Remote desktop - "The Local Security Authority cannot be contacted" RRS feed

  • Question

  • So I keep getting this error but I'm not sure why.  Both machines are running Win 7 Ultimate using the Network Authentication Layer option for added security.  I have exceptions in the firewall for remote desktop and yet it will not work.

    Does someone know why?  Is there something I need to do in local security to get this enabled?
    Saturday, August 1, 2009 9:56 PM


All replies

  • I'm having the same problem.  I'm trying to connect to my Vista machine from my Win7 machine.  If I log into the Vista machine once locally, then I'm able to connect from the Win7 Machine. 
    • Proposed as answer by Vendenberg Friday, May 22, 2015 6:31 AM
    Tuesday, August 11, 2009 2:19 PM
  • So I keep getting this error but I'm not sure why.  Both machines are running Win 7 Ultimate using the Network Authentication Layer option for added security.  I have exceptions in the firewall for remote desktop and yet it will not work.

    Does someone know why?  Is there something I need to do in local security to get this enabled?
    Maybe this forum post helps: http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/981a30b8-0e46-49f9-a13f-095b124328fd

    Wednesday, October 14, 2009 8:38 AM
  • Check that the account does not have an expired password, and that the account itself is not expired. In my case, the account password had expired, causing this error.

    As soon as I changed the password, the error was no longer present.
    • Proposed as answer by DavidRa Sunday, November 15, 2009 3:36 AM
    Sunday, November 15, 2009 3:36 AM
  • I had the same issue connecting to a machine that was part of a domain. The password of the domain account I was trying to connect was not expired.

    What worked for me eventually was removing the computer from the domain logged in as a local admin (by changing it back to a workgroup), and then re-join the domain. [I did the join workgroup, re-join domain without a restart, and only did a restart at the end].

    After that I was able to login via RDP using the domain account again. ;)

    Thursday, May 13, 2010 9:57 AM
  • That may work for one pc but I have many that are having this problem as I rollout Windows 7.  Has anyone actually found a fix for this problem?

    Tuesday, May 18, 2010 5:50 PM
  • I'm having this problem as well. Or at least one related. I have a single physical server (not on domain), about 8 virtual servers all on a domain (including the domain controller), about 8 physical client machines (all on domain) and another 4 or so virtual machines (running "client OS" over remote desktop). Everything is Server2KR2 or Win7Ultimate. One of my physical Win7 machines and one of my virtual Win7 machines are somehow "different" in that if one attempts from either of them to connect via remote desktop to any of the other Win7 machines in the house (the second machine can be P or V) using an account that is not an administrator on the second machine I get the "Local security authority cannot be contacted" error. The account with which I've logged onto the first machine (admin or not on first machine, admin or not on second machine) doesn't appear to make a difference.
    Tuesday, June 15, 2010 3:26 AM
  • I also have the "An authentication error has occurred. The Local Security Authority cannot be contacted" issue. I'm not very technical and I could not follow the info at the link in the above post marked "Answer."


    In looking at the other possible remedies, I don't think a password is required on my account - if a password were required, would that mean I would have to use password every time I start Windows? And how do I know if my PC is part of a domain?


    As a non-technical person, I hesitated to infiltrate a technical forum, but I have been trying everywhere to find a remedy for this issue so I would be very grateful for anyone's help.

    • Proposed as answer by Jaysam Thanki Wednesday, November 28, 2012 6:05 AM
    Monday, July 5, 2010 8:08 PM
  • I had this issue pop up on my 2008 R2 server after importing group policy settings to the Default Domain Controller Policy

    Basically it seems to have something to do with security rights. 

    The parts edited were under computer policy "User Rights Assignments" or "Security Options"

    I'm not sure the exact one, but I'm guessing it has to do with logging in remotely. 


    • Proposed as answer by Osman A Wednesday, July 21, 2010 12:23 PM
    Tuesday, July 20, 2010 9:36 PM
  • Hello everybody!


    Yesterday I spent my time on solving this issue. Thankfully I solved it. Now with great pleasure I would like to share with you.



