Fixing login problems with Remote Desktop Services
If you have having issues logging into a Windows Server with Remote Desktop Services, below are some things to try. For example, some users have seen an error like this when trying to login “Remote Desktop Connection: An authentication error has occurred. The Local Security Authority cannot be contacted”.
- First, check if your issue is affecting all users or just one account – can the administrator login?
- Does user have correct permissions to access the server via RDP – are they are member of the Remote Desktop Users group in User Permissions?
- Does the Firewall allow RDP connections? What port is used? Is a VPN connection required?
- Login as computername\username (i.e. SERVER1\jdoe) instead if just typing jdoe at the RDP login prompt. (this seems to be required if using the MAC RDP client). Computername is the name given to the server, which you can see under computer properties
- If only affecting one user, try to reset the users’s password and uncheck the box by “change password at next logon”. In 2008 R2, login as administrator, open server manager (which may open automatically), expand tree on left side to get to users and groups, select users, right click on user name and say “set password” to reset password, then go in properties of user and uncheck change at next logon. In 2012 R2, click on start button, type “computer management” which will open and expand tree on left side to get to users and groups as noted above.
- Do not use the “user much change password at next logon” button in user properties. Various comments and posts online indicate that changes in the windows authentication process in recent OS versions don’t allow expired users to change their password via RDP once it expires when Network Level Authentication or Credential Security Support Provider (CredSSP) is enabled. This is only an issue trying to force users to change their password on a RDP session – it works fine from a console session if you are local to the machine. We have a separate blog post on this but try to uncheck this box by “user must change password at next logon” if it is currently checked. Remember to always create complex, strong passwords! (Users can manually change their password upon logon by pressing control-alt-end and following the change password prompts).
- Reboot the server
- Turn off Network Level Authentication temporarily and see if that allows the user to login. Some older Remote Desktop Clients don’t support NLA as well as MAC clients may not.