Remote Desktop Connection: An authentication error has occurred. The Local Security Authority cannot be contacted


  • Hi All,

    I have 2 servers active directory using windows server 2012.
    After install windows update, I got issue, cannot using RDP with error :

    An authentication error has occurred.
    The Local Security Authority cannot be contacted
    Remote computer:IP Addrees Sever
    This could be due to an expired password
    Please update your password if it has expired.

    While I'm using hostname, theres no error and i can remote server smothly. Anyone can help me?



    • Edited by HariseRo Monday, December 5, 2016 10:29 AM
    Monday, December 5, 2016 10:29 AM

All replies

  • Hi

     First check NLA disabled on this server and also verifty dns resolution to make sure.

    Check with nslookup command.

    Otherwise check these related articles;

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by BaoNgoc74 Saturday, June 24, 2017 2:09 AM
    Monday, December 5, 2016 10:50 AM
  • HariseRo,

    What account are you using to authenticate? It says the LSA cannot be contacted. When you authenticate, are you logging in with a local account or a domain account? If you have a local account with a login name the same as a domain account's SAM account name, you could be trying to log in with a local account of the same name but passing credentials for the domain account.

    For instance, if you have a local account on server server1 named userA and you have a domain account named userA on domain, when you log in using RDP, specify either contoso\userA or server1\userA to prevent confusion.

    Also, per Burak's advice, check that Network Level Authentication (NLA) is disabled and that DNS has the proper name for your server.

    Ron Arestia, MCSE Server Infrastructure & Cloud Platform and Infrastructure

    Monday, December 5, 2016 3:24 PM
  • Hi Ron and Burak,

    Thanks, but still not working.

    I use domain account, while i remote with IP and hostname, I always use domain account and all user with domain account cannot login while RDP using IP Address but its work while I use RDP with the hostname. And the NLA is enable. When I try nslookup, the DNS used right pointing.

    In my AD, its not install the IIS Manager. So, I can try this option :

    Any Idea?



    Tuesday, December 6, 2016 4:11 AM
  • And the NLA is enable >>> Check this article to configure NLA,

    Oterwise you should check any related error log's from event viewer menu..

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, December 6, 2016 7:00 AM
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Friday, December 9, 2016 5:51 AM
  • I'm having this issue on Windows10 1703 Enterprise after upgrading from 1607. 

    I've tried everything on TN.

    The ONLY thing that helped was wiping out the following DIR:


    That worked! However, IIS stopped working, and I"m not sure which application uses which key, so I had to restore that DIR, and of course, RDC stopped working again. 

    VERY frustrating. 

    ------ Sean J Vreeland Seattle, WA

    Saturday, June 24, 2017 2:07 AM
  • For anyone following up, the March 2018 Security update can also cause this error;

    Windows RDP: ‘An authentication error has occurred’


    Regards Pete Long

    Tuesday, May 15, 2018 8:04 AM
  • It's 2018 and I just had this exact error message and this is the only post that has helped in any specific way. I've spent hours trying to track this down and finally got the cause and fix.

    The problem in my case was that the computer had a system clock/time issue and thought it was 2011 for about 30 minutes, and while it thought it was 2011 it created a self-signed certificate for remote desktop.

    In the System log you can see: "A new self signed certificate to be used for Terminal Server authentication on SSL connections was generated. The name on this certificate is "Computer". The SHA1 hash of the certificate is in the event data."

    The log TerminalServices-LocalSessionManager was most helpful as it helped me narrow down when there was last a working Remote Desktop Session, and then I noticed after that the logs show the computer with time 12/31/2011. Back in the System log the above error existed at that 2011 time.

    The fix was going into the Certificates store (mmc.exe > add-in Certificates), choosing the Remote Desktop Certificates and deleted the one that was there. Restart the Remote Desktop Service and it will remake the certificate at the correct time and allow Remote Desktop connections.

    • Proposed as answer by Shunny Friday, November 9, 2018 10:35 PM
    Friday, November 9, 2018 10:34 PM