    Go to System - Remote setting (in the left pane of the window) - under Remote Desktop select Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) and click OK.

    Then you will set a password for you account, this is a required procedure. To set password go to: Start - type User Accounts select Create a password . I recommend to make a strong password because your computer now allow remote connections.

    Next, unblock the Remote Desktop in your Firewall. Open your firewall (depending which security software is installed on your computer) find Remote Desktop and set it to By application rule or Allow .


    OK, first preparation step is ready.


    Now, let's go to second final step.


    Run Remote Desktop Connection .

    In the Experience tab select your connection speed. Go back to General tab, in the Computer: type the full name of a remote computer to which you going connect, and then click Connect button. (You can view a computer full name in System properties under Computer name, domain, and workgroup settings. )

    Then the new window will pop-up (Windows Security) here you must enter you credentials.

    Please READ further instructions carefully.

    In the new (Windows Security) window select Use another account , then type the User name and Password OF your remote computer and click OK button. Probably then you will receive the Warning message select OK or Allow.

    Wait a little bit and then you will see you Remote Desktop.

    That's it.


    I hope this instructions will help you to solve Your problems of Remote Desktop setup.


    So, Good Luck to You!


    Best regards,



    • Proposed as answer by wrighti Monday, June 6, 2016 4:12 PM
    Wednesday, July 21, 2010 1:15 PM
  • I was getting the "The Local Security Authority cannot be contacted" when connecting from XP to a Windows 7 machine. I had updated the Remote Desktop client software through KB 969084. Don't make this update if you need to access win2000 systems as they are not supported.

    I have the firewall turned off for testing purposes, so that wasnt the issue. I applied the CSSP Fix under XP(listed in the KB) and rebooted the XP system, though that may not have been necessary.

    It turns out I had almost everything correct.

    After reading Osman's solution above, I connected to the remote system though an alternate remote connection method, and added a password to the account.

    There should be a note added that the destination account must have a password for RDP to work under Windows 7.

    Once the password was added I was able to connect using the Enhanced Security with no errors.

    Monday, February 14, 2011 3:42 PM
  • Are you on a domain network? If so, I had this error. Found out someone else had changed the DNS servers to OpenDNS and not the IP of the AD/DNS server. Problem fixed!

    Saturday, February 19, 2011 1:03 PM
  • This might also happen when the remote user account is brand new. I had to logon to the server locally and make the mandatory first-login password change before it worked with RDP.
    • Proposed as answer by Radu Dorneanu Tuesday, May 1, 2012 3:18 PM
    Monday, March 7, 2011 3:40 PM
  • I ran into this tonight but was able to solve it.


    From vpn based Windows 7 64-bit (Laptop/remote).  I attempted to login to Windows 7 32-bit desktop (Office) using a specific domain account intended for the office computer only.

    An Authentication error has occurred.  The Local Security Authority cannot be contacted.  Remote computer: Office


    Use a domain account that does not have a "Log onTo..." specified in the Account settings. Alternately add both Laptop/remote and Office to the domain user account intended for the office computer only. 



    • Proposed as answer by lavee45 Thursday, May 31, 2012 8:45 PM
    Wednesday, March 23, 2011 12:58 AM
  • hi


    im having same issues, i have 2 pc local both windows 7 ultimate. pc1 is not on domain, pc2 was on the domain, uses password which is saved in the rdp.

    from pc1 trying to rdp pc2, was able to do for long time but not recently. tried all kind of tricks,

    i ve installed teamviewer so i can check if really i can connect,so with teamviewr (tv as short) from pc1 to pc2 i can logon.

    as soon i connect with tv from pc1, then i try rdp from pc1 to pc2 and Bingo! it works. i close tv, rdp connection stays. i can rdp again and again AS LONGER I dont switch off pc2!!! if i do,im unable to connect via rdp! 


    looks like security issues, but establishing a connection with tv, it removes these issues and then rdp works! (tried every time!)

    need a permanent solution though...








