none
Remote desktop - "The Local Security Authority cannot be contacted"

    Question

  • So I keep getting this error but I'm not sure why.  Both machines are running Win 7 Ultimate using the Network Authentication Layer option for added security.  I have exceptions in the firewall for remote desktop and yet it will not work.

    Does someone know why?  Is there something I need to do in local security to get this enabled?
    Saturday, August 01, 2009 9:56 PM

Answers

All replies

  • I'm having the same problem.  I'm trying to connect to my Vista machine from my Win7 machine.  If I log into the Vista machine once locally, then I'm able to connect from the Win7 Machine. 
    Tuesday, August 11, 2009 2:19 PM
  • So I keep getting this error but I'm not sure why.  Both machines are running Win 7 Ultimate using the Network Authentication Layer option for added security.  I have exceptions in the firewall for remote desktop and yet it will not work.

    Does someone know why?  Is there something I need to do in local security to get this enabled?
    Maybe this forum post helps: http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/981a30b8-0e46-49f9-a13f-095b124328fd

    Lukas
    Wednesday, October 14, 2009 8:38 AM
  • Check that the account does not have an expired password, and that the account itself is not expired. In my case, the account password had expired, causing this error.

    As soon as I changed the password, the error was no longer present.
    • Proposed as answer by DavidRa Sunday, November 15, 2009 3:36 AM
    Sunday, November 15, 2009 3:36 AM
  • I had the same issue connecting to a machine that was part of a domain. The password of the domain account I was trying to connect was not expired.

    What worked for me eventually was removing the computer from the domain logged in as a local admin (by changing it back to a workgroup), and then re-join the domain. [I did the join workgroup, re-join domain without a restart, and only did a restart at the end].

    After that I was able to login via RDP using the domain account again. ;)

    Thursday, May 13, 2010 9:57 AM
  • That may work for one pc but I have many that are having this problem as I rollout Windows 7.  Has anyone actually found a fix for this problem?

    Tuesday, May 18, 2010 5:50 PM
  • I'm having this problem as well. Or at least one related. I have a single physical server (not on domain), about 8 virtual servers all on a domain (including the domain controller), about 8 physical client machines (all on domain) and another 4 or so virtual machines (running "client OS" over remote desktop). Everything is Server2KR2 or Win7Ultimate. One of my physical Win7 machines and one of my virtual Win7 machines are somehow "different" in that if one attempts from either of them to connect via remote desktop to any of the other Win7 machines in the house (the second machine can be P or V) using an account that is not an administrator on the second machine I get the "Local security authority cannot be contacted" error. The account with which I've logged onto the first machine (admin or not on first machine, admin or not on second machine) doesn't appear to make a difference.
    Tuesday, June 15, 2010 3:26 AM
  • I also have the "An authentication error has occurred. The Local Security Authority cannot be contacted" issue. I'm not very technical and I could not follow the info at the link in the above post marked "Answer."

     

    In looking at the other possible remedies, I don't think a password is required on my account - if a password were required, would that mean I would have to use password every time I start Windows? And how do I know if my PC is part of a domain?

     

    As a non-technical person, I hesitated to infiltrate a technical forum, but I have been trying everywhere to find a remedy for this issue so I would be very grateful for anyone's help.

    • Proposed as answer by Jaysam Thanki Wednesday, November 28, 2012 6:05 AM
    Monday, July 05, 2010 8:08 PM
  • I had this issue pop up on my 2008 R2 server after importing group policy settings to the Default Domain Controller Policy

    Basically it seems to have something to do with security rights. 

    The parts edited were under computer policy "User Rights Assignments" or "Security Options"

    I'm not sure the exact one, but I'm guessing it has to do with logging in remotely. 

     

    • Proposed as answer by Osman A Wednesday, July 21, 2010 12:23 PM
    Tuesday, July 20, 2010 9:36 PM
  • Hello everybody!

     

    Yesterday I spent my time on solving this issue. Thankfully I solved it. Now with great pleasure I would like to share with you.

     

    First:

    Go to System - Remote setting (in the left pane of the window) - under Remote Desktop select Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) and click OK.

    Then you will set a password for you account, this is a required procedure. To set password go to: Start - type User Accounts select Create a password . I recommend to make a strong password because your computer now allow remote connections.

    Next, unblock the Remote Desktop in your Firewall. Open your firewall (depending which security software is installed on your computer) find Remote Desktop and set it to By application rule or Allow .

     

    OK, first preparation step is ready.

     

    Now, let's go to second final step.

     

    Run Remote Desktop Connection .

