Remote Desktop Connection (RDP) is among the primary methods we use to access the desktop for managing Windows-based servers. It is generally trouble-free and frequently preferred.
“The Local Security Authority Cannot Be Contacted” Error
When accessing Windows Server 2008, Windows Server 2012 or higher version servers that you have always connected to with a remote desktop connection, you may unexpectedly receive the “The Local Security Authority Cannot Be Contacted” error indicating the “This could be due to an expired password” status. When you get this error, the remote desktop connection attempt ends and you may not be able to access the desktop of the Windows-based server with RDP until you solve the problem.
An authentication error has occured.
The Local Security Authority cannot be contacted
Remote computer: XXX.XXX.XXX.XXX
This could be due to an expired password.
Please update your password if it has expired.
For assistance, contact your administrator or technical support.
Solution the “The Local Security Authority Cannot Be Contacted” Error
There are several different causes and solutions for this error. Usually associated with the user account you want to log in to. If you try with a different account at the time of the error, you will be able to log in most of the time. Below are the 3 most common scenarios you may encounter.
1. The password of the user account you want to login to the remote desktop may have expired. For a solution, you can log on to the server locally by logging on to the related server with a different and authorized user. If this is an AD account, you can change the password directly from the DC. You will then be able to log in.
2. The password of the user account you want to log in to a remote desktop with may be marked to be changed on the first login attempt(User must change password at next logon). For the solution, the solution in the scenario is exactly valid. You can log on to the remote desktop after changing the password by logging into the server locally or by any other suitable method.
3. The user account you want to log in to the remote desktop with belongs to a domain. It is associated with a server (computer account) from the “Log On To” section and “Network Level Authentication” may be active on that server.
This may be as follows;
- If the server you want to login to is running Windows Server 2008 or higher and “Remote Desktop with Network Level Authentication” is active. As of certain Windows versions, this setting is also active by default when activating the remote desktop connection.
Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)
- The account you want to log into is an Active Directory user account, its password is valid and does not need to be changed.
- The Active Directory user account you want to log on to is mapped with “Log On To” to the server account you want to log on to. We usually use this setting to limit when we want a specific account to log on to specific servers/computers.
As a solution, if you get the “The Local Security Authority Cannot Be Contacted” error, which indicates the “This could be due to an expired password” status and is shown in the same way, because the conditions in scenario 3 are met, you can find the following solutions.
- You can remove the “Log On To” mapping between the Active Directory user account and the Windows server. The connection will then be established.
- You can try logging in with a user account that you think is not affected by the “Log On To” match.
- You can disable the “Remote Desktop with Network Level Authentication” setting on Windows where you are trying to make a remote desktop connection.