Remove From My Forums

Network Level Authentication error with Remote Desktop Connection between Windows 7 machines

Question
0

Sign in to vote

Hello all

I am having an issue with Remote Desktop Connection.

I can connect to my Laptop from my Desktop using Remote Desktop Connection but when I try to connect to my Desktop from my Laptop I get an error stating that Network Level Authentication is not supported on the machine I am connecting from, i.e. the Laptop.

Both the Laptop and the Desktop are running Windows 7 Ultimate.

This used to work fine and I am unable to find what has changed.

I have even tried doing a Repair Install of Windows 7 Ultimate on the Laptop but still have the same issue.

Does anyone have any ideas, short of reinstalling Windows 7 Ultimate from scratch?

Thanks in advance

Kevin

Monday, March 22, 2010 10:38 AM

All replies

0

Sign in to vote
Hi Kevin,

Based on my research, I suggest you refer to the following article to troubleshoot the issue.

I would suggest you to read through the article in the link below and see if it can fix the issue.

Why can’t I connect using Remote Desktop Connection?

Meanwhile, please also refer to the following articles to configure the Network Level Authentication you can see if that has something useful

Configure the Network Level Authentication Setting for an RD Session Host Server

Configure Network Level Authentication for Remote Desktop Services Connections

If the error message persists, please capture and upload it

Thanks,

Novak
- Proposed as answer by Biometric Engineer Monday, May 17, 2010 8:36 PM
Wednesday, March 24, 2010 6:41 AM
0

Sign in to vote

Hello

Thanks for the reply.

I already followed the instructions in the articles you listed as I found them when I used Google to research the error.

I have uploaded a snapshot of the error I receive at the address listed below.

http://cid-22b6e37ca0e5c56f.skydrive.live.com/self.aspx/Troubleshooting/RDP%20Error.PNG

Both machines are using Windows 7 Ultimate and I am able to RD into this machine fine, just not the other way.

Thanks in advance

Kevin

Thursday, March 25, 2010 11:34 AM
2

Sign in to vote
Based on my research, I suggest you also try the following steps.

1.Open registry editor.

2.Navigate or browse to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server

3.Locate the fDenyTSConnections subkey, and change the DWORD value to 0.

4.To enforce the use of RDP 6.0 and NLA, navigate to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp

5.Locate the UserAuthentication subkey, and change the DWORD value to 1.

6.Exit registry editor and restart the computer to make the changes effective.

Note: Please backup the registry key before modifying the above keys.

Thanks,

Novak
- Proposed as answer by Biometric Engineer Monday, May 17, 2010 8:36 PM
Friday, March 26, 2010 6:49 AM
0

Sign in to vote

Hello

Thanks for the reply.

I have checked the Registry on both machines and those values are already set as you stated.

Thanks in advance

Kevin

Friday, March 26, 2010 10:22 AM
0

Sign in to vote
Hi,

Please also try the suggestions from the link below on the problematic machine.

Network Level Authentication

Please Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Thanks,

Novak
- Proposed as answer by Biometric Engineer Monday, May 17, 2010 8:36 PM
Monday, March 29, 2010 9:03 AM
0

Sign in to vote

Hello again

Thanks for the reply.

I had already come across this way to enable NLA when researching this error and unfortunately the settings already exist.

Thanks in advance

Kevin

Monday, March 29, 2010 12:00 PM
0

Sign in to vote

Hello all

Does nobody have anymore ideas?

Thanks in advance

Kevin

Thursday, April 8, 2010 5:20 PM
0

Sign in to vote

You were given the answers. Sorry, but everything he said, is all I know as well.
Network Systems Engineer * Zvetco Biometrics * Windows Server 2008 R2 * Core2 6600 @ 3.30GHz * 16 GIGS RAM * NVIDIA 9400GT * **>>PLEASE VOTE POSTS AS USEFUL TO ASSIST OTHER USERS<

Monday, May 17, 2010 8:37 PM
0

Sign in to vote

You were given the answers.

Not a very helpful comment since none of the answers solved his problem.

