Azure VM: the user account used to connect to remote PC did not work

Question

I have an Azure Virtual Machine connected with Azure Active Directory. A user from this AD is added to this machine as an admin. Other people can successfully RDP to the machine with this user's credential, but I get error saying "The user account used to connect to remote PC did not work. Try again". Well, I am trying the whole day. Does anyone know what can cause this?

The fun fact is, I can RDP to the machine using the local admin, but again it fails with AD user.

I tried connecting with Microsoft Remote Desktop for Mac, mstsc for Windows and with Remote Desktop Connection Manager. The same result everywhere.

I tried different usernames format:

alex.sikilinda@mydomain.com - other people can successfully login using this format
AzureAD\alex.sikilinda@mydomain.com - for windows client getting the same error, for Microsoft Remote Desktop for Mac getting "Your session ended because of an error. If this keeps happening, contact your network administrator for assistance. Error code: 0x807"
AzureAD\AlexSikilinda mstsc error - "Remote machine is AAD joined. If you are signing in to your work account, try using work email instead", Mac - "Your session ended because of an error. If this keeps happening, contact your network administrator for assistance. Error code: 0x807"

Microsoft Remote Desktop for Mac version 10.2.3 (1343) Windows 10 version 16299 (also tried with 1803 on another machine, the same result).

What username format are you using? Are you using default RDP client (mstsc)? — Hannel, Nov 27 '18 at 09:24
I asked about the RDP client because I have never seen that error on mstsc. Are getting 'exactly' the same error on all client? — Hannel, Nov 27 '18 at 15:46
I am trying to connect from mac via Microsoft Remote Desktop. I got the same error and I can't connect to VM. VM OS: Windows (Windows Server 2019 Datacenter) MacOS: Big Sur MRD Version: 10.6.6 — bulutgonulalan, Jun 12 '21 at 08:51

score 5 · Answer 1 · answered Nov 28 '18 at 08:08

I also came across the same error for the win10 that is AAD join, and I tried the following way to solve this:

Change VM Remote desktop settings same as the picture

Create a new RDP config file Open mstsc.exe, click on Show Options and then click Save As(give it a new name such as AzureAD_RDP, save it somewhere easy to find).

Open the saved file using Notepad. Verify that the following two lines are present, if not, add them, and save.

enablecredsspsupport:i:0

authentication level:i:2

RDP to the target VM

Open the RDP config file that you just edited, enter the IP address of the VM, do not enter any username, and then connect.

Here you could use AzureAD\UPN or username to log in.

Very good answer. Thank you very much. – Julien J Nov 17 '21 at 22:02 — Julien J, Nov 17 '21 at 22:02

score 0 · Answer 2 · answered Jun 17 '21 at 10:53

I haven't tried disabling the NLA (and wouldn't recommend), however in my case was the legacy MFA getting in the way of getting into the VM, even if only enabled for the account, and not forced.

In my case, we're using the Conditional Access with MFA, but we have to exclude the VM from the cloud apps (Azure Windows VM Sign-In), because we're not using Windows Hello (thanks Microsoft for a half baked solution!).

See Login to Windows virtual machine in Azure using Azure Active Directory authentication for more details.

Azure VM: the user account used to connect to remote PC did not work

2 Answers2