    In the Experience tab select your connection speed. Go back to General tab, in the Computer: type the full name of a remote computer to which you going connect, and then click Connect button. (You can view a computer full name in System properties under Computer name, domain, and workgroup settings. )

    Then the new window will pop-up (Windows Security) here you must enter you credentials.

    Please READ further instructions carefully.

    In the new (Windows Security) window select Use another account , then type the User name and Password OF your remote computer and click OK button. Probably then you will receive the Warning message select OK or Allow.

    Wait a little bit and then you will see you Remote Desktop.

    That's it.

     

    I hope this instructions will help you to solve Your problems of Remote Desktop setup.

     

    So, Good Luck to You!

     

    Best regards,

    Osman.

     


    Wednesday, July 21, 2010 1:15 PM
  • I was getting the "The Local Security Authority cannot be contacted" when connecting from XP to a Windows 7 machine. I had updated the Remote Desktop client software through KB 969084. Don't make this update if you need to access win2000 systems as they are not supported.

    I have the firewall turned off for testing purposes, so that wasnt the issue. I applied the CSSP Fix under XP(listed in the KB) and rebooted the XP system, though that may not have been necessary.

    It turns out I had almost everything correct.

    After reading Osman's solution above, I connected to the remote system though an alternate remote connection method, and added a password to the account.

    There should be a note added that the destination account must have a password for RDP to work under Windows 7.

    Once the password was added I was able to connect using the Enhanced Security with no errors.

    Monday, February 14, 2011 3:42 PM
  • Are you on a domain network? If so, I had this error. Found out someone else had changed the DNS servers to OpenDNS and not the IP of the AD/DNS server. Problem fixed!

    Saturday, February 19, 2011 1:03 PM
  • This might also happen when the remote user account is brand new. I had to logon to the server locally and make the mandatory first-login password change before it worked with RDP.
    • Proposed as answer by Radu Dorneanu Tuesday, May 01, 2012 3:18 PM
    Monday, March 07, 2011 3:40 PM
  • I ran into this tonight but was able to solve it.

    symptom:

    From vpn based Windows 7 64-bit (Laptop/remote).  I attempted to login to Windows 7 32-bit desktop (Office) using a specific domain account intended for the office computer only.

    An Authentication error has occurred.  The Local Security Authority cannot be contacted.  Remote computer: Office

    Solution:

    Use a domain account that does not have a "Log onTo..." specified in the Account settings. Alternately add both Laptop/remote and Office to the domain user account intended for the office computer only. 

     

     

    • Proposed as answer by lavee45 Thursday, May 31, 2012 8:45 PM
    Wednesday, March 23, 2011 12:58 AM
  • hi

     

    im having same issues, i have 2 pc local both windows 7 ultimate. pc1 is not on domain, pc2 was on the domain, uses password which is saved in the rdp.

    from pc1 trying to rdp pc2, was able to do for long time but not recently. tried all kind of tricks,

    i ve installed teamviewer so i can check if really i can connect,so with teamviewr (tv as short) from pc1 to pc2 i can logon.

    as soon i connect with tv from pc1, then i try rdp from pc1 to pc2 and Bingo! it works. i close tv, rdp connection stays. i can rdp again and again AS LONGER I dont switch off pc2!!! if i do,im unable to connect via rdp! 

     

    looks like security issues, but establishing a connection with tv, it removes these issues and then rdp works! (tried every time!)

    need a permanent solution though...

     

     

    thanks.

     

     

     

     

    Friday, March 25, 2011 12:00 AM
  • Sounds to me like Group Policy might be the issue. Team Viewer perhaps changes a security setting in order to work and when you reboot Group Policy resets the security. Try gpupdate /force on the machine once you have it working using your teamviewer workaround to confirm.
    Friday, March 25, 2011 4:43 PM
  • I ran into this issue when i had "do not connect if authentication fails" enabled, which from what i've read tries to connect through TLS, which if you dont have a compatible certificate installed on both ends, gets automatically rejected.

     

    This can also be set in group policy settings, which i believe overrides the RDP setting.

    Friday, March 25, 2011 4:58 PM
  • I encountered this trying to RDP into a new Windows 7 install.  The destination computer is a laptop.  It turns out that I just have to do the initial log in from the laptop itself, then subsequent attempts to RDP into it work fine.  It's a minor inconvenience now and I can deal with it since the laptop is always a few feet away.
    Thursday, June 30, 2011 5:05 AM
  • Add the Remote Desktop Users group to the group policy setting Access This Computer From the Network.

