• Troubleshooting
  • Authentication and Login Issues
  • Windows Login Failures

Certificate or Password Authentication Fails for One or More Users

Case 1: Authentication With Certificate and Password Fails

Trying to authenticate with certificates or passwords fails.

Potential Solution

Ensure the user has adequate permissions to log in to the target with RDP, and no domain or local policy prevents login. Verify:

  • If user's group memberships on the target allow RDP login.
  • If there is no deny RDP login group that would overwrite the allow RDP group.

Case 2: Authentication With Certificate Fails, but Passwords Work

Trying to authenticate with a password works but certificate authentication fails.

Potential Solution

Ensure NLA is disabled. Verify:

  • If the user has the required allow logon locally access right.
  • If all clocks on the PrivX Server, target domain host, and Domain Controller are synchronized.
  • The certificate properties in the command prompt by logging in with password: certutil -scinfo -pin 0.

Case 3: Authentication With Password Does Not Work for Users Who Have Never Logged on to the Target

Password authentication only works for domain users who have logged on to the target previously. It fails for domain users who have never logged on to the target before. In addition, certificate authentication fails for all users.

Potential Solution

If all permission settings are the same for all users (e.g., all are in the correct administrator group), the profile cache might be hiding a DC issue. To verify this, run certutil -dcinfo verify on the target host command prompt.

Contact Windows Domain admins if the following error appears: The domain specified is not available. Please try again later.

Was this page helpful?