Windows Azure VM- Error: The Remote Computer that you are trying to connect to requires Network Level Authentication (NLA)

 

Alright, this was an interesting issue! so thought of sharing with you all. It might come in handy!

I built my private domain controller and forest in Windows Azure IaaS named CORP. I created Affinity groups and a private network which helped with assigning static DNS IP for the DC. I also installed two member servers (VMs in Azure) with Windows 2012 R2 and SQL 2014 image from the Azure gallery. Attached them to the CORP domain and assigned the static DNS IP of the DC to the member server as it’s DNS Entry, though I kept DHCP IP for the member servers to use their own IP’s.

I had this limitation of 20 Procs in my subscription and I was running few Oracle, SQL and Windows VM’s, result I could only create the new SQL 2014 VM’s with minimum processors, and hence had to be satisfied with the bare minimum CPU cores and memory (2 Cores and 3.5 GB RAM).

Lately, I was asked to deliver a session on SQL 2014 In-Memory, MOA, Resource Governor and Cardinality Estimator for which I had no choice other than uplifting the infrastructure for one of the SQL 2014 VM’s (16GB RAM and 8 Cores).

Indeed it was easy to change right. Just go to the VM configuration and change the Virtual Machine size (See Figure 1):

image

Figure 1

So, I made the changes and the server was rebooted once the infrastructure uplift was done, and after the server came up I couldn’t connect with my domain credentials CORP\useraccount

I kept getting the following error:

[Window Title]
Remote Desktop Connection

[Content]
The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box.

[OK]

Here is how the error looks like pictorially:

image

So, what is the solution? You will see numerous posts in the public domain asking for updating your RDP Client etc. and indeed that may apply (please verify if the above conditions are true to apply this solution

Solution:

For Azure VMs, when you increase the size of the VM (adding CPU and Memory), the network configuration is reset. This means that if you have a static DNS defined inside the VM, it would be set to DHCP assigned which is the public DNS in Azure.

Use local admin account to log on to the virtual machine and set the DNS to point to your DC. Alternatively, assign the IP address of the DC/DNS under DNS servers of virtual network.

Please let me know if you have any questions or concerns around this.

Comments

  • Anonymous
    September 17, 2014
    I faced this issue today.  Your post resolved it for me!

  • Anonymous
    September 22, 2014
    The comment has been removed

  • Anonymous
    September 29, 2014
    Thanks for your post. I also had the same issue today and your post resolved it. :)

  • Anonymous
    November 12, 2014
    In my case the issue was resolved when following entry was added to registry; HKEY_LOCAL_MACHINESYSTEM CurrentControlSetControl Key: SecurityProviders Value credssp.dll

  • Anonymous
    January 28, 2015
    I had the same situation (resized my VM) and your post resolved the issue.  Thank you!

  • Anonymous
    March 16, 2015
    I had same issue when I was manually changing ip configuration in my test environment and after installation of ADDS. Logging on local admin let me through ;) Thanks!

  • Anonymous
    March 18, 2015
    I saw this with an Azure VM I had just created as a domain controller. Restarting the VM solved the problem in my case.

  • Anonymous
    March 19, 2015
    Thank you.

  • Anonymous
    March 22, 2015
    I faced this issue just now.  Your post resolved it for me! Thanks!!!

  • Anonymous
    April 29, 2015
    The comment has been removed

  • Anonymous
    May 09, 2015
    The comment has been removed

  • Anonymous
    June 10, 2015
    Indeed, not only that but it appears to reset the mac address too....!

  • Anonymous
    June 22, 2015
    also in my case, this was solved by rebooting the machine.. I had performed some changes on the VN

  • Anonymous
    June 27, 2015
    Hey Tara , Thanks a mill for the post. It resolved my problem.

  • Anonymous
    September 15, 2015
    Another solution that worked for me, same error but in a slightly different scenario: I had a DC on-premises and a DC in Azure. Because the VPN connection between on-prem and Azure was broken and all the FSMO roles were on the on-prem DC, there was no possibility to access AD and verify credentials. I had to wait for the VPN connection to work and then everything went back to normal.

  • Anonymous
    October 05, 2015
    The comment has been removed

  • Anonymous
    November 17, 2015
    The comment has been removed

  • Anonymous
    March 31, 2016
    The comment has been removed

    • Anonymous
      May 04, 2016
      Interesting. Could you send me more details to tarasha@microsoft.com please?