Azure VM: Remote Computer Requires Network Level Authentication

After creating a VM in Azure, when I attempted to access it via RDP, I encountered the error “The remote computer requires network level authentication, which your computer does not support.” In this post, I will show you how to remotely disable Network Level Authentication (NLA) on an Azure virtual machine.

The process of creating a new virtual machine in Azure only took a short while, and the machine was soon operational. The VM was running the latest version of the Windows 10 operating system. When I attempted to RDP this Azure VM, I immediately got an error related to NLA. See also how to troubleshoot issues when you can’t RDP into an Azure VM using AAD credentials.

When you create a virtual machine in Azure, the Windows client OS has network level authentication (NLA) enabled by default. With Network Level Authentication, user authentication is finished before you connect to a remote desktop and the logon screen shows up. The only workaround is to disable the NLA because it can occasionally prevent you from connecting via RDP to an Azure VM.

Azure VM: Remote Computer Requires Network Level Authentication

The following error appeared when I attempted to RDP into an Azure VM. Remote Desktop Connection: The remote computer requires network level authentication, which your computer does not support. For assistance, contact your system administrator or technical support.

To resolve this error, you must disable the network level authentication on the Azure VM. Since you cannot RDP the VM, you cannot log in to this virtual machine. In these situations, Microsoft allows you to use “Run Command” on a remote VM hosted in Azure, using which you can turn off NLA.

If you want to disable NLA on Azure VM, you can utilize the Run command feature. The Run Command uses the VM agent to let you run a script inside the virtual machine. This can be helpful for troubleshooting and recovery, and for general machine and application maintenance.

In the Azure portal, go to Virtual Machines and select the Azure VM on which you want to disable NLA. On the left pane, select Run Command under Operations. From the list of run commands, select “DisableNLA.”

The DisableNLA run command in Azure is actually a registry code that turns off the network level authentication on the remote Azure VM.

Disables Network Level Authentication (NLA): You can use this script to disable NLA if RDP connections are failing with error ‘The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA.’ or error ‘An authentication error has occurred. The Local Security Authority cannot be contacted.’ NLA is a security feature that should only be disabled temporarily to allow RDP connections to succeed until the domain controller connectivity issue has been resolved.

To initiate the Disable NLA run command script, select Run.

The script execution begins where it runs the following code on the virtual machine and disables the network level authentication. Do note that the script uses a code that turns off the NLA via registry.

Write-Output 'Configuring registry to disable Network Level Authentication (NLA).'
$path = 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'
Set-ItemProperty -Path $path -Name UserAuthentication -Type DWord -Value 0
Write-Output 'Restart the VM for the change to take effect.'

You must restart the VM after the script completes for the change to take effect. The script itself does not restart the VM.

After you have successfully disabled the NLA on Azure VM, you must restart the virtual machine. Select the Virtual Machine and in the Overview tab, use the Restart option.

After the VM restart is complete, you can now RDP to the Azure VM. I hope the steps covered in this post helped you to resolve the NLA error. Kindly let me know in the comments section in case you have any questions.