Share via

Remote Desktop Connection works however it does not ask for Authentication

Anonymous
2025-01-02T20:21:12+00:00

We have the following scenario.

1.Windows Server 2022 Domain Controller with NPS configured

2.Windows Server 2022 Configure as an RDP Server configured to accept Remote Desktop Connections.

Remote Desktop works except it does not ask for Authentication.

2FA is with Microsoft Authenticator.

Microsoft Support has looked at it and configured it following the documentation.

It does not ask for Authentication.

There is no Radius Traffic.

Is this a problem with the firewall and ports.

Your assistance is very much appreciated.

Regards,

Guido

Windows for business | Windows Server | User experience | Remote desktop services and terminal services

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-01-03T16:00:04+00:00

    Hello,

    Depending on your description, you need to enable authentication when connecting remotely, you can try the following:

    1. Enable RDP authentication by editing the registry or using Group Policy. In the registry, you can navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP and set the value of 'SecurityLayer' to '1' (for TLS or negotiation) and 'UserAuthentication' to '1' (indicates that authentication is required).

    Alternatively, you can open the Group Policy Editor on the connected side, navigate to: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security, and double-click to open "Require user authentication for remote connections by using Network Level Authentication" ,and enable the policy.

    Then, navigate to: Computer Configuration> Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security, double-click to turn on Remote (RDP) Connection Requires Specified Security Layer, set it to Enabled, set the security layer to SSL, restart the machine and try to connect remotely.

    1. On NPS, you need to create a network policy that will require users to provide authentication when they connect to Remote Desktop. This involves configuring the RADIUS client and network policies so that authentication is triggered when a user attempts an RDP connection.
    2. In order to use 2FA, you need to configure Azure AD Premium on your domain controllers, as it provides conditional access and multi-factor authentication (MFA) capabilities. You can set MFA in the Azure portal and select the applications and services that require MFA, including Remote Desktop Services. Ensure that the user is registered with the Microsoft Authenticator app and is able to receive and verify push notifications or verification codes.
    3. Users need to install the Microsoft Authenticator app on their device and associate it with their account. That way, when they try to connect via RDP, they'll be prompted to use the Authenticator app to complete the second-factor authentication.

    I hope this information helps.

    Best regards,

    Jingjing Wu

    0 comments