I have the exact same problem, I have a laptop and desktop, both Windows 7 Ultimate and fully updated, both with NLA enabled. I cannot RDP from desktop to laptop, I get the exact same error about NLA. I followed all the links above. I can connect successfully if I disable the requirement for NLA in the remote desktop settings on the laptop. Perhaps this has to do with some sort of firewall or antivirus interference? (I have Norton Security Suite installed on both computers). Also the wireless network I am on is a work network, and they only allow communication over certain TCP ports, I don't know if that would cause NLA to fail.

Friday, May 13, 2011 8:36 PM
12

Sign in to vote
I actually had this problem. My Windows 7 Pro would not remote to another Windows 7 Pro without NLA, and for some reason my version of RDP said it did not support NLA:

I followed these directions and it worked. I actually had tspkg in my list but I moved it to the bottom of the values list for no particular reason. I was missing the reference to credssp.dll. So, that was the source of my problem. I do not know for the life of me why it stopped working.

Configure Network Level Authentication

Click Start, click Run, type regedit, and then press ENTER.
In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
In the details pane, right-click Security Packages, and then click Modify.
In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
In the details pane, right-click SecurityProviders, and then click Modify.
In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
Exit Registry Editor.
Restart the computer.

This worked for me.
- Edited by Millerus Wednesday, March 14, 2012 9:05 PM
- Proposed as answer by Rick Groszkiewicz Friday, August 16, 2013 7:01 PM
Wednesday, March 14, 2012 9:04 PM
0

Sign in to vote
I actually had this problem. My Windows 7 Pro would not remote to another Windows 7 Pro without NLA, and for some reason my version of RDP said it did not support NLA:

I followed these directions and it worked. I actually had tspkg in my list but I moved it to the bottom of the values list for no particular reason. I was missing the reference to credssp.dll. So, that was the source of my problem. I do not know for the life of me why it stopped working.

Configure Network Level Authentication

Click Start, click Run, type regedit, and then press ENTER.
In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
In the details pane, right-click Security Packages, and then click Modify.
In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
In the details pane, right-click SecurityProviders, and then click Modify.
In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
Exit Registry Editor.
Restart the computer.

This worked for me.

Worked for me too. Thank you.
Tuesday, March 27, 2012 6:12 AM
0

Sign in to vote

That worked for me also.

Does anyone know why this would change on a Windows 7 64bit Enterprise Edition OS?

Someone else on my team did not have this issue and they have the same OS that I do.

Wednesday, August 22, 2012 6:02 PM
1

Sign in to vote

I had the exactly the same issue, which was apparently caused by messed up computer (server) certificate. The issue was solved by simply changing the computer name which generated a new certificate and fixed the problem in my case.

Hope this helps someone.

Regards,

Ondrej

Tuesday, November 27, 2012 9:39 PM
0

Sign in to vote
That worked for me too.

I use RDP almost every day, on two Windows 7 Pro machines (my desktop and laptop). Today RDP just stopped working, and I'm not sure what caused the problem.

The key was a missing reference to credssp.dll (steps 5-7). That was the source of my problem.

Rick Groszkiewicz Life is too short to drink bad wine ... or bad coffee
- Edited by Rick Groszkiewicz Friday, August 16, 2013 7:05 PM
Friday, August 16, 2013 7:03 PM
0

Sign in to vote

Our problem was caused by a corrupted crypto database catalog:
Solution
Stop Cryptographic Services (cryptsvc) by running "net stop cryptsvc".
Delete or rename the C:\Windows\System32\catroot2 folder.
Start cryptsvc by running "net start cryptsvc".
Restart the computer.
C:\Windows\System32\catroot2 will be recreated.
Wait for all the catalog files from C:\Windows\System32\catroot to be imported into the catroot2 database. This may take up to an hour, so be patient.

Wednesday, August 6, 2014 3:46 AM
0

Sign in to vote

I have this problem with Windows 7 pro to SBS 2011. The curious thing is NLA was working fine until one fine day it decided not to work anymore. (remote or local does not make a difference)

The second server on the network has NLA enabled and connects fine. I tried 5 different PCs/Laptops from Windows 7 pro to Windows 8 pro all with the same result. All PCs DO support RDP NLA.

So how did MS manage to break this again?

BTW, none of the above mentioned solutions work....or are applicable e.g. credssp.dll was already in the registry etc. the hot fix and latest RDP updates (8.0) have been installed.

