2009-01-21

Remote Desktop not allowed to use saved credentials

When trying to use saved credentials in Remote Desktop Connection you might receive this message:

Your credentials did not work
Your system administrator does not allow the use of saved credentials to log on to the remote computer terminal.server.com because its identity is not fully verified. Please enter new credentials.
(screenshot)

To be able to use saved credentials in this situation you need to do the following:

1. Open Group Policy Editor via cmd -> gpedit.msc (screenshot)
2. Navigate to Local Computer Policy\Computer Configuration\Administrative Templates\System\Credentials Delegation\
3.Open Setting Allow Delegating Saved Credentials with NTLM-only Server Authentication, set it to Enabled click on button Show... and in Show Contents window add Value TERMSRV/terminal.server.com. Close all windows by pressing OK. (screenshot)
4. Run cmd and enter gpupdate command to update your policy. (screenshot)

Now you should be able to use your saved credentials.

note:
these steps were performed on Windows 7 beta, but probably it will stay the same in final release and my guess is, it is the same in Vista (too lazy to check).

35 comments:

  1. Anonymous31.8.09

    Perfect answer to my problem. Thanks! The only thing the post dones't say is that you do this on the computer you're connecting from, not the one you're connecting to.

    ReplyDelete
  2. Anonymous6.11.09

    Thnx :)

    ReplyDelete
  3. Steve25.8.10

    YES!! Thank you.

    ReplyDelete
  4. thank you. I had this issue when trying to connect to a Windows 2008 Server, but no more!

    ReplyDelete
  5. Thank you, it worked brilliantly.

    For those looking to save all credentials to all servers, without specifying each one individually, can give the following:

    TERMSRV/*

    ReplyDelete
  6. Anonymous11.11.10

    Excellent, especially with the TERMSRV/* value.
    Thanks to all!

    ReplyDelete
  7. Anonymous18.11.10

    I am going to save a day of my life with this solution! Thanks!!!

    ReplyDelete
  8. Anonymous20.1.11

    Thank yout a lot! Great!

    ReplyDelete
  9. Hi, I did it the way you mentioned. But when I click I get the meesage "Computer can't connect to remote comp because RDCB couldn0t valide the settings in RDP file". Do you have an idea? Thanks!!

    ReplyDelete
  10. to answer if this is has to be done from the client or from the server (Just a guess):if you check the GPEDIT picture on the top right corner you see a link with "Send Feedback", I think I have seen this on a Vista Beta Computer so I think it's done from the client computer ;-)

    ReplyDelete
  11. Thanks very much.

    ReplyDelete
  12. Michael Pedersen11.4.11

    ty, this was driving me crazy :D

    ReplyDelete
  13. perfect, many thanks - yep this must be done on the server you're connecting from (not to!)

    ReplyDelete
  14. dude, saved my life :P


    thanks

    ReplyDelete
  15. Thanks for the information.

    I followed the instructions, but it still does not work. The client machine is a Win7 Ultimate. The server is WS2008 R2.

    ReplyDelete
  16. Thanks a lot...worked perfectly in Windows 7.

    ReplyDelete
  17. Anonymous18.7.11

    Screw Microsoft. Use "Terminals" app
    http://terminals.codeplex.com

    ReplyDelete
  18. Anonymous14.8.11

    Just a correction: If You are in domain enviroment it is better to do this on your domain server using group policy editor.
    If You make this settings in default domain policy then You made it for all domain computers. If You want to allow this just for selected users it is better to create a new policy and "filter" users and/or computers.

    ReplyDelete
  19. This is great, thank you! One add'l tip. I am using a laptop that is often connected to my network at work. I was trying to make this change for use at home and it was not working. I had to VPN to my work network to get it to update gp successfully.

    ReplyDelete
  20. Anonymous25.10.11

    Thanks! That helped!

    By the way, one might get stuck when trying to *remove* an item from the list of added servers. (The dialog is not very smart and does not include a "delete" button nor does allow leaving an empty field.)

    Only way how I could make it work was to switch the state back to "Not configured", which cleared the list. (Which probably isn't very convenient if you have a longer list there...)

    ReplyDelete
  21. I discovered you can delete items by selecting the row and pressing the [DEL] key.

    ReplyDelete
  22. When you add server.domain.tld to the Group Policy but then connect to 192.168.x.y it doesn't work. Logical but I didn't realize the RDP file was connecting on IP instead of FQDN until I inspected it.

    ReplyDelete
  23. Anonymous15.12.11

    Awesome, you just made my day! Thank you.

    ReplyDelete
  24. I have problem is like saving credential in RDP console is working. But is not working while taking RDP for windows server 2008 Servers.
    save credential are check marked still its asking credential for every time its having only from windows server 2008. But Windows Server 2003 version is working.

    ReplyDelete
  25. Anonymous23.5.12

    Thank you, worked perfectly!

    ReplyDelete
  26. Anonymous29.6.12

    Thank you Sir,

    Worked...

    ReplyDelete
  27. Anonymous24.8.12

    cool, thanks, worked perfectly ;)

    ReplyDelete
  28. Anonymous29.1.13

    Didn't change a thing...

    I had this on a 2008 R2 TS, where I wanted to save creds for a connection to another 2008 R2 TS from there. Doesn't work.

    When connecting to 2008 TS it works fine, allready before the issue.

    Seems to me it is a problem on the connected TS instead of the starting place..

    ReplyDelete
  29. Anonymous22.2.13

    Thanks a lot!

    ReplyDelete
  30. Anonymous17.4.13

    Thanks a lot for the information. it worked for me on Win 7

    ReplyDelete
  31. Anonymous27.8.14

    Hi, i believе that i noticed ƴou visitwd my web site ѕo і cɑmе
    to return thе choose?.ӏ'm tгying tо to fіnd thіngs to
    improve my site!I guess its goo еnough to make usee of а feew оf youг ideas!!



    Feel fre to visit my homepaage - Clash Of clans hack android

    ReplyDelete
  32. Thanks dude, it worked fine!
    I tested it on Windows 8.1

    ReplyDelete
  33. Hello guys,

    I am using windows 10, and I want to connect to a remote but I'm keep getting a message.

    Your system administrator does not allow you to connect to this remote computer. For assistance contact your system administrator or technical support

    ReplyDelete
    Replies
    1. This is the exact same issue I am encountering. I am at the point of wiping, and re-installing Windows, as I know the issue is specific to this one computer and is not my AD login.

      Delete
  34. Does not work on Windows 2008

    ReplyDelete