none
Invalid Credentials when connecting to Remote Desktop (RD) RRS feed

  • Question

  • Hi Technet users!

     

    I 've used to be able to connect to my work PC with the RD-app from Microsoft Store, both with my home computer and iPad. After doing a fresh install of Windows 10 (1803) today and updating TPM I’m no longer able to connect from either home computer or iPad. I have tried the built in RD functionality on the home PC also but with no success.

     

    The remote PC (my work PC) is establishing a connection but does not accept my credentials. I’ve tried writing AzureAD/*work email* OR *username* in addition to only typing the work email. Also tried PIN instead of password. 

     

    I have been trying to follow these two solutions:

    1: MS DOCS: …/connect-to-remote-aadj-pc

    2: Spiceworks: .../topic/1962898-rdp-into-standard-user-account-on-azure-ad-joined-pc

    …so far no success.

     

    The only difference between before, when i worked, and now that it doesn’t (besides 1803) for the remote work computer is:

    Before: Sign in with personal MSA account and AAD joined with work account (through setting for work or EDU accounts)

    Now: Sign in directly with work account. Device is AAD joined, with new listing under “devices” in AD portal.

     

    The work account I’m using is registered as global admin.

     

    For the record I’m the de facto part time IT admin of the small company where I work, but probable not even qualified the least. If I can get this working then I can implement RD for my colleagues as well. :) 


    Thursday, May 3, 2018 5:21 PM

Answers

  • Posted by Daniel Stefaniak over at social.msdn in the AAD section. Worked for me. 

    "you need to disable NLA on taget machine

    also there is some registry fidgeting that you need to do:

    In Windows 10 Microsoft changed RDP’s defaults. We modified the default for “SecurityLayer” from 0 to 2. Even if you go into the user interface and disable: “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” Still doesn’t change that value to a 2.

    Simple fix:

    1. Open RegEdit
    2. Navigate to this Key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
    3. Change “SecurityLayer” to a zero
    4. Reboot and done!

     

    after above you should be able to login with RDP using AzureAD\user@contoso.com login and password"

    EDIT: With the RD app on iOS iPad it is better to use the AzureAD\*username* and not the email adress. 

    • Proposed as answer by Vera Hu Friday, May 4, 2018 3:04 AM
    • Marked as answer by De_facto_John Friday, May 4, 2018 7:14 AM
    • Edited by De_facto_John Thursday, July 5, 2018 9:49 AM New information
    Thursday, May 3, 2018 6:53 PM

All replies

  • Posted by Daniel Stefaniak over at social.msdn in the AAD section. Worked for me. 

    "you need to disable NLA on taget machine

    also there is some registry fidgeting that you need to do:

    In Windows 10 Microsoft changed RDP’s defaults. We modified the default for “SecurityLayer” from 0 to 2. Even if you go into the user interface and disable: “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” Still doesn’t change that value to a 2.

    Simple fix:

    1. Open RegEdit
    2. Navigate to this Key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
    3. Change “SecurityLayer” to a zero
    4. Reboot and done!

     

    after above you should be able to login with RDP using AzureAD\user@contoso.com login and password"

    EDIT: With the RD app on iOS iPad it is better to use the AzureAD\*username* and not the email adress. 

    • Proposed as answer by Vera Hu Friday, May 4, 2018 3:04 AM
    • Marked as answer by De_facto_John Friday, May 4, 2018 7:14 AM
    • Edited by De_facto_John Thursday, July 5, 2018 9:49 AM New information
    Thursday, May 3, 2018 6:53 PM

  • Thank you for sharing your solutions here. It will be very beneficial for members who have similar questions.
    Please mark your reply as answer in order that other community members could find the helpful reply quickly. It also help us close this case.
    Thanks for your understanding.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 4, 2018 3:04 AM
  • I've been fighting with this problem for months.  Each time I encounter it on a new machine I give another try to find a solution.  This finally is the answer I needed.  Thank you!
    Wednesday, June 5, 2019 6:52 PM