Remote Desktop doesn’t allowed saved credentials

imageHave you ever tried to save your RDP password and then connect to your favorite Windows Server only to be greeted by the message below?

“Your system administrator does not allow the use of saved credentials to log on to the remote computer (IP Address or host name) because its identity is not fully verified.  Please enter new credentials.”

The reason you are receiving this message is due to your computer not having a trusted certificate from the server in which you want to connect to.  This is a good thing, we want to make sure everything is secure.  With that, there are a couple ways to get rid of this message.  The first is to import the server certificate into your “Trusted Root Certification Authorities” folder.  The second is to use a local policy to “Allow delegating saved credentials with NTLM-only server authentication”.

Install Cert into Trusted Root Certification Authorities

You will be greeted with the alert below, the first time you RDP into a server that you don’t have a Trusted Certification for.

1.  Click on the View certificate button in the bottom left hand corner.

image

2.  Click the Install Certificate button.

image12

3. Select Local Machine

image

4.  Place the certificate in the Trusted Root Certification Authorities store.

image

5.  Select Yes to the warning.

image

Two things should happen now when you RDP to the server.  One, you won’t get that Certificate warning alert anymore.  Two, you can now save your password in the Remote Desktop Connection screen.

Allow delegating saved credentials with NTLM-only server authentication

So the second way to fix this message is by configuring your Local Group Policy.

1. Open up Local Group Policy Editor by running “gpedit.msc”.

2.  Navigate to “Local Computer Policy\Computer Configuration\Administrative Templates\System\Credentials Delegation”.

image

3.  Open the Setting “Allow Delegating Saved Credentials with NTLM-only Server Authentication”, and set it to Enabled.

image

4. After which click on the “Show” button, and add your server name.  (TERMSRV/Hostname or TERMSRV/*)  Hit, the OK button and you should be good to go.

image

3 Comments. Leave new

Hello Brandon,

the 2nd step should be applied on the remote server or on the client you are trying to initiate RDP from?

Reply

First site I found, fantastic description of exactly my problem, with full easy to follow (and correct) descriptions how to solve it. Works exactly as described. Life saved – Thank you!

Reply

Works like a charm. thanks!

Reply

Leave a Reply to Sid Cancel reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu