"Remote machine is AAD" but "The logon attempt failed"

Asked 10/6, 2020 at 15:58 Answered 20/6, 2023 at 15:34

Solved windows azure-active-directory remote-access remote-desktop microsoft-account

I setup Remote Desktop Connection and the computer says: AzureAD\username already has access:

Very good, let's try to connect using AzureAD\username:

Unfortunately it says:

Your credential did not work. Remote machine is AAD joined. If you are signing in to your work account, try using your work email address.

Of course it didn't work. Any idea?

Obituary answered 10/6, 2020 at 15:58 Comment(3)

AzureAD is a lie. Nothing about is is "Active" nor "Directory". Your standard RDP app will struggle to connect to it, and you can just forget about the Android & iOS RDP apps too. – Uriisa 10/6, 2020 at 20:32

@Uriisa thank you for the relief, at least I will stop hitting the wall with my head. Any idea why Microsoft tells lies like this? Is very misleading. So basically RDC is not working on Windows 10 Home? I need a Pro license? – Obituary 11/6, 2020 at 7:43

No, I don't think the edition of Windows matters. Microsoft has made AzureAD sufficiently different that the default RDP connection settings will not work. I've had success following this: bradleyschacht.com/remote-desktop-to-azure-ad-joined-computer – Uriisa 11/6, 2020 at 17:8

139

To successfully connect to an AzureAD joined computer using Remote Desktop, you will need to first save your connection settings to a .rdp file.

To do this, open the Remote Desktop Connection program, enter the IP Address or computer name, then click the "Save As" button at the bottom of the screen. Save it someplace convenient, since we'll need to edit this file by hand.

Next, Right-Click the saved .rdp file and open with Notepad.

Go to the very bottom of the file, add the following lines:

enablecredsspsupport:i:0
authentication level:i:2

Save the file and close.

Now, try double clicking the modified .rdp file and login using the format:

AzureAD\YourFullUsername

Screenshots, original information and credit go to bradleyschacht.com

Uriisa answered 11/6, 2020 at 17:22 Comment(14)

Wow thank you! wish I could upvote 100 times. – Landowska 2/12, 2020 at 8:11

Thank you so much! Fixed connection to Hyper-V on local machine - I've been looking for hours on how to do it! – Halfhardy 22/1, 2021 at 20:23

The enablecredsspupport:i:0 did the trick for me. – Kelda 6/3, 2021 at 11:40

In 2021, lots of places are disabling NLA for Remote Connections. When I try these settings, I get an error of [Window Title] Remote Desktop Connection [Content] 'The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support.' Do you have any pointers? – Okapi 12/5, 2021 at 17:40

@Okapi AzureAD is a lie, there is nothing "Active" nor "Directory" about AzureAD - ie, you do not have a real directory server, which is why network level authentication fails. You need to disable NLA on the machine you're remoting into for AzureAD RDP to work. – Uriisa 12/5, 2021 at 17:52

Thank you so much! For me the key was the user name is my email so it was formatted like this. .\AzureAD\[email protected] – Lipps 17/8, 2021 at 17:25

To disable NLA on the machine you're remoting to: open the Run command box, run the command sysdm.cpl, go to the Remote tab, uncheck the Allow connections ... with Network Level Authentication (recommended) checkbox. You might need to restart your computer but I didn't. You can find more options to turn off this setting here. – Morice 12/12, 2021 at 9:54

Life Saver! Thank you for this! Bonus points if anyone knows how to translate this fix to RDTabs app. – Macronucleus 11/3, 2022 at 19:6

I found this very helpful today, thank you! – Conversationalist 12/12, 2022 at 22:0

If your company uses single sign on (most do) then see @jscarle answer. You need to enable the setting to use a web account. – Civvies 1/2, 2023 at 18:53

For what it's worth, authentication level:i:2 seems to already be there by default when saving the .rdp file. All I needed was enablecredsspsupport:i:0. – Fumigator 6/6, 2023 at 6:5

Thanks - finally managed to connect. The official Microsoft Remote Desktop app on my phone connected without issue, but for some reason I kept having connecting my Windows 10 Pro laptop to my Windows 11 Pro desktop. This finally solved it. – Farhi 14/6, 2023 at 9:29

this didn't work on RDP on a mac – Volauvent 26/10, 2023 at 20:38

check also the response below, combined with this for me it worked, "Use a web account to sign in to the remote computer" – Wiggins 26/1 at 8:21

As an updated answer, the solution is to simply open up the options for the connection, go to the Advanced tab, and check "Use a web account to sign in to the remote computer".

Cordoba answered 8/1, 2023 at 1:7 Comment(7)

Thank you @Cordoba , I will test it out next time I need it – Obituary 8/1, 2023 at 20:47

This is the preferred way to do it, i can not upvote this enough! – Couple 9/2, 2023 at 10:22

This is the best answer! Saving it for future reference! – Drue 12/3, 2023 at 17:11

This seems to work only on a local network. – Varney 22/4, 2023 at 0:40

If you are used to using an IP address to connect you'll need to switch it to the NetBIOS (machine) name or FQDN. In the case of the former, add the NetBIOS name to the /Windows/System32/drivers/etc/Hosts file so that it can resolve to an IP. – Berman 28/9, 2023 at 22:56

didn't work for me:

error code CAA20002. Additional problem information Error code: CAA20002 Correlation ID: 69191293-e5b3-4977-96d1-e48dc3740100 Timestamp: More information: https://wvw/.microsoft.com/wamerrors Server message: AADSTS293004: The target-device identifier in the request work- laptop was not found in the tenant 281b80be-a118-4bb9-b7d5-xxxxxxxxxxxxx. Trace ID: 95dbe80b-efe5-404a-a91e-465efaa57dOO Correlation ID: 69191293-e5b3-4977- 96d1-e48dc3740100 Timestamp: 2023-11-17

– Mckelvey 17/11, 2023 at 18:9

This is the easiest, and best option to use. Simply use the Device Name (Found in About) as the FQDN, and make sure the name is in your tenant. – Declarant 4/2 at 23:26

As long as RDP is enabled on the remote machine and the user you are trying to logon is with authorized, it should work.

The Azure Active Directory username is not exactly clear though.

Joined computer via '[email protected]', an Azure Active Directory domain account.

Computer shows 'AzureAD\FirstNameLastName' as authorized for RDP since it's an administrator account.

Must use 'AzureAD\[email protected]' for RDP username.

No other settings changes needed, no manual editing of RDP file just had to get the username right.

Variform answered 27/12, 2021 at 21:6 Comment(1)

This didn't work for me, but the rdp saving trick one did it! – Teillo 29/11, 2023 at 15:52

Open the remote desktop connection, and enter the IP address. Then save as .rdp file format. After that, right-click and open it via Notepad++ Go to the bottom of the file, add the following lines

enablecredsspsupport:i:0

authentication level:i:2

save the file and close.

Make sure to uncheck the Allow connections ... with Network Level Authentication (recommended) checkbox.

Then type “.\AzureAD\email address" for the RDP username. No need to change to other settings.

Brockwell answered 20/6, 2023 at 15:34 Comment(1)

Hi, thanks for your answer. Please consider adding code formatting for the text lines to your answer to make it easier to read. – Jelks 21/6, 2023 at 18:29

from your window, it doesn't seem like you logged in with an azuread account, try with [email protected] as a username?

as per here:https://learn.microsoft.com/en-us/windows/client-management/connect-to-remote-aadj-pc

When you connect to the remote PC, enter your account name in this format: AzureAD UPN. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.

Haemostat answered 10/6, 2020 at 20:16 Comment(1)

I don't have an AzureAD Domain, I only have Windows 10 Home license and I want to connect through RDC from one PC to another – Obituary 11/6, 2020 at 7:44

For some reason the old remote desktop connection application was throwing the same error. I tried connecting through new remote desktop application( included in windows 10 ), it connected without any problem.

Shylashylock answered 4/8, 2021 at 4:9 Comment(0)

The issue is related to the password, which we have set at the time of the creation of VM.

That password doesn't meet the complexity criteria that we didn't get informed about while setting the username & password firstly. Therefore we need to reset the password.

1). click on created VM --> choose reset Password from the side menu.

2). This time they will tell us about constraints for setting the password.

3). Choose the appropriate password.

4). Now login via this format as below:

username : <publicIpOfVM>/<username>
password:  newPassword

Orogeny answered 3/3, 2022 at 19:53 Comment(1)

That was not my solution but I'm glad you post it. Maybe things have changed and this is the new solution. Thank you – Obituary 3/3, 2022 at 20:49

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags