"Remote machine is AAD" but "The logon attempt failed"

Question

I setup Remote Desktop Connection and the computer says: AzureAD\username already has access:

Very good, let's try to connect using AzureAD\username:

Unfortunately it says:

Your credential did not work. Remote machine is AAD joined. If you are signing in to your work account, try using your work email address.

Of course it didn't work. Any idea?

AzureAD is a lie. Nothing about is is "Active" nor "Directory". Your standard RDP app will struggle to connect to it, and you can just forget about the Android & iOS RDP apps too. — SnakeDoc, Jun 10 '20 at 20:32
@SnakeDoc thank you for the relief, at least I will stop hitting the wall with my head. Any idea why Microsoft tells lies like this? Is very misleading. So basically RDC is not working on Windows 10 Home? I need a Pro license? — Francesco Mantovani, Jun 11 '20 at 07:43
No, I don't think the edition of Windows matters. Microsoft has made AzureAD sufficiently different that the default RDP connection settings will not work. I've had success following this: http://www.bradleyschacht.com/remote-desktop-to-azure-ad-joined-computer/ — SnakeDoc, Jun 11 '20 at 17:08

SnakeDoc · Accepted Answer · 2020-06-11T21:39:04.040

111

To successfully connect to an AzureAD joined computer using Remote Desktop, you will need to first save your connection settings to a .rdp file.

To do this, open the Remote Desktop Connection program, enter the IP Address or computer name, then click the "Save As" button at the bottom of the screen. Save it someplace convenient, since we'll need to edit this file by hand.

Next, Right-Click the saved .rdp file and open with Notepad.

Go to the very bottom of the file, add the following lines:

enablecredsspsupport:i:0
authentication level:i:2

Save the file and close.

Now, try double clicking the modified .rdp file and login using the format:

AzureAD\YourFullUsername

Screenshots, original information and credit go to bradleyschacht.com

edited Jun 11 '20 at 21:39

answered Jun 11 '20 at 17:22

SnakeDoc

13,611
17
65
97

6

Wow thank you! wish I could upvote 100 times. – David Dec 02 '20 at 08:11
1

Thank you so much! Fixed connection to Hyper-V on local machine - I've been looking for hours on how to do it! – nokola Jan 22 '21 at 20:23
The enablecredsspupport:i:0 did the trick for me. – Koen Mar 06 '21 at 11:40
7

In 2021, lots of places are disabling NLA for Remote Connections. When I try these settings, I get an error of [Window Title] Remote Desktop Connection [Content] 'The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support.' Do you have any pointers? – FoxDeploy May 12 '21 at 17:40
4

@FoxDeploy AzureAD is a lie, there is nothing "Active" nor "Directory" about AzureAD - ie, you do not have a real directory server, which is why network level authentication fails. You need to disable NLA on the machine you're remoting into for AzureAD RDP to work. – SnakeDoc May 12 '21 at 17:52
2

Thank you so much! For me the key was the user name is my email so it was formatted like this. .\AzureAD\email@company.com – Chris Aug 17 '21 at 17:25
4

To disable NLA on the machine you're remoting to: open the Run command box, run the command `sysdm.cpl`, go to the Remote tab, uncheck the **Allow connections ... with Network Level Authentication (recommended)** checkbox. You might need to restart your computer but I didn't. You can find more options to turn off this setting [here](https://www.makeuseof.com/fix-remote-computer-requires-network-level-authentication-nla-on-windows/). – somethingRandom Dec 12 '21 at 09:54
Life Saver! Thank you for this! Bonus points if anyone knows how to translate this fix to RDTabs app. – Christopher Mar 11 '22 at 19:06
I found this very helpful today, thank you! – Varinia Devorah Dec 12 '22 at 22:00
If your company uses single sign on (most do) then see @jscarle answer. You need to enable the setting to use a web account. – goku_da_master Feb 01 '23 at 18:53
For what it's worth, `authentication level:i:2` seems to already be there by default when saving the `.rdp` file. All I needed was `enablecredsspsupport:i:0`. – eFail Jun 06 '23 at 06:05
Thanks - finally managed to connect. The official Microsoft Remote Desktop app on my phone connected without issue, but for some reason I kept having connecting my Windows 10 Pro laptop to my Windows 11 Pro desktop. This finally solved it. – chocolata Jun 14 '23 at 09:29

score 12 · Answer 2 · answered Jan 08 '23 at 01:07

12

As an updated answer, the solution is to simply open up the options for the connection, go to the Advanced tab, and check "Use a web account to sign in to the remote computer".

