Microsoft KB Archive/939820

= Error message when you try to use Remote Desktop Connection to connect to another Windows Vista-based computer in Windows Vista: &quot;No authority could be contacted for authentication&quot; =

Article ID: 939820

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems

-



SYMPTOMS
In Windows Vista, you receive the following error message when you try to use Remote Desktop Connection to connect to another Windows Vista-based computer:

No authority could be contacted for authentication. For assistance, contact your system administrator or technical support

This problem occurs if the following conditions are true:
 * You try to connect by using a fully qualified domain name (FQDN) or a NetBIOS name.
 * Both computers are in a Windows Server 2003-based domain.
 * You have performed an authoritative restoration on the Users container in the Active Directory directory service.

Note This problem does not occur if one of the following conditions is true:
 * You connect by using the IP address of the remote computer and by using a local user account on the remote computer.
 * You connect from a Windows XP-based computer to a Windows Vista-based computer.
 * You connect from a Windows Vista-based computer to a Windows XP-based computer.



CAUSE
This problem occurs because the version number of the KRBTGT account increases when you perform an authoritative restoration. The KRBTGT account is a service account that is used by the Kerberos Key Distribution Center (KDC) service.



RESOLUTION
To resolve this problem, apply this hotfix to all the Windows Server 2003-based domain controllers in the domain. This hotfix prevents the problem before you perform an authoritative restoration. This hotfix also fixes the problem when you have already performed an authoritative restoration.

Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Windows Server 2003 service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Prerequisites
To apply this hotfix, you must have Windows Server 2003 Service Pack 2 installed. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

889100 How to obtain the latest service pack for Windows Server 2003

Restart requirement
You must restart the computer after you apply this hotfix.

Hotfix replacement information
This hotfix does not replace any other hotfixes.

File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2003 with Service Pack 2, Itanium-based versions


WORKAROUND
To work around this problem, disable the new Remote Desktop Protocol (RDP) authentication functionality that Windows Vista provides. To do this, follow these steps:  Click Start, type mstsc.exe in the Start Search box, and then press ENTER. Click Options. On the General tab, click Save As. In the Save As dialog box, specify a location and a name for the file, and then click OK.

Note The saved file will have the .rdp file name extension. Click Start, type notepad in the Start Search box, and then press ENTER. In Notepad, open the file that you saved in step 4.</li>  Locate the line that resembles the following: authentication level:i:x Note The  placeholder represents the current authentication level. </li>  Change the authentication level to 0 so that the line becomes the following: authentication level:i:0 Note When you set the authentication level to 0, RDP 6.0 does not check for server authentication. </li>  Add the following line to the end of the file: enablecredsspsupport:i:0 Note When this line is present, users do not have to enter credentials before they establish a remote desktop connection. </li> Save the file.</li> To connect by using Remote Desktop Connection, run the file that you saved in step 10.</li></ol>

Note After you follow these steps, RDP 6.0 becomes incompatible with Windows Vista-based computers that have the Allow connections only from computers running Remote Desktop with Network Level Authentication option enabled in the system properties.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

MORE INFORMATION
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbbug kbfix kbqfe kbpubtypekc kbexpertiseinter kbhotfixserver kbwinserv2003postsp2fix KB939820

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.