetMachine -Filter “TerminalName=’RDP-tcp'”).SetUserAuthenticationRequired(0)
Disable NLA Remote Desktop Requirement Through Group Policy
If you want to ‘blanket disable’ NLA then group policy is the way to go;
Locate the ‘Require user authentication for remote connections by using Network Level Authentication’ and set it to disabled.
Related Articles, References, Credits, or External Links