Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

"The Local Security Authority cannot be contacted"

RRAS, VPN, TS/RDP, Routing and remote Access.

"The Local Security Authority cannot be contacted"

Postby guest » Thu Dec 06, 2012 9:10 pm

When using RDC to access a remote computer, I keep receiving this message: "The Local Security Authority cannot be contacted". Why and how to fix it?
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: "The Local Security Authority cannot be contacted"

Postby guest » Thu Dec 06, 2012 9:19 pm

Case 1: If some users can logon remotely, but others. It could be Local Security Policy settings. Run Local Security Policy on the remote computer.Navigate to Local Policy>User Right assignment. Check Allow log on through Remote Desktop services and Deny log on through Remote Desktop services settings.

Case 2: Make sure the password is not expired. If, yes, change it.

Case 3: Logon admin using remote desktop console and then logon the user account.

Case 4: It could be DNS issue. If you can run ipconfig /flushdns on the remote computer or reboot it, it may work again.

Case 5: We just needed to set "Allow connections from computers running any version of Remote Desktop (less secure)"... instead of the NLA option

Case 6: the solution for my issue was to reset the user account password eventhough it is not expiring. This seems to be the work around so far.

Case 7: try to remove the remote computer from domain and rejoin it.

Case 8: if this is a new account or you just changed the password, you may need to remote computer once locally, then you should be able to logon remotely.
Last edited by guest on Thu Dec 06, 2012 9:51 pm, edited 4 times in total.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: "The Local Security Authority cannot be contacted"

Postby guest » Thu Dec 06, 2012 9:19 pm

Yesterday I spent my time on solving this issue. Thankfully I solved it. Now with great pleasure I would like to share with you.



First:

Go to System - Remote setting (in the left pane of the window) - under Remote Desktop select Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) and click OK.

Then you will set a password for you account, this is a required procedure. To set password go to: Start - type User Accounts select Create a password . I recommend to make a strong password because your computer now allow remote connections.

Next, unblock the Remote Desktop in your Firewall. Open your firewall (depending which security software is installed on your computer) find Remote Desktop and set it to By application rule or Allow .



OK, first preparation step is ready.



Now, let's go to second final step.



Run Remote Desktop Connection .

In the Experience tab select your connection speed. Go back to General tab, in the Computer: type the full name of a remote computer to which you going connect, and then click Connect button. (You can view a computer full name in System properties under Computer name, domain, and workgroup settings. )

Then the new window will pop-up (Windows Security) here you must enter you credentials.

Please READ further instructions carefully.

In the new (Windows Security) window select Use another account , then type the User name and Password OF your remote computer and click OK button. Probably then you will receive the Warning message select OK or Allow.

Wait a little bit and then you will see you Remote Desktop.

That's it.



I hope this instructions will help you to solve Your problems of Remote Desktop setup.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: "The Local Security Authority cannot be contacted"

Postby guest » Thu Dec 06, 2012 9:23 pm

Just remove the machine from Domain and remove the system name from AD computer list after all you just restart the system then add the system again in the domain.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: "The Local Security Authority cannot be contacted"

Postby guest » Thu Dec 06, 2012 9:25 pm

The issue was related to the cached account on the server. As soon as I deleted the cached credentials I could login without issue.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: "The Local Security Authority cannot be contacted"

Postby guest » Thu Dec 06, 2012 9:33 pm

From my experience, you cannot log onto a system remotely with a domain account using cached credentials.

The server (not necessarily the client) needs to be able to authenticate remote users with a Domain Controller in order to allow them access. Locally logged-in users are exempt from this requirement. Why there is a difference, or if there is a way around this, I do not know.

I've run into this before, when I take a laptop (running Server 2003 or 2008) out to a remote site where I am behind a firewall that does not allow my system to reach any Domain Controllers. Other systems on the network are configured to be able to communicate with DCs, but not mine. Under these conditions, using cached credentials, I can log in locally to my laptop with my domain account just fine. I can also log in remotely, with my domain account, to any system on the network that's able to communicate with the DCs.

