I am running a Server 2008 R2 environment and have recently enabled network level authentication for RDP connections. Since the change, users who have their logons restricted to specific servers via AD, now get an error when logging on via RDP:
An Authentication error has occured
The Local security authority cannot be contacted
After investigating this error and reading technet I found that removing the "log on to" restriction within their user object solved the problem even tho they had rights to this server. Adding the users client PC name to the "Log on
to" list also solves this issue.
My question is, is there another way around this? We have an environment where some users may require an RDP connection from a client PC not on the same domain (over VPN) as the server. It will not be practical to add many different client PC names
to the log on to list and I don't understand why client PC's must be specified in the Log on to list and not just the actual server they are logging onto.
Any pointers appreciated