    Friday, March 25, 2011 12:00 AM
  • Sounds to me like Group Policy might be the issue. Team Viewer perhaps changes a security setting in order to work and when you reboot Group Policy resets the security. Try gpupdate /force on the machine once you have it working using your teamviewer workaround to confirm.
    Friday, March 25, 2011 4:43 PM
  • I ran into this issue when i had "do not connect if authentication fails" enabled, which from what i've read tries to connect through TLS, which if you dont have a compatible certificate installed on both ends, gets automatically rejected.


    This can also be set in group policy settings, which i believe overrides the RDP setting.

    Friday, March 25, 2011 4:58 PM
  • I encountered this trying to RDP into a new Windows 7 install.  The destination computer is a laptop.  It turns out that I just have to do the initial log in from the laptop itself, then subsequent attempts to RDP into it work fine.  It's a minor inconvenience now and I can deal with it since the laptop is always a few feet away.
    • Proposed as answer by JAB-RTE Wednesday, January 23, 2019 7:47 PM
    Thursday, June 30, 2011 5:05 AM
  • Add the Remote Desktop Users group to the group policy setting Access This Computer From the Network.

    By default only Administrators are allowed this right. If you are using the Network Level Authentication option then the Remote Desktop Users group must have this right for logon to work.

    • Edited by GNCA Wednesday, April 25, 2012 6:53 PM
    Wednesday, April 25, 2012 6:48 PM
  • Just remove the machine from Domain and remove the system name from AD computer list after all you just restart the system then add the system again in the domain.

    Thursday, May 17, 2012 7:25 AM
  • Hi AndyD77,

    Please go to AD and check the particular computer account is enabled or disabled. Most probably it is disabled, so please enable that computer account. 

    Tuesday, June 19, 2012 10:02 AM
  • Here is another solution, looks like this issue is caused by different scenarios, in my case I was still able to logon with my Domain Admin account to a locked down machine(with very tight Domain Security Policies), the issue started happening on another account that was a local admin on the machine but I had flagged that account on the domain to prompt for a password change on the next logon, my guess is due to the security policies applied to this specific machine, the Security Authority was being blocked from properly communicating with the Domain Controller and it could not initiate the password change procedure and it was returning that error. All I had to do was uncheck the "User must change password on next logon" checkbox in the domain account and then it allowed me to logon with it.

    Again this might be in my case, but in other cases it could be due to different configurations, I personally believe that for the most part this issue is due to security policies being applied to the machine, if you are not sure if that is the case and have tried all these solutions, you can always try to restore the machine security policies to the default state.

    Hope this helps.

    • Proposed as answer by BlackHawk816 Thursday, June 28, 2012 5:47 PM
    Thursday, June 28, 2012 5:46 PM
  • For what it is worth I was having this issue with a Windows 7 SP1 x64 machine RDPing to a Window Server 2008 R2 SP1 Datacentre. I could logon locally, but not with a domain account.

    The domain account was not locked, RDP was set to use Network Level Authentication, routing was set correctly, etc.

    The issue was related to the cached account on the server. As soon as I deleted the cached credentials I could login without issue.

    Monday, July 9, 2012 5:00 PM
  • Exactly. Thanks a bunch! In my case I used Core Configurator 2.0 on Server Core 2008 R2. I did not intend to change any DNS settings, maybe it's a bug in Core Configurator. Anyways: if you try to log on to a domain joined machine and get this error, make sure the DNS settings on that machine point to an Active Directory server.
    Friday, July 20, 2012 8:18 PM
  • We just needed to set "Allow connections from computers running any version of Remote Desktop (less secure)"... instead of the NLA option.
    Monday, July 23, 2012 5:27 AM
  • That is a workaround, but NLA is normally fine until this problem pops up.
    Monday, July 23, 2012 5:36 AM
  • Well, the solution for my issue was to reset the user account password eventhough it is not expiring. This seems to be the work around so far.

    /* Server Support Specialist */

    Friday, September 7, 2012 12:52 AM
  • Make sure you can ping the FQDN.  I had this issue and was unable to ping DevDomainSrv.Dev.Local, but I could ping DevDomainSrv.  When I took a look at the network adapter properties, the DNS setting was set to obtain automatically.  I set it so the primary DNS was the DNS domain server for my dev domain, and the secondar DNS server was external to my dev domain.  Once I did this, it worked like a champ.