However, coming from one of those networked systems, I cannot log in remotely to my laptop with my domain account while it cannot communicate with the DCs. At this point, my domain account is in the local Administrators group and I usually have a locally logged-in session already running.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: "The Local Security Authority cannot be contacted"

Postby guest » Thu Dec 06, 2012 9:34 pm

This can occur if you are requiring Network Level Authentication (NLA) and your password has expired. In RD Session Host Configuration (tsconfig.msc), RDP-Tcp Properties, General tab, if Allow connections only from computers running Remote Desktop with Network Level Authentication is selected then NLA is required. Currently you cannot use Remote Desktop to log on using an account with an expired password when NLA is required.

Do you have another account that you could use to log on to this server via Remote Desktop? Once logged on you could change the password of the other account or set it to Password never expires.

If your server is in a datacenter often they will offer KVM over ip for an hourly fee that way you could log on to the console and change your password. Another option is if they offer "remote hands" or similar service you could ask them to log on, change the password for you, then you could immediately log on remotely and change it to something different. My experience has been that some providers will perform this type of simple request for free.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: "The Local Security Authority cannot be contacted"

Postby guest » Thu Dec 06, 2012 9:36 pm

Quoted from Microsoft.

When a client tries to connect to a remote access server, the client may receive one or both of the following error messages:

The Local Security Authority cannot be contacted (Error 0x80090304). For customized troubleshooting information for this connection, click Help.

-or-

Error 0x80090022: Providers could not perform the action since the context was acquired as silent.

Case 1: A Server Certificate Uses a Key Size of 464 or Less
To work around this issue, configure the server with a certificate whose key length is greater than 464 bits. Microsoft recommends that you use a minimum value of 1024, or for a long-lived key, a length of 2048.
Case 2: EAP Client Tries to Reconnect after Returning from Standby
To work around this issue, try to connect to the server again.

After the first unsuccessful call when the client returns from standby, the next connection attempt works.
Case 3: EAP Client Tries To Reconnect an Active VPN Session
To work around this issue, try to connect to the remote access server again.
Case 4: Internet Security and Acceleration (ISA) Server is Configured to Drop Fragmented Packets
To work around this issue, configure ISA Server to permit incoming fragmented packets. To do so: 1.Start the ISA Management utility.
2.Under your server or array, locate, and then right-click IP Packet Filters.
3.Click Properties, and then click the Packet Filters tab.
4.Click to clear the Enable filtering of IP fragments check box, and then click OK.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: "The Local Security Authority cannot be contacted"

Postby guest » Thu Dec 06, 2012 9:39 pm

Quoted from Microsoft.

SYMPTOMS

When attempting to establish a remote desktop connection using RD client (mstsc.exe) to a Remote Desktop server which is running Windows Server 2008 R2, you may encounter any of these messages:

The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name.

Or

An authentication error has occurred.
The Local Security Authority cannot be contacted

CAUSE

Generally this error message points to network congestions prohibiting a secure connection to the RD server. However, this error message may also appear if RD Server is configured for secure connections using TLS and TLS is not supported at the client (source machine) attempting the RDP connection.

RESOLUTION

Remote Desktop in Windows Server 2008 R2 offers three types of secure connections:

Negotiate: This security method uses TLS 1.0 to authenticate the server if TLS is supported. If TLS is not supported, the server is not authenticated.
RDP Security Layer: This security method uses Remote Desktop Protocol encryption to help secure communications between the client computer and the server. If you select this setting, the server is not authenticated.
SSL: This security method requires TLS 1.0 to authenticate the server. If TLS is not supported, you cannot establish a connection to the server. This method is only available if you select a valid certificate.


To resolve the issue, change the remote desktop security on the RD server to RDP Security Layer to allow a secure connection using Remote Desktop Protocol encryption. Below are the steps:

1. Navigate to Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
2. With RD Session Host Configuration selected view under Connections.
3. Right click RDP Listener with connection type Microsoft RDP 6.1 and choose Properties.
4. In general tab of properties dialog box under Security, select RDP Security Layer as the Security Layer.
5. Click OK.

Note: This setting does not need a restart of the Server or Remote Desktop Service.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: "The Local Security Authority cannot be contacted"

Postby chicagotech » Thu Jun 15, 2017 4:48 pm

It could be the issue caused by Log On To button under user object’s Account tab isn’t configured correctly. Please either add both terminal server and client machine the user is using to Logon Workstations, or set this section to All computers, then restrict remote logon permissions using Group Policy and remote desktop users group.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6934
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA


Return to VPN, TS and Remote Access

Your Ad Here

Who is online

Users browsing this forum: Google Adsense [Bot] and 2 guests