    By default only Administrators are allowed this right. If you are using the Network Level Authentication option then the Remote Desktop Users group must have this right for logon to work.


    • Edited by GNCA Wednesday, April 25, 2012 6:53 PM
    Wednesday, April 25, 2012 6:48 PM
  • Just remove the machine from Domain and remove the system name from AD computer list after all you just restart the system then add the system again in the domain.

    Thursday, May 17, 2012 7:25 AM
  • Hi AndyD77,

    Please go to AD and check the particular computer account is enabled or disabled. Most probably it is disabled, so please enable that computer account. 

    Tuesday, June 19, 2012 10:02 AM
  • Here is another solution, looks like this issue is caused by different scenarios, in my case I was still able to logon with my Domain Admin account to a locked down machine(with very tight Domain Security Policies), the issue started happening on another account that was a local admin on the machine but I had flagged that account on the domain to prompt for a password change on the next logon, my guess is due to the security policies applied to this specific machine, the Security Authority was being blocked from properly communicating with the Domain Controller and it could not initiate the password change procedure and it was returning that error. All I had to do was uncheck the "User must change password on next logon" checkbox in the domain account and then it allowed me to logon with it.

    Again this might be in my case, but in other cases it could be due to different configurations, I personally believe that for the most part this issue is due to security policies being applied to the machine, if you are not sure if that is the case and have tried all these solutions, you can always try to restore the machine security policies to the default state.

    Hope this helps.

    • Proposed as answer by BlackHawk816 Thursday, June 28, 2012 5:47 PM
    Thursday, June 28, 2012 5:46 PM
  • For what it is worth I was having this issue with a Windows 7 SP1 x64 machine RDPing to a Window Server 2008 R2 SP1 Datacentre. I could logon locally, but not with a domain account.

    The domain account was not locked, RDP was set to use Network Level Authentication, routing was set correctly, etc.

    The issue was related to the cached account on the server. As soon as I deleted the cached credentials I could login without issue.

    Monday, July 09, 2012 5:00 PM
  • Exactly. Thanks a bunch! In my case I used Core Configurator 2.0 on Server Core 2008 R2. I did not intend to change any DNS settings, maybe it's a bug in Core Configurator. Anyways: if you try to log on to a domain joined machine and get this error, make sure the DNS settings on that machine point to an Active Directory server.
    Friday, July 20, 2012 8:18 PM
  • We just needed to set "Allow connections from computers running any version of Remote Desktop (less secure)"... instead of the NLA option.
    Monday, July 23, 2012 5:27 AM
  • That is a workaround, but NLA is normally fine until this problem pops up.
    Monday, July 23, 2012 5:36 AM
  • Well, the solution for my issue was to reset the user account password eventhough it is not expiring. This seems to be the work around so far.

    /* Server Support Specialist */

    Friday, September 07, 2012 12:52 AM
  • Make sure you can ping the FQDN.  I had this issue and was unable to ping DevDomainSrv.Dev.Local, but I could ping DevDomainSrv.  When I took a look at the network adapter properties, the DNS setting was set to obtain automatically.  I set it so the primary DNS was the DNS domain server for my dev domain, and the secondar DNS server was external to my dev domain.  Once I did this, it worked like a champ.

    Good Luck

    • Proposed as answer by Mark Dykun Thursday, April 04, 2013 3:05 PM
    Thursday, October 11, 2012 2:58 PM
  • I had this problem on a Windows 8 RTM installation in a domain environment. A domain user was able to log on locally but not through Remote desktop. Another domain user was able to logon both locally and through Remote desktop. Computer has Network Authentication Layer (NLA) enabled. I turn of NLA, and both users can logon Remote desktop.

    The first user had a "Allow only logon to these workstations" setting on the user object in the domain. Even if the computer name was added to the list, in a Remote desktop scenario it would not allow logon.

    So I changed the user object in the domain and allowed the user to logon to any computer. Now he's able to logon using Remote Desktop, even with NLA turned on.

    Guess it's a bug in Windows 8 RTM.

    Regards,
    Krug

    • Proposed as answer by Kruger44 Friday, October 19, 2012 5:56 PM
    Friday, October 19, 2012 5:55 PM
  • Hi Guys,

    I got the same issue when I do a remote desktop to Server 2012 Hyper-V Core, 

    I reset the password - It didn't work for me.

    I rebooted after reset the password - It didn't work

    I disabled the remote desktop after reset the password and enabled - It didn't work

    It worked for me when I reassign the internal DNS server IPs where I put the static host record in the local DNS servers manually.

