Can't RDP after enable NLA

Question

RDP connection works after disable NLA but doesn't work after enable NLA. we would like to do RDP from Source server to Destination Server by enable NLA. Kindly advise.

Source Server: Windows Server 2016

Destination Server: Windows Server 2016

Answer 1

Hi @Lingampalli, Sandeep Kumar Reddy ,

the reason for the issue might be different TLS settings on source and destination server.

Maybe these links are helpful:
https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/cannot-connect-rdp-azure-vm#troubleshoot-standalone-vms
https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/cannot-connect-rdp-azure-vm#tls-version

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

Answer 2

Thank you for the reply @Andreas Baumgarten
TLS enable are of same version in Source and Destination.
Source and destination Server's are located in different network and are in Workgroup.
Any suggestions please.

Answer 3

Hi @Lingampalli, Sandeep Kumar Reddy ,

Please check the Security Layer setting on your destination server. Make sure it was not set as "RDP Security Layer".
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require use of specific security layer for remote (RDP) connections
https://techcommunity.microsoft.com/t5/ask-the-performance-team/ws2008-network-level-authentication-and-encryption/ba-p/372797

Since your servers are in Workgroup environment, please also check the NTLＭ level. Make sure both source and destination servers have the same level that above 3.

HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level#possible-values

Best regards,

----------

Please click "Accept Answer" and upvote it if you find the answer is helpful. Thanks.