Interim solution is to lower security ( I thought MS was all about security) to allow all sorts of connections.

Would be nice to actually get MS to provide a solution for what they break. My take on it is that it was an update (as usual).
Alex Goodside

Friday, August 22, 2014 12:50 AM
3

Sign in to vote
None of these options worked but we found something that did:

You need to open up Administrative Tools>Remote Desktop Services>Remote Desktop Session Host Configuration on the destination server and double click on the top RDP-TCP connection. This brings up the RDP-Tcp properties box. In my case with DC #3, the cert hyperlink at the bottom was not clickable like the one on DC #1 which I could RDP into. Clicking on the cert's hyperlink shows you the properties of the cert. So, I clicked “Select” which did show the applied cert. On that cert is a clickable hyperlink which did show us the properties of the cert. When I clicked “OK,” I applied the changes to the Properties box and I am able to RDP into the servers again. I was able to do the same for the other two DCs that were no longer RDP'able.

Anyway, I hope this works out for anyone who haven't tried this step yet.
- Edited by briangw Monday, October 6, 2014 6:45 PM
Monday, October 6, 2014 6:45 PM
0

Sign in to vote

None of these options worked but we found something that did:

You need to open up Administrative Tools>Remote Desktop Services>Remote Desktop Session Host Configuration on the destination server and double click on the top RDP-TCP connection. This brings up the RDP-Tcp properties box. In my case with DC #3, the cert hyperlink at the bottom was not clickable like the one on DC #1 which I could RDP into. Clicking on the cert's hyperlink shows you the properties of the cert. So, I clicked “Select” which did show the applied cert. On that cert is a clickable hyperlink which did show us the properties of the cert. When I clicked “OK,” I applied the changes to the Properties box and I am able to RDP into the servers again. I was able to do the same for the other two DCs that were no longer RDP'able.

Anyway, I hope this works out for anyone who haven't tried this step yet.

It worked for me in Win2008

Thx

Friday, August 7, 2015 6:58 AM
0

Sign in to vote

None of these options worked but we found something that did:

You need to open up Administrative Tools>Remote Desktop Services>Remote Desktop Session Host Configuration on the destination server and double click on the top RDP-TCP connection. This brings up the RDP-Tcp properties box. In my case with DC #3, the cert hyperlink at the bottom was not clickable like the one on DC #1 which I could RDP into. Clicking on the cert's hyperlink shows you the properties of the cert. So, I clicked “Select” which did show the applied cert. On that cert is a clickable hyperlink which did show us the properties of the cert. When I clicked “OK,” I applied the changes to the Properties box and I am able to RDP into the servers again. I was able to do the same for the other two DCs that were no longer RDP'able.

Anyway, I hope this works out for anyone who haven't tried this step yet.

It worked for me in Win2008

Thx

Tried many other options, but the above steps worked like a charm. Thanks for saving me.

Sunday, September 20, 2015 8:24 AM
0

Sign in to vote

Re-selecting the cert on the server fixed it for me too, thanks!

Thursday, February 11, 2016 10:03 AM
3

Sign in to vote

None of these suggestions worked for me. I stopped the Remote Desktop services, renamed c:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ folder, rebooted and the folder was recreated and a new RDP certificate was created.

Friday, September 30, 2016 5:43 PM
0

Sign in to vote

Did this on the remote machine and it worked, thanks

Friday, November 11, 2016 10:02 AM
0

Sign in to vote
The account that Terminal Services or any service that relies on cryptography must have permissions to:

c:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\

Thanks, so much for mentioning this path because both Terminal Services (RDP) and Web Services stopped working. I think it was a bad GPO setting that may have caused the issue.
- Proposed as answer by Tang Thanh Phuong Saturday, December 2, 2017 3:05 PM
Friday, November 17, 2017 2:25 AM
0

Sign in to vote

IT worked for me, thanks a lot

Saturday, March 17, 2018 5:47 AM
0

Sign in to vote

If PC is member of the domain, remove it and re-join the domain. That should work.

Regards

Alltech-Solutions

Tuesday, September 3, 2019 8:53 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Asked by:

Network Level Authentication error with Remote Desktop Connection between Windows 7 machines

Question

All replies