In March, Microsoft released a security update to address vulnerabilities for the Credential Security Support Provider protocol (CredSSP) used by Remote Desktop Protocol (RDP) connections for Windows clients and Windows Server. Wrote a blog post about our findings so far with a workaround on how to reduce Remote Desktop security settings to get around this problem. It doesn't require touching registry settings or other complicated steps: Remote Desktop Authentication Error Has Occurred. The function requested is not supported. After an update to Windows 10 released back in May 2018, a lot of users who use Remote Desktop function started getting the RDP 'authentication error, function requested is not supported' issue where the users get the.
- An Authentication Error Has Occurred Windows 10
- An Authentication Error Has Occurred Remote Desktop Server 2012
- Authentication Error Has Occurred Remote Desktop Failed
- An Authentication Error Has Occurred Remote Desktop Server 2012 R2
This article can help you troubleshoot authentication errors that occur when you use Remote Desktop Protocol (RDP) connection to connect to an Azure virtual machine (VM).
Symptoms
You capture a screenshot of an Azure VM that shows the Welcome screen and indicates that the operating system is running. However, when you try to connect to the VM by using Remote Desktop Connection, you receive one of the following error messages.
Error message 1
An authentication error has occurred. The Local Security Authority cannot be contacted.
Error message 2
The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box.
Error message 3 (generic connection error)
This computer can't connect to the remote computer. Try connecting again, if the problem continues, contact the owner of the remote computer or your network administrator.
Cause
There are multiple reasons why NLA might block the RDP access to a VM.
Cause 1
The VM cannot communicate with the domain controller (DC). This problem could prevent an RDP session from accessing a VM by using domain credentials. However, you would still be able to log on by using the Local Administrator credentials. This problem may occur in the following situations:
The Active Directory Security Channel between this VM and the DC is broken.
The VM has an old copy of the account password and the DC has a newer copy.
The DC that this VM is connecting to is unhealthy.
Cause 2
The encryption level of the VM is higher than the one that’s used by the client computer.
The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box.
Error message 3 (generic connection error)
This computer can't connect to the remote computer. Try connecting again, if the problem continues, contact the owner of the remote computer or your network administrator.
Cause
There are multiple reasons why NLA might block the RDP access to a VM.
Cause 1
The VM cannot communicate with the domain controller (DC). This problem could prevent an RDP session from accessing a VM by using domain credentials. However, you would still be able to log on by using the Local Administrator credentials. This problem may occur in the following situations:
The Active Directory Security Channel between this VM and the DC is broken.
The VM has an old copy of the account password and the DC has a newer copy.
The DC that this VM is connecting to is unhealthy.
Cause 2
The encryption level of the VM is higher than the one that’s used by the client computer.
Cause 3
The TLS 1.0, 1.1, or 1.2 (server) protocols are disabled on the VM.
Cause 4
The VM was set up to disable logging on by using domain credentials, and the Local Security Authority (LSA) is set up incorrectly.
Cause 5
The VM was set up to accept only Federal Information Processing Standard (FIPS)-compliant algorithm connections. This is usually done by using Active Directory policy. This is a rare configuration, but FIPS can be enforced for Remote Desktop connections only.
Before you troubleshoot
Create a backup snapshot
To create a backup snapshot, follow the steps in Snapshot a disk.
Connect to the VM remotely
To connect to the VM remotely , use one of the methods in How to use remote tools to troubleshoot Azure VM issues.
An Authentication Error Has Occurred Windows 10
Group policy client service
If this is a domain-joined VM, first stop the Group Policy Client service to prevent any Active Directory Policy from overwriting the changes. To do this, run the following command:
After the problem is fixed, restore the ability of this VM to contact the domain to retrieve the latest GPO from the domain. To do this, run the following commands:
If the change is reverted, it means that an Active Directory policy is causing the problem.
Workaround
To work around this problem, run the following commands in the command window to disable NLA:
Then, restart the VM.
To re-enable NLA, run the following command, and then restart the VM:
Troubleshooting
For domain-joined VMs
To troubleshoot this problem, first check whether the VM can connect to a DC, and whether the DC has a status of 'healthy' and can handle requests from the VM.
Note
To test the DC health, you can use another VM on the same VNET and Subnet that share the same logon server.
Connect to the VM that has the problem by using Serial console, remote CMD, or remote PowerShell, according to the steps in the “Connect to the VM remotely” section.
To determine which DC the VM is connecting to, run the following command in the console:
Then, check the health of the secure channel between the VM and the DC. To do this, run the following command in an elevated PowerShell instance. This command returns a Boolean flag that indicates whether the secure channel is alive:
If the channel is broken, run the following command to repair it:
Make sure that the computer account password in Active Directory is updated on the VM and the DC:
If the communication between the DC and the VM is good, but the DC is not healthy enough to open an RDP session, you can try to restart the DC.
