Share via

Unable to Login to Server Via RDP After Enabling Network Level Authentication

Seun Ore 80 Reputation points
2024-09-09T15:25:56.81+00:00

Hello Azure team,
I attempted to prevent man-in-the-middle-attack by enabling network level authentication in my server (more like a bastion host). This server is accessible via Microsoft Remote Desktop on MacBook. My accounts and those of my colleagues are on Azure AD. So this is AD joined accounts (azureAD\username@example.com plus password on RDP). The moment this is enabled, logins were disabled with error:

We couldn't connect to the remote PC because your credentials did not work. The remote machine is AAD joined. If you are using your work account you must disable Network Level Authentication on the remote machine. If you are using a local account, verify your username and password.

Error code: 0x3107

Our staff are on Azure AD. How can I enable NLA and still allow staff access this server via microsoft remote desktop with their work email account?

Thank you!

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,728 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Karlie Weng 18,271 Reputation points Microsoft Vendor
    2024-09-11T07:42:49.2066667+00:00

    Hello,

    This design does not permit it. If you enable Network Level Authentication (NLA), your client needs to pass your credentials to Azure Active Directory (AAD). Disabling NLA means that your endpoint would handle the credential passing instead. So, the issue might be that your client cannot transmit your credentials to AAD. You might want to try joining your client to AAD to see if that resolves the issue.

    If the Answer is helpful, please click "Accept Answer" and upvote it.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.