    Good Luck

    • Proposed as answer by Mark Dykun Thursday, April 4, 2013 3:05 PM
    Thursday, October 11, 2012 2:58 PM
  • I had this problem on a Windows 8 RTM installation in a domain environment. A domain user was able to log on locally but not through Remote desktop. Another domain user was able to logon both locally and through Remote desktop. Computer has Network Authentication Layer (NLA) enabled. I turn of NLA, and both users can logon Remote desktop.

    The first user had a "Allow only logon to these workstations" setting on the user object in the domain. Even if the computer name was added to the list, in a Remote desktop scenario it would not allow logon.

    So I changed the user object in the domain and allowed the user to logon to any computer. Now he's able to logon using Remote Desktop, even with NLA turned on.

    Guess it's a bug in Windows 8 RTM.


    • Proposed as answer by Kruger44 Friday, October 19, 2012 5:56 PM
    Friday, October 19, 2012 5:55 PM
  • Hi Guys,

    I got the same issue when I do a remote desktop to Server 2012 Hyper-V Core, 

    I reset the password - It didn't work for me.

    I rebooted after reset the password - It didn't work

    I disabled the remote desktop after reset the password and enabled - It didn't work

    It worked for me when I reassign the internal DNS server IPs where I put the static host record in the local DNS servers manually.

    I had to create dns records manually for this hyper-v core as it is not added to domain. Previously I had the public DNS for network interface as I wanted to do the updates only.

    Hope it may help to anyone.

    • Edited by Karan.T Thursday, March 28, 2013 9:29 AM
    Thursday, March 28, 2013 9:29 AM
  • I had this same problem.  2 accounts.  Both could log in locally only one could RDP.  The one that could not was station restricted.  Turned off NLA and then it could log right in. 
    Wednesday, June 5, 2013 3:29 PM
  • I fixed it with running the command "ipconfig /flushdns" in the CMD.exe on the server.
    Tuesday, June 11, 2013 11:11 AM
  • try find the solution here


    Tuesday, June 18, 2013 7:49 AM
  • What Language packs do you have installed?

    An authentication error has occurred. The Local Security Authority cannot be contacted


    Regards Pete Long http://www.petenetlive.com

    Friday, June 28, 2013 9:08 AM
  • It worked for me. You could write {machinename}\{localusername} in user name bracket instead.
    Wednesday, August 7, 2013 10:11 PM
  • @Smarcell: You sir, are a savior.  Thank you!  Can't believe a bug like this passed right under MS's nose.
    • Edited by naashkyr Thursday, August 8, 2013 1:31 PM
    Thursday, August 8, 2013 1:30 PM
  • I got this error when I was decommishioning some old domain controllers, the server I was trying to connect to had a static IP set with static DNS server entries.  Once the last DNS server was powered off I could no longer connect.  Updated the DNS server entries and was able to log on.
    Friday, September 20, 2013 1:00 PM
  • This did it for me after a good few hours of research.  Thanks very much!
    Saturday, October 5, 2013 4:31 PM
  • Unjoin, then re-Join the server to the domain.

    The server even will show "joined to the domain" (if you look in computer/properties), BUT, for some reason, mine was not completely joined. Go figure. I think it's a feature (LOL) ... BUT, note that my server previously existed in the domain, and I was giving a new physical box that same name; i.e. moving Server1 to new hardware, AND I never really :) cleanly removed the previous server. I guess you can call it an "unclean join" and, even though no errors were evident, well, you get the picture - stuff wasn't working. So, double-check, especially if you have remote DCs over slow links, the domain might not have had time to "catch up" all the AD/DNS info regarding whatever new box you are putting in.

    Tried it 5 minutes ago and it worked.

    So, YES, multiple things can cause this error and, NO, switching to a lower security setting (Allowing connections from ANY RDP) is not the real solution.

    Old thread, but still valid.

    Please remember to Mark as Answer if I helped resolve your issue. Thanks.


