Connecting by IP address on NLA enabled servers?

Question

OS: Windows Server 2012 R2

I have two domain joined servers. Both servers have a GPO from the domain controller that enables NLA (Network Level Authentication).

• From laptop A, I'm not able to connect with RDP to server A on IP address (the IP address is correct). Connecting by hostname is no problem.
• From laptop A, I am able to connect with RDP to server B both on IP address and hostname.

I was always under the impression that connecting to NLA enabled servers with RDP is only possible by hostname and not by ip address but somehow I am able to connect to server B on IP address. I have checked gpresult and the NLA GPO is applied on server B.

How come I am able to connect by ip address to server B? Is my assumption on connecting by IP address on NLA enabled servers wrong?

Answer 1

Hi,

Thank you for posting in Q&A!

In regards to your issue, I have tested in my environment that NLA enabled servers can be connected through both IP and hostname if configured correctlly. Please refer to the following link:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)

So the server A is actually with some problems, can you please provide with some specific error messages when connecting serverA with IP address?

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Thanks for your response and your testing. You are right indeed, I temporarily disabled NLA and got the same result. The error message I'm getting is:

I'm connecting with a Domain Admin account and the IP is a 100% correct. No issues at all when I connect on hostname instead of IP. Must be some policy or setting somewhere which I forgot.