You are get below error message while try to remote desktop to another Windows domain server.
The remote computer that you are trying to connect to requires network level authentication (NLA), but your windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the remote tab of the System Properties dialog box.
You can use one of the below methods to solve the NLA issue.
Method 1
Go to Documents and delete the Default.rdp (you can select Hidden items). Once done, try to RDP again.
Method 2
If you have the administrator access on the remote server, please use the following steps.
Open the Windows System Properties (from Windows search, type sysdm.cpl). Go to Remote tab, check the “Allow remote connections to this computer” and unchecked “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)“.
Method 3
Use below PowerShell command,
$TargetMachine = "REMOTE-SERVER" (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $TargetMachine -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
Note: “REMOTE-SERVER” is the target server for RDP.
If you cannot connect through Remote Desktop Connection to another computer because "The remote computer requires Network Level Authentication (NLA)", continue reading below to fix the problem.
Problem in Details: Unable to connect to remote computer using Remote Desktop Connection with error "The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box".
How to FIX: The remote computer requires Network Level Authentication (NLA) error in RDP. *
* Note: The following methods can be applied to Windows Server 2019, 2016 & Windows 10 Pro.
Method 1. Disable Network Level Authentication (NLA) in Remote settings.
(Apply the below steps on the remote computer or server, to which you want to connect)
1. Open Explorer, right-click on This PC icon and select Properties.
2. Open Remote settings.
3. Uncheck the option Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended) and click OK
4. Try to connect to the remote computer through RDP.
Method 2. Disable Network Level Authentication (NLA) Requirement in Registry.
(Apply the below steps on the remote computer to which you want to connect)
1. Press Windows
2. Type regedit and press Enter.
3. In Registry Editor navigate to the following key:
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
4. At the right-pane double-click at UserAuthentication REG_DWORD value.
5. Set the Value Data to 0 and click OK.
Method 3: Disable Network Level Authentication (NLA) in Group Policy.
(Apply the below steps on the remote computer to which you want to connect)
1. Open the Group Policy Editor. To do that:
1. Press simultaneously the Windows
+ R keys to open the run command box.
2. Type gpedit.msc & press Enter to open the Group Policy Editor.
3. At the left pane navigate to:
- Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
4. At the right-pane, open the "Require user authentication for remote connections by using Network Level Authentication" policy.
5. Select Disabled and click OK. *
* Important: Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.
That's all folks! Did it work for you?
Please leave a comment in the comment section below or even better: like and share this blog post in the social networks to help spread the word about this problem.
If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us.
KB ID 0001375 Seen when attempting to connect to a remote machine via Remote Desktop;Problem
The remote computer that you are trying to connect to requires network level authentication (NLA), but your windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the remote tab of the System properties dialog box.
Also See: Windows RDP: ‘An authentication error has occurred’
Solution
Well the clue is in the error massage, RDP is enabled but it requires NLA authentication. e.g. This box has been selected.
Now, if you want NLA that’s fine, make sure your RDP client has been updated, and you, and the target, are domain authenticated, and can see a domain controller. But what if that computer is on a remote site, and you need to get on it? Or it’s in the server room downstairs and you’re lazy like me!
Well the simplest way to get on is to use a LOCAL account on that machine, (if you know the username and password for a LOCAL account,) like so;
WARNING/DISCLAIMER
This article was written at a time when clients may not have had up to date RDP clients that supported NLA, that’s no longer the case (If you are in a sole Windows environment, and you are updating your clients). Simply disabling NLA is NOT a solution. I’m really getting tired of people posting comments saying ‘This is a bad article’ and ‘I don’t understand’. Well how about you have 500 linux based thin clients that use RDP software that does not support NLA? Before posting a criticism please take some time to work in, and support a few different environments guys. And appreciate that you are here because you couldn’t fix it yourself, so you clicked on the link to come here, to read information that I’m providing for free, in my own time, to help you out.
Disable NLA Remotely (via Registry)
Read above disclaimer before proceeding
The drawback of this method is it usually requires a reboot (which we can do remotely, but if it’s a production server that will mean some downtime).
Open Regedit > File > Connect Network Registry > Search for and select your target machine > OK.
Navigate to;
HKLM > SYSTEM > CurrentControlSet > Control >Terminal Server > WinStations > RDP-Tcp
Locate the following two values, and set them to 0 (zero)
- SecurityLayer
- UserAuthentication
Give it a try now, but I found I needed to reboot the target first, using the ‘restart-computer’ PowerShell Commandlet.
Disable NLA Remotely (via PowerShell)
Read above disclaimer before proceeding
I prefer this method as it works instantly, and can be reversed just as quick! Open an administrative PowerShell command window. Execute the following two commands;
$TargetMachine = “Target-Machine-Name“
(Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -ComputerName $TargetMachine -Filter “TerminalName=’RDP-tcp'”).SetUserAuthenticationRequired(0)
Disable NLA Remote Desktop Requirement Through Group Policy
Read above disclaimer before proceeding
If you want to ‘blanket disable’ NLA then group policy is the way to go;
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
Locate the ‘Require user authentication for remote connections by using Network Level Authentication’ and set it to disabled.
Then Force a Domain Group Policy Refresh,
Related Articles, References, Credits, or External Links
NA