none
Network Level Authentication & Local Security Authority Error RRS feed

  • Question

  • Hi Team,

    We migrated our DC from 2008 to 2016, we have two different domain one is in the same network whereas another one from the Vendor side. Now, after migrating the DC the users who are sitting in the same network they are able to access or taking RDP without any issue but the users from the Vendor's side are getting NLA or LSA cannot be contacted error. We've trust between both the domains. Actually, its not consistent one day they are able to login & the next day they are getting error. below are the details of error. We've checked with the Network team & all required ports have been allowed. Please provide some guidance how can we resolve this issue. Thanks.

    NLA Error :

    The remote computer that your are trying to connect to requires Network level Authentication (NLA), but your windows domain controller cannot be contacted to perform options on the Remote tab of the System Properties dialog box.

    LSA Error:

    An authentication error has occurred.

    the local Security Authority cannot be contacted.

    Remote Computer : Computer name

    This could be due to an expired password.

    Please update your password if it has expired.

    for assistance, contact your administrator or technical Support.


    Dhaneswar

    Tuesday, August 13, 2019 5:13 PM

All replies

  • HI

    1 "We migrated our DC from 2008 to 2016"
     did you also migrate DC servers of vendor side  from w2008 to w2016 ?
    2 "but the users from the Vendor's side are getting NLA or LSA cannot be contacted error."
    2.1 Are your session host servers only in main office side ? is there session host server vendor side ?
    2.2 Have you enabled NLA on all your session host servers ?
    3"the local Security Authority cannot be contacted."
    3.1 if you create a new test user in vendor side DC server,will the problem also happen on this new test user ?
    3.2  when the rdp problem happen , if you use the problematical user account in vendor side DC server to logon session host server console(not rdp) ,will the problem persist ?

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 14, 2019 3:17 PM
    Moderator
  • Thanks for replying.

    1 Did you also migrate DC servers of vendors side from 2008 to 2016 ?    : NO

    2. Are your session host servers only in main office side ?                         : YES.

    3. Is there session host server vendor side  ?                                            : NO

    4. Have you enabled NLA on all your session host servers ?                         : YES

    5.  If you create a new test user in vendor DC server, witll the problem also happen on this new test user ?

    We didn't check this  yet, but the issue is not for the single user.

    6. when the rdp problem happen, if you use the problematical user account is vendor side DC server to logon session host server console, will the problem persist.

    are you suggesting for session host server console to take the console mstsc\admin ? at their end user account is working fine.


    Dhaneswar

    Wednesday, August 14, 2019 5:16 PM
  • HI

    Enviroment:
    main office side:w2016 DC
    vendor side:w2008 DC
    main office domain user account:muser1
    main office side session host os version ??
    vendor side domain user account:vuser1
    vendor side client os version ??
    7 are main office side and vendor side using vpn connection or Dedicated Internet Access ?
    8 when the problem happen,
     if you disable NLA on one of session host server temporarily ,can vuser1 remote access session host server without error?
     if you keep NLA enable on one of session host server and reset the vuser1 password ,will this vuser1 remote access session host server without error? 
     
    9 when the problem happen ,if you enter nslookup the FQDN of main office side W2016 DC on vendor side client computer ,can your client computer retrieve it ?
    10 when the problem happen ,if vendor side client computer disjoin the vendor domain then rejoin the vendor domain ,will the problem persist ?
    11 download and install Microsoft Network Monitor 3.4 on vendor side w2008 DC ,main office side w2016 DC, session host server. When we use mstsc remote access session host on main office side from vendor side computer ,we can try to capture network package during the normal time and issue time ,is there any difference ?
    https://www.microsoft.com/en-us/download/details.aspx?id=4865


    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, August 16, 2019 3:21 AM
    Moderator
  • 7. Are main office side & vendor side using VPN connection or dedicated Internet access ? 

    There is no VPN involve. We've trust between both the domain.

    8. when the problem happen, if you disable NLA on one of session host server temporatily can vsuer1 remote session host server without error ?

    Yes, if we disable the NLA on then users are able to access the servers.

    If we keep enable the NLA on one of host session theen user facing the issue didn't try to reset the password because with the same password they are able to access when NLA will be disable. 

    9. We'll check this (9 point) point with vendor & will keep you posted.

    10. computer disjoin & rejoin the domain ?

    If we disable the NLA then they are able to access the server & as more then 1 users are facing this issus so computer disjoin & rejoin should not work.

    This issue is only facing by Vendor side users, same premises/domain sitting users don't have any issue.

    Just an update that We've windows 2008 & 2016 server.  when there was only windows 2008 server ther were no issues, these issues comes up after adding windows 2016 server.


    Dhaneswar


    • Edited by Dhaneswar1 Sunday, August 18, 2019 6:59 AM
    Saturday, August 17, 2019 12:56 PM