The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

You are get below error message while try to remote desktop to another Windows domain server.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

The remote computer that you are trying to connect to requires network level authentication (NLA), but your windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the remote tab of the System Properties dialog box.

You can use one of the below methods to solve the NLA issue.

Method 1

Go to Documents and delete the Default.rdp (you can select Hidden items). Once done, try to RDP again.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

Method 2

If you have the administrator access on the remote server, please use the following steps.

Open the Windows System Properties (from Windows search, type sysdm.cpl). Go to Remote tab, check the “Allow remote connections to this computer” and unchecked “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)“.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

Method 3

Use below PowerShell command,

$TargetMachine = "REMOTE-SERVER" (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $TargetMachine -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)

Note: “REMOTE-SERVER” is the target server for RDP.

If you cannot connect through Remote Desktop Connection to another computer because "The remote computer requires Network Level Authentication (NLA)", continue reading below to fix the problem.

Problem in Details: Unable to connect to remote computer using Remote Desktop Connection with error "The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box".

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

How to FIX: The remote computer requires Network Level Authentication (NLA) error in RDP. *

* Note: The following methods can be applied to Windows Server 2019, 2016 & Windows 10 Pro.

Method 1. Disable Network Level Authentication (NLA) in Remote settings.

(Apply the below steps on the remote computer or server, to which you want to connect)

1. Open Explorer, right-click on This PC icon and select Properties.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

2. Open Remote settings.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

3. Uncheck the option Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended) and click OK

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

4. Try to connect to the remote computer through RDP.

Method 2. Disable Network Level Authentication (NLA) Requirement in Registry.

(Apply the below steps on the remote computer to which you want to connect)

1. Press Windows

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller
+ R keys to open the run command box.
2. Type regedit  and press Enter.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

3. In Registry Editor navigate to the following key:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

4. At the right-pane double-click at UserAuthentication REG_DWORD value.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

5. Set the Value Data to 0 and click OK.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

Method 3: Disable Network Level Authentication (NLA) in Group Policy.

(Apply the below steps on the remote computer to which you want to connect)

1. Open the Group Policy Editor. To do that:

1. Press simultaneously the Windows

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller
+ R keys to open the run command box.
2. Type gpedit.msc & press Enter to open the Group Policy Editor.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

3. At the left pane navigate to:

  • Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security

4. At the right-pane, open the "Require user authentication for remote connections by using Network Level Authentication" policy.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

5. Select Disabled and click OK. *

* Important: Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

That's all folks! Did it work for you?
Please leave a comment in the comment section below or even better: like and share this blog post in the social networks to help spread the word about this problem.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

KB ID 0001375

Problem

Seen when attempting to connect to a remote machine via Remote Desktop;

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

The remote computer that you are trying to connect to requires network level authentication (NLA), but your windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the remote tab of the System properties dialog box.

Also See: Windows RDP: ‘An authentication error has occurred’

Solution

Well the clue is in the error massage, RDP is enabled but it requires NLA authentication. e.g. This box has been selected.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

Now, if you want NLA that’s fine, make sure your RDP client has been updated, and you, and the target, are domain authenticated, and can see a domain controller. But what if that computer is on a remote site, and you need to get on it? Or it’s in the server room downstairs and you’re lazy like me!

Well the simplest way to get on is to use a LOCAL account on that machine, (if you know the username and password for a LOCAL account,) like so;

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

WARNING/DISCLAIMER

This article was written at a time when clients may not have had up to date RDP clients that supported NLA, that’s no longer the case (If you are in a sole Windows environment, and you are updating your clients). Simply disabling NLA is NOT a solution. I’m really getting tired of people posting comments saying ‘This is a bad article’ and ‘I don’t understand’. Well how about you have 500 linux based thin clients that use RDP software that does not support NLA? Before posting a criticism please take some time to work in, and support a few different environments guys. And appreciate that you are here because you couldn’t fix it yourself, so you clicked on the link to come here, to read information that I’m providing for free, in my own time, to help you out.

Disable NLA Remotely (via Registry) 

Read above disclaimer before proceeding

The drawback of this method is it usually requires a reboot (which we can do remotely, but if it’s a production server that will mean some downtime).

Open Regedit > File > Connect Network Registry > Search for and select your target machine > OK.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

Navigate to;

HKLM  > SYSTEM > CurrentControlSet > Control  >Terminal Server > WinStations > RDP-Tcp

Locate the following two values, and set them to 0 (zero)

  • SecurityLayer
  • UserAuthentication

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

Give it a try now, but I found I needed to reboot the target first, using the ‘restart-computer’ PowerShell Commandlet.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

Disable NLA Remotely (via PowerShell)

Read above disclaimer before proceeding

I prefer this method as it works instantly, and can be reversed just as quick! Open an administrative PowerShell command window. Execute the following two commands;

$TargetMachine = “Target-Machine-Name

(Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -ComputerName $TargetMachine -Filter “TerminalName=’RDP-tcp'”).SetUserAuthenticationRequired(0)

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

Disable NLA Remote Desktop Requirement Through Group Policy

Read above disclaimer before proceeding

If you want to ‘blanket disable’ NLA then group policy is the way to go;

Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

Locate the ‘Require user authentication for remote connections by using Network Level Authentication’ and set it to disabled.

The remote computer, you are trying to connect to requires NLA, but your Windows domain controller

Then Force a Domain Group Policy Refresh,

NA