Unable to access a remote computer through Remote Desktop Connection when using a Microsoft Account

Question

Description of the problem: I am not able to connect through Remote Desktop Connection to access Computer A from Computer B. More specifically, when I am on Computer B, I am not able to access Computer A through Remote Desktop Connection. I was asked to provide username and password, but I kept getting told by a "Windows Security" window that said: "Your credentials did not work."

Observation 1: I was able to access Computer B from Computer A. (The other way around.)

Observation 2: The only difference as I can tell, is that: I used a Microsoft Account to log-in (locally and natively) on Computer B, and used a username alone to log-in on Computer A. The usernames on the two computers (locally speaking) are:

• Computer A: DESKTOP-XXX/username

• Computer B: [email protected]

Both computers are running Windows 10 Pro.

Observation 3: I have made sure that the there is no firewall between the two computers. (They are connected through a Ethernet switch in my home network, connecting to the outside world through the home router.)

Question: what has been going wrong? Do I have to assign and use the same Microsoft Account on Computer A? I have made sure that the password has been correct all the times, but the problem is persistent: I cannot connect from Computer B to Computer A, yet I can connect from Computer A to Computer B.

PS: I has also asked the same question in the TechNet forum, yet I am not counting on it quite a lot. Ref url.

Additional Information

The address for Computer A and B

As I only have dynamic IP on both machines, I used No-IP's service. Thus, for the two computers, for example: * Address for Computer A: computer-A.ddns.net * Address for Computer B: computer-B.ddns.net

Additional Experiments

Shutting down Computer B

When I shut down Computer B, using the address computer-B.ddns.net to connect still gets me the same error message (as in the screenshot above).

Getting a different IP for Computer B

Per the initial experiment, two computers are hosted in the same home network. Thus, the public IP for the two machines should be the same. To get Computer B a different IP, I disconnect the machine from the home network and used the Personal Hotspot on my phone. This time, I get a new error message:

Answer 1

I had the same with a couple machines linked to MicrosoftAccount\user from installation, remembered my previous installs started with a local account and were later linked to my Microsoft account and that worked fine.

Decided to change my Account so to sign in with a local account, tested RDP and that worked fine, decided to "re-link" my Microsoft account... tested again and it was still working without issues. Not sure exactly what causes the issue but it seems that creating a local account fixes the behavior, likely reg keys or gpedit settings not correctly configured with the Microsoft account.

Further to the above, I believe (from later found articles) that if the user signs in with the Microsoft's account password at least once rather than the PIN the issue may also be fixed. (Have confirmed this as the best fix)

https://community.spiceworks.com/topic/2047664-remote-desktop-fails-after-changed-to-microsoft-account

@TerenceGolla, hope you don't mind me quoting you below;

"For a clean install of Windows 11 which by default sets up Windows Hello go to Settings->Accounts->Sign-in options and turn off "For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device (Recommended)". This will allow you to sign-in with your password after which RDC will work. It also appears that once you use your password you can turn the option back on."

Answer 2

On my remote machine I have two accounts: I have a local administrator account and I have the MicrosoftAccount as a standard user.

To re-sync the password: logon with the local administrator account, I open the command prompt on the pc I wanted to be connected and type:

runas /u:MicrosoftAccount\[my account] cmd.exe

or

runas /u:[my account]@outlook.com cmd.exe

replacing [my account] with the actual account name of the Microsoft Account

If you recently changed your password, try with the old one, if it hasn't been synced, it'll work.

This will force the machine to re-sync the password so when you get prompted you can type the most recent password. As from that point on, RDP will recognise your new password.

I also tried the above commands while being logged on as the standard user. It looks like you can do the "runas" command for the current user, so you might not even need to use another account.

Hopefully above procedure contains enough clues so that someone can figure out what is happening and come up with a real solution

Answer 3

For me it worked by logging in to my Microsoft Account on the target machine with the Password (not PIN) of the Microsoft Account once.

After that, I can RDP into the machine by using the credentials of the Microsoft Account without errors.

