Tuesday, April 15, 2014

RDP to Windows 2012 Server - The Local Security Authority cannot be contacted.

I recently came across a problem where if you attempted to RDP to a Windows 2012 server you received the following error:

An authentication error has occurred.
The Local Security Authority cannot be contacted

Remote computer: hostname


Turns out by default we were building 2012 servers with NLA turned on. This caused a few issues with RDP connections from our VPN support accounts, and of course RDP'ing to machines when your password has expired (or set to 'User must change password at next login').

Now this is a security vs. convenience trade-off so you need to decide if turning this off is the right thing to do in your environment. For us, turning it off on a couple of key management servers would reduce the nightmare of admins being prevented from logging in when their passwords expire.


To do this, Windows+R (to get a run box) and execute sysdm.cpl This will open the System Properties screen. Click the Remote tab at the top, uncheck "Allow connections only from computers running Remote Desktop with network Level Authentication (Recommended)" and click Okay.


1 comment:

  1. I had the same error on my Azure virtual machine and a local virtual machine. I resolved this error by following the under given URL:

    http://www.windowstechupdates.com/an-authentication-error-has-occurred-the-local-security-authority-cannot-be-contacted/

    ReplyDelete