    Wednesday, October 30, 2013 10:14 PM
    Saturday, November 2, 2013 10:47 PM
  • I created this same error message by renaming an account.   I created the account originally just for remote access and immediately did not like the name I picked so I renamed it.

      I attempted to access the remote machine via the updated account for the very first time and the error appeared. 

    To correct the issue, I accessed the server [win server 2008]

    Right clicked computer off the start menu and chose "Properties" to Access the "System"

    Clicked "Remote Settings" then "Remote" Tab

    Clicked button for "Select User" and attempted to confirm the account I was trying to use had permission.  It was then I discovered that the account still had the original name. 

    To confirm this was the issue, I was able to gain remote access using the original account name

    Friday, January 17, 2014 3:03 PM
  • I had the same problem in my domain home lab, even i restarted the server I wanted to RDP.

    What i did is to shutdown all my servers, including domain controller.

    I started the domain controller. I waited until it was reachable and all services were up.

    Then i started the server with rdp problems, giving it some time too to start properly

    Problem fixed.

    I hope you don't need to reboot your DC, but at least, I wanted to give the tip that, in my case, the problem was in the domain controller side.


    Sys Admin

    Friday, July 4, 2014 4:24 PM
  • Radu,

    Thanks for this comment which helped me solve my problem.  My user was logging onto their pc with their normal credentials and then using different credentials to RDP to a server.  This was not an issue until I forced stronger authentication by configuring "Allow connections only from computers running Remote Desktop with Network Level Authentication..." on the server they were trying to RDP to.  This occurred even though the user's pc was Windows 7.As soon as I set the higher security setting they could no longer RDP. 

    To solve the problem I had the user log onto their pc using the same credentials that they would later use to RDP to the server.  Once they did that they could RDP to the server, regardless of the credentials used to log on to their pc.


    Tuesday, July 15, 2014 11:10 PM
  • Hi,

    I had the same problem and the same resolution!

    Wednesday, August 6, 2014 12:40 PM
  • I just had the same message "The Local Security Authority cannot be contacted" happen in the following scenario. Windows 7 user using Remote Desktop to log in to a newly upgraded Windows Server 2012. The issue was related to the username using a capital letter at the beginning. I do not remember Windows Server 2008 ever minding about the case-sensitiveness of the username but I could be wrong. Anyways, that's how we got around that. 
    Thursday, August 7, 2014 4:34 PM
  • In my case, it was easier to solve than I thought...

    I reset the user password from the domain controller. Then, in Active Directory I selected the user and opened the user properties window. In the tab "Account" I unchecked the option "User must change password at next logon". That's it!

    Hope it helps to anyone!


    Saturday, August 30, 2014 4:54 PM
  • Additionally to this particular answer, user forgot to mention that the Domain Policy password expiration ask the user to change password. I ask the user to restart the PC, and once the user change the old password everything went back to normal.

    Good day...

    Tuesday, October 7, 2014 12:58 PM
  • After I read the answer by DavidRa I went to the Server 2008 R2 gave me the your password has expired and needs to be changed. I changed it and got in. The 2012 box was the one that gave me the "Local Security Authority could not be contacted" message. Strange that it would not let me change pw on 2012 server box...
    Friday, October 10, 2014 2:44 PM
  • This one works great. I disabled the check mark on the profile asking for password expires; etc.. and works great.
    Then I asked the user to come to my desk and changed the password! :)

    Monday, October 27, 2014 7:00 PM
  • I would have this issue when trying to RDP into a DC after it was rebooted (not very often). I could log into them locally with no errors and would have to do so to "nudge" the server back into letting me RDP. This led me to my solution which was adding the /admin switch to my RDP connection (to try and simulate "local"). Voila! No "local security" error when I RDP. Not entirely sure why that solved my issue...but it did.
    Tuesday, October 28, 2014 4:44 PM
  • Assuming you have RDP setup correctly on the client and server:

    My solution was to UNCHECK the 'Allow connections only from computers....' in System properties , Remote tab.

    Working now.

    Less secure?  Yes.  Less frustrating?  Definitely.

