No (more) RDP connection via VPN


RDP connection does not work since yesterday when connecting via VPN:

Network Level Authentication (NLA) is required for the remote computer you are trying to connect to. However, NLA cannot be performed because the Windows domain controller cannot be reached.

There are no problems in local network without VPN.

Turning off NLA helps, but is not a permanent solution for security reasons.
Is it also related to Microsoft update as described here?

UCS: 5.0-4 errata740
Windows-Clients 10 64Bit with last Updates

Confirming same behaviour here from a mac over VPN too. Works locally and not remotely.

Disabling NLA allows the microsoft RDP client to work but not the 3rd party jump desktop RDP client. 0x207 error when it doesn’t work. A non-domain local computer account works without problems locally or remotely, so I agree probably related. I’ll uninstall the mentioned updates when I get a chance to see if it starts working again.

edit: I’m also not on 5.0-4 yet so not a UCS server side change. My windows PC had rebooted last night, so probably those updates.


mention of RDP issues (and a patch) in the linked samba mailing list thread:

1 Like

I did an update to 5.0.4 just tonight to see if that would fix the problem (spoiler: no :wink: ).
Ok, then I guess I can skip contacting our firewall vendor’s tech support. Thanks for the additional info!

Disable NLA temporarily until the patch for UCS is available. If you only have remote access, use a local user account for this.

Update: 5.0-4errata750 has solved the problem.

PEBCAK :laughing: (wrong user for testing)
After updating to 5.0-4 errata750 and system restart (Univention Management Console > server reboot) still no RDP over VPN connection possible with the activated NLA:
And it works in local network without problems.