3

While trying to remote into a computer, I originally got a message stating that the clock wasn't in sync with the server time (or something like that... I forget the exact message and cannot reproduce now). Now I am getting a different message:

"The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box."

I do not, at the moment, have physical access to anything. However, I do have access to remote into the Domain Controller and have done so.

What can I do to gain access to the computer I want to remote into? Obviously I can't get onto that computer to disable the NLA requirement, but does having access to the DC afford me any ability to access this computer?

BVernon
  • 403
  • 1
  • 7
  • 19
  • 1
    Solution 4 at the link: https://thegeekpage.com/solved-the-remote-computer-requires-network-level-authentication/ – joeqwerty Nov 13 '19 at 04:47
  • @joeqwerty Darn, looked like it was working at first but then just got a different error: "There are currently no logon servers available to service the logon request." – BVernon Nov 13 '19 at 06:31
  • Which is strange considering I can remote into the DC, right? – BVernon Nov 13 '19 at 06:31
  • 1
    The remote computer isn't talking to the DC, possibly because of the problem with the clock. Now that NLA is turned off you should still be able to log in with the local administrator account if it is enabled and if you know the password. If it is disabled and/or you don't know the password, you could try [this powershell script](https://spiderip.com/blog/2018/04/powershell-script-to-remotely-enable-a-local-administrator-account-and-set-a-password) to reconfigure it. (NB: I found that script with a Google search, I haven't tried it myself, but it looks OK.) – Harry Johnston Nov 13 '19 at 18:48
  • ... theoretically you should be able to use powershell to reset the clock on the remote computer directly, but there doesn't seem to be an already-built solution out there. Also it might be that the time zone is wrong rather than the clock itself, probably easier to get in via the local administrator account so you can see what you're doing. – Harry Johnston Nov 13 '19 at 18:59
  • @HarryJohnston I ended up just having to wait until I could access the machine directly. If it happens again I will definitely give the aforementioned ideas a try. Thanks! – BVernon Nov 13 '19 at 20:04
  • Huh. Were you able to log in from the console with the same credentials that gave you the "no logon server" message over Remote Desktop? – Harry Johnston Nov 13 '19 at 21:06
  • @Harry Johnston yes, same creds – BVernon Nov 15 '19 at 03:58
  • Perhaps you're not allowed to use cached credentials over Remote Desktop. I wasn't aware of that, but it makes a certain amount of sense from a security standpoint. – Harry Johnston Nov 15 '19 at 04:50
  • @HarryJohnston Oh, no I think you can (maybe?). I needed to login as the user in question but she didn't know her password (because it was saved in her rdp shortcut and she never had to enter it). So I had to reset her password. – BVernon Nov 15 '19 at 06:45
  • I had a similar problem, except if logging in on the remote PC at the console, RDP started working. Will post more in if I discover what was going on. – David Balažic Jun 22 '20 at 21:19

0 Answers0