Remote desktop authentication fails from one client, but not from another

Question

We have a physical PC in our office installed with a few applications. From few days, I m having issue to remote it long with 2 more users, but it works fine for other users. They can log in without any issue, but for us, it says invalid credentials even though it is correct one.

Edition : Windows 11 Business

Version : 25H2

I have already gone through a few troubleshooting steps available on Google, but it is not helping at all.

Answer 1

This issue usually happens due to cached credentials or authentication mismatch on specific client machines, not because of incorrect passwords. Clearing saved RDP credentials from Credential Manager on the affected client and reconnecting using the correct username format (COMPUTERNAME\username or .\username) resolves the issue in most cases. In some situations, Network Level Authentication (NLA) mismatch between client and host can also cause this problem, so temporarily disabling NLA on the remote PC helps confirm it. Since other users can log in successfully, the issue is client-side rather than server-side.

Answer 2

Hello,

The fact that some users can connect via Remote Desktop without issue while others consistently receive invalid credentials despite using the correct username and password points to a permissions or authentication scope problem rather than a generic RDP failure. On Windows 11 Business 25H2, Remote Desktop authentication is controlled by both local group membership and policy.

Start by checking whether the affected accounts are members of the Remote Desktop Users group on the target PC. Open lusrmgr.msc, navigate to Groups, and confirm that the usernames are listed under Remote Desktop Users. If they are not, add them and retry. Even if the accounts are local administrators, RDP requires explicit membership in that group unless overridden by policy.

Next, verify the authentication method. If the machine is joined to Azure AD or a domain, the login format must match the expected UPN or domain\username syntax. For example, ******@domain.com versus DOMAIN\user. If you are entering only the short username, Windows may reject it depending on how the account is scoped.

Also check the local security policy under secpol.msc > Local Policies > User Rights Assignment. The policy Allow log on through Remote Desktop Services must include the affected users or groups. If it only lists Administrators, non‑admin accounts will be blocked.

If the accounts are correct and policies are aligned, clear cached credentials on the client side. Run cmdkey /list and remove any stored entries with cmdkey /delete:<target>. Cached mismatched credentials can cause repeated invalid login errors even when the password is correct.

Finally, confirm that Network Level Authentication (NLA) is not causing the rejection. In System Properties > Remote Desktop, temporarily disable “Allow connections only from computers running Remote Desktop with NLA” and test. If login succeeds, the issue is with credential delegation or certificate trust, and you will need to adjust NLA settings accordingly.

In short, the problem is not with the password itself but with group membership, login format, or policy enforcement. Align those settings and the affected users should be able to connect again.

I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

Domic Vo