310 questions
Reposting link to solutions already tried.
Remote Desktop Server farm is unavailable over DirectAccess (single/multisite) - Microsoft Support
How to resolve 'An authentication error occurred. Token is invalid' for Windows 11 users on RemoteApp via Direct Access?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Subject: Windows 11 RemoteApp Connection Issue with Direct Access
We are encountering an issue with Windows 11 users attempting to connect to our Remote Desktop Session Host (RDSH) server via RemoteApp through Direct Access.
The problem occurs after successful authentication to the Remote Gateway server. However, when users attempt to access RemoteApp applications, they encounter the following error message: "An authentication error has occurred. The token supplied to the function is invalid."
We are actively seeking a resolution to ensure our Windows 11 users can access RemoteApp applications seamlessly through Direct Access.
We kindly request your guidance and assistance in identifying the root cause of this problem and implementing a solution. Any insights, troubleshooting steps, or recommendations you can provide would be greatly appreciated. If there are specific logs or diagnostic information needed to diagnose the issue, please let us know, and we will be happy to provide them.
Thank you for your assistance in resolving this challenge.
We have already tried the following methods and solutions and are still unable to find a solution.
https://support.microsoft.com/en-us/topic/266b6b58-c986-c66a-9fa0-ee96de2f39dd We must have a solution that will work on the current version of windows W11 22h2.
Thank you for your time.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
{count} votes
6 answers
Sort by: Most helpful
-
Anonymous
2023-12-08T16:37:58+00:00 -
Anonymous
2023-12-15T05:40:19+00:00 Haijian,
Thank you for responding to this post. I made the changes you suggested to the local policy on the server and I'm still getting the same error.
Please let me know if you have any other thoughts or configurations we can try to reach a solution to this issue.
-
Anonymous
2023-12-21T03:13:04+00:00 Hello Robbie - Aldridge,
Thank you for your reply.
Have you tried to connect directly to the session host and get the same error, or you can try republishing the Remote App to see if that fixes the problem.
You can also try turning off NLA in session host to see if that fixes the current issue.Here are the steps to disable NLA:
- Open the Control Panel and select "System and Security".
- Select "System" and then click on "Remote settings".
- On the "Remote" tab, check the box that says "Allow remote connections to this computer".
- Click on the "Advanced" tab.
- Under the "Connect" section, uncheck the box that says "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)".
- Click "OK" to save the changes.
Best Regards,
Haijian Shan
-
Anonymous
2023-12-11T14:56:47+00:00
Subject: Windows 11 RemoteApp Connection Issue with Direct AccessWe are encountering an issue with Windows 11 users attempting to connect to our Remote Desktop Session Host (RDSH) server via RemoteApp through Direct Access.
The problem occurs after successful authentication to the Remote Gateway server. However, when users attempt to access RemoteApp applications, they encounter the following error message: "An authentication error has occurred. The token supplied to the function is invalid."
We are actively seeking a resolution to ensure our Windows 11 users can access RemoteApp applications seamlessly through Direct Access.
We kindly request your guidance and assistance in identifying the root cause of this problem and implementing a solution. Any insights, troubleshooting steps, or recommendations you can provide would be greatly appreciated. If there are specific logs or diagnostic information needed to diagnose the issue, please let us know, and we will be happy to provide them.
Thank you for your assistance in resolving this challenge.
We have already tried the following methods and solutions and are still unable to find a solution.
https://support.microsoft.com/en-us/topic/266b6b58-c986-c66a-9fa0-ee96de2f39dd We must have a solution that will work on the current version of windows W11 22h2.
Thank you for your time.
Update...
We upgraded windows 11 to 23H2 and found no change. The issue is still present.
We stopped the service IP Helper on the host computer and we were able to connect to the Remote App. As this may not be a viable solution it may help ascertain the problem. Please let me know if this new information helps to find a solution.
Thank you for your time.
-
Anonymous
2023-12-12T08:06:20+00:00 Hello Robbie - Aldridge,
Thank you for posting in Microsoft Community forum.
Based on the error message you provided, please try the following steps to make modifications:
- Check patch levels
Make sure both the client and server have been fully updated with the latest patches and updates.
- Check corresponding group policy configuration and registry key values.
a. Group policy configuration method: Please navigate to the following policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation;
Find the following setting: "Encryption Oracle Remediation", and configure it as follows:
Enable Encryption Oracle Remediation, and select "Vulnerable" as the protection level.
b. Registry modification method (please backup before modifying) To modify the CredSSP registry of the RDP client, a restart is required for the changes to take effect.
Please open cmd with administrator privileges and run the following command to set it up: reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle /t REG_DWORD /d 2 /f
- If the above steps do not solve the issue, please follow the steps below:
Check the security settings in group policy;
navigate to Computer Configuration -> Windows Configuration -> Security Settings -> Local Policies -> Security Options, and check the following two policies:
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
If this policy is set to "Deny all account", please change it to blank;
Network security: Restrict NTLM: Incoming NTLM traffic
Please set this to "Allow all".
I hope the information above is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards,
Haijian Shan