Reset Search
 

 

Article

KB40848 - Window Terminal Service failed to connect when "Connect smart cards" option is enabled in the bookmark settings and backend is configured with NLA

« Go Back

Information

 
Last Modified Date6/26/2018 6:54 PM
Synopsis
This article describes an issue where Window Terminal Service (WTS) bookmarks fail to connect when "Connect smart cards" option is enabled in the bookmark settings and TS server requires Network Level Authentication (NLA).
Problem or Goal
When users launch Window Terminal Services bookmarks via the PCS gateway, the connection fails with the following error message:
The remote computer that you are trying to connection to requires Network Level Authentication (NLA), 
but your window domain controller cannot be contacted to perform NLA. For assistance, contact technical 
support or your network administrator.

Disabling NLA makes your connection less secure. However, if you are an administrator on the remote 
computer, you can disable the NLA.  On the Remote tab in System Properties, select "Allow connections 
from computers running any version of Remote Desktop.

User-added image
Cause
As per the information in the MS blog, a limitation with the MS RDP client and smart card authentication is that the MS RDP client does not support Network Level Authentication (NLA) with smart card authentication in a cross-domain environment. 

This issue impacts the following versions
  • 8.2R7.1 and above
  • 8.3R2 and above
Solution
Due to the limitation from Microsoft, Pulse Secure is evaluating an enhancement request to support smart card authentication in a cross-domain environment through the Pulse Connect Secure device.  This is tentative for 9.0R3.

Workaround:

  • Administrators can disable the NLA on the remote computers. On the System Properties, select Remote Setting > Allow connection from computer running any version on Remote Desktop.
Related Links
https://blogs.technet.microsoft.com/the_9z_by_chris_davis/2016/05/02/why-doesnt-nla-work-with-cross-domain-smart-card-authentication/
Attachment 1 
Created BySahil Mahajan

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255