If the preceding commands did not fix the communication problem to the domain, you can rejoin this VM to the domain. To do this, follow these steps:
Create a script that’s named Unjoin.ps1 by using the following content, and then deploy the script as a Custom Script Extension on the Azure portal:
This script takes the VM out of the domain forcibly and restarts it 10 seconds later. Then, you have to clean up the Computer object on the domain side.
After the cleanup is done, rejoin this VM to the domain. To do this, create a script that’s named JoinDomain.ps1 by using the following content, and then deploy the script as a Custom Script Extension on the Azure portal:
Note
This joins the VM on the domain by using the specified credentials.
If the Active Directory channel is healthy, the computer password is updated, and the domain controller is working as expected, try the following steps.
If the problem persists, check whether the domain credential is disabled. To do this, open an elevated Command Prompt window, and then run the following command to determine whether the VM is set up to disable domain accounts for logging on to the VM:
If the key is set to 1, this means that the server was set up not to allow domain credentials. Change this key to 0.
For standalone VMs
Check MinEncryptionLevel
In an CMD instance, run the following command to query the MinEncryptionLevel registry value:
Based on the registry value, follow these steps:
4 (FIPS): Go to Check FIPs compliant algorithms connections.
3 (128-bit encryption): Set the severity to 2 by running the following command:
2 (Highest encryption possible, as dictated by the client): You can try to set the encryption to the minimum value of 1 by running the following command:
Restart the VM so that the changes to the registry take effect.
An Authentication Error Has Occurred Remote Desktop Server 2012
TLS version
Depending on the system, RDP uses the TLS 1.0, 1.1, or 1.2 (server) protocol. To query how these protocols are set up on the VM, open a CMD instance, and then run the following commands:
If the returned values are not all 1, this means that the protocol is disabled. To enable these protocols, run the following commands:
For other protocol versions, you can run the following commands:
Note
Get the SSH/TLS version x.x from the Guest OS Logs on the SCHANNEL errors.
Check FIPs compliant algorithms connections
Remote desktop can be enforced to use only FIPs-compliant algorithm connections. This can be set by using a registry key. To do this, open an elevated Command Prompt window, and then query the following keys:
If the command returns 1, change the registry value to 0.
Check which is the current MinEncryptionLevel on the VM:
If the command returns 4, change the registry value to 2
Restart the VM so that the changes to the registry take effect.
Next steps
Summary :
What will you do when you encounter the error “An authentication error has occurred”? If you don’t know, then this post written by MiniTool is what you need. You can find several efficient methods to fix the error.
Authentication Error Has Occurred Remote Desktop Failed
When you try to establish a connection with another remote computer using Remote Desktop Connection, you may get an error message saying that “An authentication error has occurred the function requested is not supported”.
So how to fix the “Remote Desktop An authentication error has occurred” error? The methods are shown below.
Method 1: Change the Remote Desktop Settings
In order to fix the “An authentication error has occurred the function requested is not supported” error, the first step you can take is to change the remote desktop settings.
Here is the tutorial:
Step 1: Press the Win key + R key at the same time to open the Run box.
Step 2: Type sysdm.cpl in the box and then click OK to open the System Properties window.
Step 3: Go to the Remote tab and then uncheck the Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended) option. Click Apply and OK to save changes.
Step 4: Restart your computer and then check if the “An authentication error has occurred” error is gone.
When you try to connect a remote computer, but the Windows 10 Remote Desktop not working error appears, then you can find methods to fix the error in this post.
Method 2: Change the Group Policy Settings
You can also try to change the Group Policy settings to fix the “An authentication error has occurred” error. Follow the detailed instructions below:
Step 1: Open the Run box and then type gpedit.msc in the box. Click OK to open the Local Group Policy Editor window.
Step 2: Click Computer Configuration and then select Administrative Templates > System > Credentials Delegation on the left of the window.
Step 3: Double-click the Encryption Oracle Remediation on the right of the window.
Step 4: Choose Enabled and then select the Vulnerable option under the Protection Level drop-down menu. Click Apply and OK to save changes.
Step 5: Close all the windows. Type cmd in the Run box and then click OK to open the Command Prompt window.
Step 6: Type gpupdate /force in the window and then press Enter.
An Authentication Error Has Occurred Remote Desktop Server 2012 R2
Step 7: Reboot your computer and then check if the error is fixed.
Method 3: Edit the Registry
There is another method you can try to fix the “An authentication error has occurred” error – edit the Registry. Here is a quick guide:
Step 1: Type regedit in the Run box and then click OK to open the Registry Editor window.
Step 2: Navigate to HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemCredSSPParameters.
Step 3: Double-click the AllowEncryptionOracle DWORD to open its Edit DWORD window.
Step 4: Change the Value data to 2 and then click OK.
Step 5: Reboot your computer and then check if the “An authentication error has occurred” error is fixed.
If you are looking for a method to fix broken registry items, this post is what you want. It will introduce you 5 methods to repair this problem.
Bottom Line
There are three useful methods to fix the “An authentication error has occurred” error in this post: change the remote desktop settings, change the Group Policy settings and edit the Registry.