    I had to create dns records manually for this hyper-v core as it is not added to domain. Previously I had the public DNS for network interface as I wanted to do the updates only.

    Hope it may help to anyone.


    • Edited by Karan.T Thursday, March 28, 2013 9:29 AM
    Thursday, March 28, 2013 9:29 AM
  • I had this same problem.  2 accounts.  Both could log in locally only one could RDP.  The one that could not was station restricted.  Turned off NLA and then it could log right in. 
    Wednesday, June 05, 2013 3:29 PM
  • I fixed it with running the command "ipconfig /flushdns" in the CMD.exe on the server.
    Tuesday, June 11, 2013 11:11 AM
  • try find the solution here

    http://support.microsoft.com/kb/2493594

    Tuesday, June 18, 2013 7:49 AM
  • What Language packs do you have installed?

    An authentication error has occurred. The Local Security Authority cannot be contacted

    Pete


    Regards Pete Long http://www.petenetlive.com

    Friday, June 28, 2013 9:08 AM
  • It worked for me. You could write {machinename}\{localusername} in user name bracket instead.
    Wednesday, August 07, 2013 10:11 PM
  • @Smarcell: You sir, are a savior.  Thank you!  Can't believe a bug like this passed right under MS's nose.
    • Edited by naashkyr Thursday, August 08, 2013 1:31 PM
    Thursday, August 08, 2013 1:30 PM
  • I got this error when I was decommishioning some old domain controllers, the server I was trying to connect to had a static IP set with static DNS server entries.  Once the last DNS server was powered off I could no longer connect.  Updated the DNS server entries and was able to log on.
    Friday, September 20, 2013 1:00 PM
  • This did it for me after a good few hours of research.  Thanks very much!
    Saturday, October 05, 2013 4:31 PM
  • Unjoin, then re-Join the server to the domain.

    The server even will show "joined to the domain" (if you look in computer/properties), BUT, for some reason, mine was not completely joined. Go figure. I think it's a feature (LOL) ... BUT, note that my server previously existed in the domain, and I was giving a new physical box that same name; i.e. moving Server1 to new hardware, AND I never really :) cleanly removed the previous server. I guess you can call it an "unclean join" and, even though no errors were evident, well, you get the picture - stuff wasn't working. So, double-check, especially if you have remote DCs over slow links, the domain might not have had time to "catch up" all the AD/DNS info regarding whatever new box you are putting in.

    Tried it 5 minutes ago and it worked.

    So, YES, multiple things can cause this error and, NO, switching to a lower security setting (Allowing connections from ANY RDP) is not the real solution.

    Old thread, but still valid.

    Please remember to Mark as Answer if I helped resolve your issue. Thanks.


    tnjman

    Wednesday, October 30, 2013 10:14 PM
  • GREAT ANSWER!!!!
    Saturday, November 02, 2013 10:47 PM
  • I created this same error message by renaming an account.   I created the account originally just for remote access and immediately did not like the name I picked so I renamed it.

      I attempted to access the remote machine via the updated account for the very first time and the error appeared. 

    To correct the issue, I accessed the server [win server 2008]

    Right clicked computer off the start menu and chose "Properties" to Access the "System"

    Clicked "Remote Settings" then "Remote" Tab

    Clicked button for "Select User" and attempted to confirm the account I was trying to use had permission.  It was then I discovered that the account still had the original name. 

    To confirm this was the issue, I was able to gain remote access using the original account name

    Friday, January 17, 2014 3:03 PM
  • I had the same problem in my domain home lab, even i restarted the server I wanted to RDP.

    What i did is to shutdown all my servers, including domain controller.

    I started the domain controller. I waited until it was reachable and all services were up.

    Then i started the server with rdp problems, giving it some time too to start properly

    Problem fixed.

    I hope you don't need to reboot your DC, but at least, I wanted to give the tip that, in my case, the problem was in the domain controller side.

     


    Sys Admin

    Friday, July 04, 2014 4:24 PM
  • Radu,

    Thanks for this comment which helped me solve my problem.  My user was logging onto their pc with their normal credentials and then using different credentials to RDP to a server.  This was not an issue until I forced stronger authentication by configuring "Allow connections only from computers running Remote Desktop with Network Level Authentication..." on the server they were trying to RDP to.  This occurred even though the user's pc was Windows 7.As soon as I set the higher security setting they could no longer RDP. 

    To solve the problem I had the user log onto their pc using the same credentials that they would later use to RDP to the server.  Once they did that they could RDP to the server, regardless of the credentials used to log on to their pc.

    Andrew

    Tuesday, July 15, 2014 11:10 PM