Reset Search
 

 

Article

KB40848 - Window Terminal Service failed to connect when "Connect smart cards" option is enabled in the bookmark settings and backend is configured with NLA

« Go Back

Information

 
Last Modified Date8/1/2017 1:08 AM
Synopsis
This article describes an issue where Window Terminal Service (WTS) bookmarks fail to connect when "Connect smart cards" option is enabled in the bookmark settings and TS server requires Network Level Authentication (NLA).
Problem or Goal
When users launch Window Terminal Services bookmarks via the PCS gateway, the connection fails with the following error message:
The remote computer that you are trying to connection to requires Network Level Authentication (NLA), 
but your window domain controller cannot be contacted to perform NLA. For assistance, contact technical 
support or your network administrator.

Disabling NLA makes your connection less secure. However, if you are an administrator on the remote computer, you can disable the NLA.  On the Remote tab in System Properties, select "Allow connections from computers running any version of Remote Desktop.

User-added image
Cause
As per the information in the MS blog, a limitation with the MS RDP client and smart card authentication is that the MS RDP client does not support NLA with smart card authentication in a cross-domain environment. 

This issue impacts the following versions
  • 8.2R7.1 and above
  • 8.3R2 and above
Solution

Workaround:

  • Administrators can disable the NLA on the remote computers. On the System Properties, select Remote Setting > Allow connection from computer running any version on Remote Desktop.
Related Links
https://blogs.technet.microsoft.com/the_9z_by_chris_davis/2016/05/02/why-doesnt-nla-work-with-cross-domain-smart-card-authentication/
Attachment 1 
Created BySahil Mahajan

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255