Answer 4

I think, at least in my case, the problem was a lack of synchronization between the password on the machine and the password of the Microsoft account.

The way I think I resolved this was as follows:

1. Change my Microsoft Account password through the Win10 interface (under the "Users" control panel)
2. Log out.
3. Log in using the password (not using a PIN or face unlock)

Step 3 seemed to be key.

This resolved password problems both with remote desktop and with the task scheduler.

Answer 5

I had a similar problem signing in using the latest OSX (Mac) client. In my case, there appears to be a bug in the client if you have a password with a % character. Once I changed my password to remove this character, I had no problems logging in with username set to the result of "whoami" run in a command prompt window.

Incredibly frustrating that Microsoft can't properly encode characters.

Answer 6

In my case the problem was that I went passwordless using Authenticator app, and I never logged in to my remote machine with my Microsoft Account using password.

So, the fix for me was:

• Remove PIN
• Login using password
• Set the PIN back again

Then RDP connection using Microsoft Account worked.

The remote machine never got the password hash or whatever it happens behind the curtains

Answer 7

I ran into this problem recently, and confirmed that the answer is in fact the requirement of logging into your machine with the password. If you configure a Windows 10/11 system with a Microsoft account using the login prompts, Windows Hello kicks in immediately and makes you log in with a pin.

Since a pin login never hashes the password used to authenticate the user, when you attempt to connect using RDP, that authentication token seemingly goes nowhere and authenticates against nothing -- this is regardless of whether you've put in the username as the email address of the Microsoft account, or the username of the local account. Odd indeed, but it at least makes sense!

Answer 8

After reading the post by @AdamZaloum, I turned off "Require Windows Hello sign-in for Microsoft accounts", in the Sign-in option Settings page.

That fixed it for me, after everything else I tried didn't.

Screenshot from Windows 10 Pro:

(Microsoft doesn't allow passwords in Windows Hello!? They're up in the night if they really think a PIN is more secure than a 20 character password!)

Answer 9

I am no expert, but these are my findings: I can only RDP on my Windows 10 PRO machines. All of my Windows Home or Premium will not work. MS does not allow it on those OS's. My MAC PRO however, with the older Windows for MAC RDP loaded, will work perfectly.

Answer 10

I solved it by telling Windows in the settings that I want to login via a local user and not by the Microsoft account.

I created a new local user with a new password. (new local account means in this way that the new user stays the same, just as a local one)

Login via RDP than works with: Username: PC-NAME\UserName Password: new local user password

I am German user so I try to translate the write words.

Changing to local user works in settings under Account/Infos "...login via a local account"

Hope this helps. I don't see any reason for using the Microsoft Account for login instead of a local account.

Answer 11

In RE to kodybrown and to help those who need an answer to this, follow these steps on the PC you wish to remotely connect to that has a Microsoft account attached and Windows Hello active. I will also note that this method only works on the Professional version of Windows as the Home version doesn't have access to the Local Users and Groups tool.

1. Press Win+R to open the RUN dialogue.
2. Type lusrmgr.msc and press Enter
3. Navigate in the left pane to Users then double-click the user account you wish to use for remote access. This should open a dialogue called <user> properties.
4. In that dialogue, ensure that User must change password at next logon is unchecked and that Password never expires is checked.
5. Now go into the Member of tab in the user properties dialogue and add the group Remote Desktop Users to that list.
6. Click Apply at the bottom and close out this dialogue and the Local Users and Groups window.
7. If you haven't already enabled remote in settings, navigate to Settings → System → Remote Desktop and toggle it on. Click Confirm and under Remote Desktop users, add the user account you modified in Local Users and Groups.
8. You're now all set to use Microsoft's Remote Desktop tool or similar.

With these set, you can use your Windows Hello PIN physically on the PC and your Microsoft account password on the Remote Desktop app from another PC or your mobile device! Any prompts you get for admin during the Remote Desktop connection should ask for the Windows Hello PIN, not the password. Good luck and hope this solves your issue!

Answer 12

Simply

1. Lock you PC
2. Press "I forget my PIN"
3. Login with password with or without reset pin
4. Done