answered Jan 08 '23 at 01:07

jscarle

1,045
9
17

Thank you @jscarle , I will test it out next time I need it – Francesco Mantovani Jan 08 '23 at 20:47
This is the preferred way to do it, i can not upvote this enough! – Dušan Knežević Feb 09 '23 at 10:22
This is the best answer! Saving it for future reference! – Datautomate Mar 12 '23 at 17:11
1

This seems to work only on a local network. – boredProjects Apr 22 '23 at 00:40

score 5 · Answer 3 · answered Dec 27 '21 at 21:06

As long as RDP is enabled on the remote machine and the user you are trying to logon is with authorized, it should work.

The Azure Active Directory username is not exactly clear though.

Joined computer via 'FirstName@domain.com', an Azure Active Directory domain account.

Computer shows 'AzureAD\FirstNameLastName' as authorized for RDP since it's an administrator account.

Must use 'AzureAD\FirstName@domain.com' for RDP username.

No other settings changes needed, no manual editing of RDP file just had to get the username right.

score 1 · Answer 4 · answered Jun 10 '20 at 20:16

1

from your window, it doesn't seem like you logged in with an azuread account, try with francescomantovani@yourazureaddomain.com as a username?

as per here:https://learn.microsoft.com/en-us/windows/client-management/connect-to-remote-aadj-pc

When you connect to the remote PC, enter your account name in this format: AzureAD UPN. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.

answered Jun 10 '20 at 20:16

alphaz18

2,610
1
5
5

1

I don't have an AzureAD Domain, I only have Windows 10 Home license and I want to connect through RDC from one PC to another – Francesco Mantovani Jun 11 '20 at 07:44

score 0 · Answer 5 · answered Aug 04 '21 at 04:09

0

For some reason the old remote desktop connection application was throwing the same error. I tried connecting through new remote desktop application( included in windows 10 ), it connected without any problem.

answered Aug 04 '21 at 04:09

Rahul Sudhanaboina

1
1
1

score 0 · Answer 6 · answered Mar 03 '22 at 19:53

The issue is related to the password, which we have set at the time of the creation of VM.

That password doesn't meet the complexity criteria that we didn't get informed about while setting the username & password firstly. Therefore we need to reset the password.

1). click on created VM --> choose reset Password from the side menu.

2). This time they will tell us about constraints for setting the password.

3). Choose the appropriate password.

4). Now login via this format as below:

username : <publicIpOfVM>/<username>
password:  newPassword

That was not my solution but I'm glad you post it. Maybe things have changed and this is the new solution. Thank you — Francesco Mantovani, Mar 03 '22 at 20:49

Harshana Kuruppu · Answer 7 · 2023-06-20T15:37:07.060

0

Open the remote desktop connection, and enter the IP address. Then save as .rdp file format. After that, right-click and open it via Notepad++ Go to the bottom of the file, add the following lines

enablecredsspsupport:i:0

authentication level:i:2

save the file and close.

Make sure to uncheck the Allow connections ... with Network Level Authentication (recommended) checkbox.

Then type “.\AzureAD\email address" for the RDP username. No need to change to other settings.

edited Jun 20 '23 at 15:37

answered Jun 20 '23 at 15:34

Harshana Kuruppu

1
1

Hi, thanks for your answer. Please consider adding code formatting for the text lines to your answer to make it easier to read. – Mmm Jun 21 '23 at 18:29

"Remote machine is AAD" but "The logon attempt failed"

7 Answers7

Linked