    Friday, April 17, 2015 12:59 PM
  • I've run in this problem after inplace upgrade of W2k3 into w2k8

    What I've found is that when You set "Log On To" to the user account and add a few computers remember to add the one that user is running mstsc from.

    In other case You will get "The Local Security Authority cannot be contacted"

    Friday, July 3, 2015 11:56 AM
  • This worked for me too. My original issue was caused by removal of one DC and addition of another, while having the new one seize the Schema Master and Domain Naming Master fsmo roles. 
    Thursday, August 13, 2015 5:45 PM
  • I had the same error on my Azure virtual machine and a local virtual machine. I resolved this error by following the under given URL:


    Monday, August 24, 2015 6:53 AM
  • Hi

    In my humble opinion, I think the the issue comes from the local accounts

    I think that the local account is set to "User must change password at next logon"

    Hope it will help some folks !

    Wednesday, October 28, 2015 2:29 PM
  • I had the same problem which was easily mitigated by disabling NLA for the remote connection (which is a trivial workaround) but the true reason for this error message was that the server could not reach the domain  controller properly and would only log me in with the cached credentials but the server could not verify the credentials with the domain.

    This is what the NLA actually is supposed to do and it worked perfectly to the detriment of functionality.

    Soultion: Please check the server for full connectivity to the domain (domain controllers).

    Friday, May 6, 2016 11:07 AM
  • I know this is a really old thread. But I *finally* figured this out with what for me is the DEFINITIVE solution. I get the "local security authority could not be contacted" error too, when attempting to connect via RDP over the internet from a computer that is NOT a member of the domain. Removing NLA is just not an option, as I am just flat out not willing to sacrifice security for convenience. So here's the solution, assuming the user is NOT authorized to log onto every computer on the domain.

    That is to say, you have identified in the user's account properties the specific computers they are allowed to log on to. If you change this to "all computers" the problem goes away. But it also sacrifices your internal security by allowing the user to log on to any domain computer - probably not desired. So what to do?

     If remoting in from a computer that is not a domain member (such as your personal computer at home) then on the AD DS domain server open the AD Computers and Users applet. Then in the users container select/open the specific user account being used.

    In the user account dialog under the Account tab, click the "Log On To" button.  Now add the name of the non-domain computer they are remoting in from, and that solves this problem without sacrificing NLA or any other security.

    If you're using health policies on the NPS, that just adds another layer of security, and I highly recommend it if you're going to allow users to log into domain computers remotely, from non-domain computers.

    • Proposed as answer by John Deeman Tuesday, February 14, 2017 9:42 AM
    Tuesday, May 31, 2016 5:03 AM
  • I have the same issue, So I unchecked  the "user must change password at next logon" option and It worked for me.
    Monday, August 15, 2016 10:05 PM
  • Hi all,

    For me, it was on a tiny network that had two domain controllers, but one crashed a while ago, and I had no plans to replace it.  I hadn't removed it from Active Directory, though.  I was working remotely and logged in to the one remaining DC, and (thankfully) also logged in to my admin workstation as the domain administrator, with RSAT.

    I had to reboot the DC, and when it came back up, I got this error trying to connect with RDP.  From my admin workstation, I removed the old DC from Active Directory Users and Computers, and from Sites and Services.  I also inspected DNS, and found that the IP address for the old server was listed under gc._msdcs.domain, so I removed that.

    The problem was instantly fixed.  What had happened, was the LSA was finding the missing DC when looking for a GC/ADDS server.

    Hope this helps.

    Thursday, March 23, 2017 3:00 PM
  • Hi All Osman's steps solved this issue but I will like to make it very simple.C

    Right click on Computer/ This Computer,

    Select Properties

    On the Top Left, Select Remote SettingsThis will Take you to Remote assistance panel.

    From the three Options,

    uncheck the following:

    Don't Allow remote connection to this Computer.

    And Check: Allow Connection from Computers Running any version of Remote Desktop.(Less Secured)

    Make sure the last Option is Unchecked: Allow connection only from computers running Remote Desktop with Network Level Authentication (More Secured).

    Click Apply and OK.

    Hope this helps.

