Posted in : Active Directory, Azure, Microsoft, Office 365, Windows By Sebastian Stegrin Translate with Google ⟶

4 years ago

Actually this post was not planned in any way, but one day when I was creating a Windows 10 VM in Azure and Azure AD-joined it I couldn’t login to it via RDP with my Azure AD-account.
The error I was faced with said ”The user name or password is incorrect. Try again”.
I promise you, I tried it again, a couple of times, I even had to login to the web mail to ensure myself that I used the correct credentials, and I did.
To be on the safe side I created a second VM but I ran into the same issue with that one.

So this was the window I was presented with every time I tried to login with USERNAME@DOMAIN.onmicrosoft.com.
I was able to login with a local account, in that way I managed to Azure AD-join it.
RDP
 
The steps below describe how I managed to solve this issue.

  1. Login to your Windows 10 VM in Azure.
    Open Control Panel (the old one, not Settings) and go to System then Remote settings.
    Untick the Allow connections only from computers running Remote Desktop with Network Level Authentication.

    This is not recommended but if the situation requires it please continue from here on.
    Read more about Network Level Authentication here.
    RDP
  2. Now you need to create an RDP-file that you edit in a text editor such as Notepad.
    In the boxes below you can see how my RDP-file looks like and a description what the different commands do to make this possible.

    full address:s:IPADDRESS:3389
    prompt for credentials:i:0
    authentication level:i:2
    enablecredsspsupport:i:0
    username:s:USERNAME@DOMAIN.onmicrosoft.com
    domain:s:AzureAD
    full address:s:IPADDRESS:3389			# Set your IP address here to your VM
    prompt for credentials:i:0			# Defines if you should enter credentials before you enter your session - 0: Will not prompt for credentials
    authentication level:i:2			# Defines the server authentication level settings. - 2: If server authentication fails, show a warning and allow me to connect or refuse the connection (Warn me)
    enablecredsspsupport:i:0			# This setting determines whether RDP will use the Credential Security Support Provider (CredSSP) for authentication if it is available. - 0: RDP will not use CredSSP, even if the operating system supports CredSSP
    username:s:USERNAME@DOMAIN.onmicrosoft.com 	# Defines what username you should logon with
    domain:s:AzureAD				# Should define what domain you should logon to but I didn't manage to get this to work but it doesn't hurt to try it.
  3. Now use your RDP-file to connect to your VM.
    You should end up at the Windows login screen.
    As you can see in the picture below the username field should look like this AzureAD\USERNAME@DOMAIN.onmicrosoft.com
    Earlier we typed the domain as AzureAD in the RDP-file but that doesn’t seem to work for me, and to be honest I didn’t do any troubleshooting around that so I just typed in AzureAD\ into the username field.
    Windows Login Screen
  4. You should now be logged in with your Azure AD-account on your VM created in Azure.
    Windows Settings

To Azure AD-join your computer please follow this guide here.
If you have any questions regarding this please feel free to leave a comment down below or contact me on LinkedIn.

Tags : AAD, account, Azure, AzureAD, credentials did not work, Microsoft, RDP, VM, Windows, Windows 10

Personlig rådgivning

Vi erbjuder personlig rådgivning med författaren för 1400 SEK per timme. Anmäl ditt intresse i här så återkommer vi så snart vi kan.

Comments

Alex says

Thank you Seb - that worked perfectly for a Windows 10 PC I am building :-)

Alex

Sebastian Stegrin says

I'm glad that my article helped you with your work :)

Have a great day!

Adrian says

Hello, Thank you very much for your article, I finally made it, as an addition I can add if you enter the user name in the RDP file as follows, it works without any further addition.
username:s:\AzureAD\username@domain.de

Sebastian Stegrin says

I'm happy to hear that it helped you!
Thank you for the information :)

Federico says

As integration to this article, you can login with biometrical authentication, tried with Windows Hello, and it works out of the box.

Sebastian Stegrin says

Hi Federico,
Thank you for the information! :)

Add comment

Your comment will be revised by the site if needed.