Troubleshooting specific RDP error messages to a Windows VM in Azure

You may receive a specific error message when using Remote Desktop connection to a Windows virtual machine (VM) in Azure. This article details some of the more common error messages encountered, along with troubleshooting steps to resolve them. If you are having issues connecting to your VM using RDP but do not encounter a specific error message, see the troubleshooting guide for Remote Desktop.

For information on specific error messages, see the following:

The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license.

Cause: The 120-day licensing grace period for the Remote Desktop Server role has expired and you need to install licenses.

As a workaround, save a local copy of the RDP file from the portal and run this command at a PowerShell command prompt to connect. This step disables licensing for just that connection:

    mstsc <File name>.RDP /admin

If you don't actually need more than two simultaneous Remote Desktop connections to the VM, you can use Server Manager to remove the Remote Desktop Server role.

For more information, see the blog post Azure VM fails with "No Remote Desktop License Servers available".

Remote Desktop can't find the computer "name".

Cause: The Remote Desktop client on your computer can't resolve the name of the computer in the settings of the RDP file.

Possible solutions:

  • If you're on an organization's intranet, make sure that your computer has access to the proxy server and can send HTTPS traffic to it.
  • If you're using a locally stored RDP file, try using the one that's generated by the portal. This step ensures that you have the correct DNS name for the virtual machine, or the cloud service and the endpoint port of the VM. Here is a sample RDP file generated by the portal:

      full address:s:tailspin-azdatatier.cloudapp.net:55919
      prompt for credentials:i:1
    

The address portion of this RDP file has:

  • The fully qualified domain name of the cloud service that contains the VM ("tailspin-azdatatier.cloudapp.net" in this example).
  • The external TCP port of the endpoint for Remote Desktop traffic (55919).

An authentication error has occurred. The Local Security Authority cannot be contacted.

Cause: The target VM can't locate the security authority in the user name portion of your credentials.

When your user name is in the form SecurityAuthority\UserName (example: CORP\User1), the SecurityAuthority portion is either the VM's computer name (for the local security authority) or an Active Directory domain name.

Possible solutions:

  • If the account is local to the VM, make sure that the VM name is spelled correctly.
  • If the account is on an Active Directory domain, check the spelling of the domain name.
  • If it is an Active Directory domain account and the domain name is spelled correctly, verify that a domain controller is available in that domain. It's a common issue in Azure virtual networks that contain domain controllers that a domain controller is unavailable because it hasn't been started. As a workaround, you can use a local administrator account instead of a domain account.

Windows Security error: Your credentials did not work.

Cause: The target VM can't validate your account name and password.

A Windows-based computer can validate the credentials of either a local account or a domain account.

  • For local accounts, use the ComputerName\UserName syntax (example: SQL1\Admin4798).
  • For domain accounts, use the DomainName\UserName syntax (example: CONTOSO\peterodman).

If you have promoted your VM to a domain controller in a new Active Directory forest, the local administrator account that you signed in with is converted to an equivalent account with the same password in the new forest and domain. The local account is then deleted.

For example, if you signed in with the local account DC1\DCAdmin, and then promoted the virtual machine as a domain controller in a new forest for the corp.contoso.com domain, the DC1\DCAdmin local account gets deleted and a new domain account (CORP\DCAdmin) is created with the same password.

Make sure that the account name is a name that the virtual machine can verify as a valid account, and that the password is correct.

If you need to change the password of the local administrator account, see How to reset a password or the Remote Desktop service for Windows virtual machines.

This computer can't connect to the remote computer.

Cause: The account that's used to connect does not have Remote Desktop sign-in rights.

Every Windows computer has a Remote Desktop users local group, which contains the accounts and groups that can sign into it remotely. Members of the local administrators group also have access, even though those accounts are not listed in the Remote Desktop users local group. For domain-joined machines, the local administrators group also contains the domain administrators for the domain.

Make sure that the account you're using to connect with has Remote Desktop sign-in rights. As a workaround, use a domain or local administrator account to connect over Remote Desktop. To add the desired account to the Remote Desktop users local group, use the Microsoft Management Console snap-in (System Tools > Local Users and Groups > Groups > Remote Desktop Users).

Next steps

If none of these errors occurred and you have an unknown issue with connecting using RDP, see the troubleshooting guide for Remote Desktop.