    Wednesday, April 26, 2017 10:06 AM
  • It has literally taken me days to figure out my specific issue for my specific setup. First the setup.

    Runnint a Server 2012 Standard domain controller with Group Policy and Hyper-V.

    In AD DS some users are set up to only be allowed logon to specific computers both locally and remotely via RDP.

    The Hyper-V is running a Windows 10 Pro virtual machine also joined to the domain.

     Then I have another box with Server 2008 R2 that is a member server jointed to the domain. This box is running NPS and is also set up as the RD Gateway server.

    Only users that are allowed to log on to specific computers locally, can also do so remotely via RDP.

    When remoting in to VM01 from either the 2012 or 2008 server systems, it was no problem. However, when they tried to remote in from their home computer, the following error was generated.

                  An authentication error has occurred. The local security policy can not be contacted

    There's no way I'm undoing the requirement for Network Level Communication. So I dug, and I dug, and I dug. I finally found the gold at the bottom of this hole.

    The solution for my specific situation was to go into AD DS and add the name of the remote computer to the list of computers the user is authorized to log on to. It doesn't matter that the computer they are connecting from is not on the domain and is sitting in their living room at their house 30 miles away. Their domain login has to be authorized to log on to their personal computer at their house - even though of course, it never will.  So if they try to remotely log in from another computer, they can't. If they get a new computer and it does not have the same network name as their old computer, then they can not connect to their domain computer at work over the internet via RDP with Network Level Authentication.

    Of course, there is another option that for me I won't use. It's to allow the user to log on to any computer.

    Thursday, June 15, 2017 3:21 AM
  • For me I couldn't even do a reset of the password.  

    I had to check the box that says "Password Never Expires".

    If it is checked my user can login

    If it is not checked .... An authentication error has occurred the local security authority cannot be contacted.


    Monday, June 19, 2017 1:02 PM
  • I starting having this issue after I updated to Windows CU 1703 from Windows 10 Anniversary edition. 

    The PC is NOT part of a domain. 

    I can't figure it out.  

    ------ Sean J Vreeland Seattle, WA

    Tuesday, June 20, 2017 11:53 PM
  • i had the same issue pop up, though mine is on a domain. The problem was the comcast router that was recently replaced, which has no ability to turn off DHCP for ipv6, handing out incorrect IPV6 addresses. I had to isolate it behind a router, which immediately resolved my issue.

    Check your logs for a termDD error and it will list the IP address, that may lead you somewhere.

    Monday, November 20, 2017 8:15 PM
  • I had this issue with a 2008 R2 Server after it rebooted after updates. I remotely logged on using the local credentials, and found that the nework adapter was saying private network instead of domain. I then founf that the dns server IP address was missing/had disappeared from the static IPv4 settings on the network controller - I re-added this then rebooted, and the issue went away.
    Monday, March 26, 2018 8:26 AM
  • if you renew the IP on the remote machine, it should work : 

    - open command prompt

    - type "ipconfig /release"

    - type "ipconfig /renew"

    Monday, August 20, 2018 7:00 PM
  • Just Uninstall KB4480968(patch date year 2019) Windows security patch.after uninstall patch just restart your server.
    Tuesday, January 15, 2019 1:56 PM
  • I dont have that patch and have the same issue.
    Wednesday, January 30, 2019 2:45 AM
  • Check that the account does not have an expired password, and that the account itself is not expired. In my case, the account password had expired, causing this error.

    As soon as I changed the password, the error was no longer present.

    10 years later, Windows 2016 Server... Same issue. This helped me resolve it.  It was a new User with "User must change password at next login" set.  Once I cleared the "must change password" flag, the user was able to connect to remote desktop. 

    Friday, April 26, 2019 3:39 PM
  • Same fix for an old Windows Server 2008 x86 server.

    I also found that if I added the remote PC's hostname to the list it worked.


    Friday, June 7, 2019 11:23 AM
  • In Local Security Policy/Local Policies/User Rights Assignment, remove Guest from "Deny access to this computer from the network". As mentioned by another person on this thread, you might also need to add Guest to "Access to this computer from the network".
    Friday, November 22, 2019 4:25 PM