Problem
You attempt to use Remote Desktop to log into a domain controller but the attempt fails with the following message:
An authentication error has occurred.
The specified network password is not correct.
Attempting to log in via the console is not an option.
Solution
The workaround to successfully RDP to this domain controller is to disable the Allow connections only form computers running Remote Desktop with Network Level Authentication (recommended) in the RDP settings:
If console access is available, try to log in via direct console access and disable the configuration. For situations where the domain controller is hosted in cloud providers such as Azure, console access will not an option. In scenarios where console access is not available, one of the potential workarounds is to use the Registry Editor to remotely connect to the domain controller and disable this setting via the registry.
Launch the Registry Editor, select the File tab and choose Connect Network Registry:
Enter the remote domain controller’s name:
The connection should succeed:
Navigate to the following registry path:
dc2\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Locate the REG_DWORD named UserAuthentication and change the value from 1 (enabled) to 0 (disabled):
Changing this registry key should now have the NLA configuration disabled as such:
You should now be able to log into the domain controller:
Proceed to review the event logs of the domain controller and correct any health issues.
No comments:
Post a Comment