If you get the message "Wrong Network Level Authentication credentials!"
then you have met following conditions
A1. you have activated NLA authentication forcibly
B1. and you have typed wrong or empty password on logon page, or logon was deleted and not anymore present in Windows internal data store.
If you are sure your logon and password are correct and under same circumstances (same user, same password, same domain, same server IP/domain, same port) with mstsc.exe you can successfully login then probably you faced one known security limitation of HTML5 gateway that blocks connection to servers outside of intranet and instead it reroutes the traffic to local server 127.*** where the wished user/pass logon is not present and as consequence not accepted, and so by conditions as above you get again wrong password message.
By default non intranet RDP IPs (except 192.168.*.*, 10.*.*.*, 172.16-32.*.*, 127.*.*.*) are disabled to be accessed to avoid security risk that your gateway could be potentially reused to access unknown RDP servers outside of your intranet/local network.
Do following if you wish to reenable all internet servers!
Reenabling RDP internet servers
1. open/edit(create) *\Clients\webserver\settings.bin
2. and add/save
disable_internet_servers=false
3. restart HTML5 via AdminTool GUI
however the above setting "disable_internet_servers=false" is highly not recommended since that would allow to reuse your gateway to get access per RDP protocol to any server that does not belong to your network, especially internet addresses. To avoid such scenario and at same time block unknown RDP addresses you could add alternatively the wished server(s) to the list of allowed servers.
Allow only specified servers for RDP access for improving security
1. open/edit(create) *\Clients\webserver\rdplist.bin
2. add line separated as example
155.1.3.3:3389
demo.tsplus.net:3389
my_server.com
129.56.134.22
etc.
3. restart HTML5 via AdminTool GUI
If you still get the "wrong NLA credentials" message even after checking all the points listed above then check if you can connect locally on the server to IP 127.0.0.2 with same login and same password you tried to use with HTML5 client before and failed afterwards. Most probably you will fail with mstsc.exe too, but in such case change password to something easier to remember under admin accoount and then retry to login again. Additionally check *\Clients\webserver\web_log.txt to identify to what RDP server exactly the HTML5 client tries to connect, probably it connects to another server than you expect and so your credentials are unsurprising not accepted there.
If everything else described above did not help then create support ticket with providing of working RDP access logon or TeamViewer access so we can investigate in your issue. Remember, without access to your server such kind of errors can not be fixed therefore providing access to your problematic server is mandatory!
If you get permanently by same logon the message "CredSSP required by server!"
then most probably you have met following conditions
A2. you have activated NLA authentication forcibly (see the picture above from A1)
B1. and you have activated "User must change password at next logon".
To fix it either deactivate NLA if you still need the option of changing password at next logon, or remove that logon option from users logon (as example in lusrmgr.msc)
What about "Network Level Authentication" messages? Print
Modified on: Sat, 1 Dec, 2018 at 10:31 PM
Did you find it helpful? Yes No
Send feedbackSorry we couldn't be helpful. Help us improve this article with your feedback.