New AVD deployment clients get "We couldn't connect to the remote PC because of a security error. If this keeps happening, ask your admin or tech support for help. error"

Jeff Riechers 1 Reputation point
2021-08-04T17:24:35.067+00:00

So decommisioned my WVD environment and deploying a new fresh AVD environment in my demo/test lab.

Process all works great, internally I can RDP into my AVD machine.

Trying to connect externally via the APP or browser and it throws errors.

Browser: We couldn't connect to the remote PC because of a security error. If this keeps happening, ask your admin or tech support for help.

Full client: Your remote desktop connection failed because the remote computer cannot be authenticated. Your computer's settings do not allow connection to this remote computer because it cannot be identified. Either it is running a version of Windows that is earlier thank Windows Vista, or it is not configured to support server authentication.

I tried changing the CREDSSP settings in AVD, no luck.

Checked MFA and all authentication is working fine.

Can RDP directly to the machine in Azure with the same account used externally.

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,377 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Azure Antihero 0 Reputation points
    2023-02-28T14:00:26.2633333+00:00

    I had the same issue with my AVD deployment. My virtual desktops are domain-joined to an on-prem AD DS I'm running in the cloud (you get domain/enterprise admin access doing it this way as opposed to using the Azure AD DS, but you have to deal with synchronization via Azure AD Connect).

    In my case, the "We couldn't connect to the remote PC because of a security error. If this keeps happening, ask your admin or tech support for help" message was due to the AVD RDP property "Azure AD authentication" being set to "RDP will attempt to use Azure AD authentication to sign in." This wasn't causing any errors to start since I hadn't initially hybrid-joined the virtual desktop. However, after performing the join and configuring the Service Connection Point (SCP) in Azure AD Connect to facilitate it, I could only access the underlying VM directly or by using the remote desktop apps on another VM.

    I know you said you checked the CredSSP settings in Azure for AVD, but maybe the Azure AD authentication is/was your issue? If so, and you do want to use Azure AD authentication to sign in, check out this link (https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises?WT.mc_id=Portal-fx#create-a-kerberos-server-object) on creating a Kerberos server object to handle the in-between work for Azure AD and AD DS--that should fix the issue for you.

    Hope this helps somebody!

    0 comments