Remote Desktop Connection, “The server’s authentication policy does not allow connection requests using saved credentials. Please enter new credentials.”

Sal SalamoneSite Automation Engineer
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.

My goal was to have a thin client connect automatically to the terminal server when it was started without intervention, but I was stopped by a persistent request for Remote Desktop credentials, even though they were set to save and I could manually type in the password to successfully connect. 

Investigation online revealed several solutions for similar issues, but the actual fix was simple and not mentioned elsewhere, which is why I wrote this article.

The thin clients are running Windows 7 embedded Standard addition. The terminal server is running Windows Server 2008 SP2 (32-bit). This is in a Workgroup environment.  

The pop up error looks like this:

To resolve the issue, perform the following steps on the terminal server.

  1. At a command prompt edit the Group Policy settings by typing "gpedit"
  2. Under the Local Computer Policy, drill down to Computer Configuration>Administrative Templates>Windows Components>Terminal Services>Terminal Server>Security
  3. Disable "Always prompt for password upon connection"
  4. At a command prompt update the group policy by typing "gpupdate"

The Group Policy change is pictured here:

Making this simple change allowed the thin client to auto logon using saved credentials and I was able to place the saved .RDP file in the startup folder, so a connection is automatically made as soon as the thin client powers up.

With just this one change the thin client was able to logon to the terminal server without intervention, allowing reconnect anytime there is a power disruption stopping connection to the terminal server. The same saved .RDP file was left on the thin client’s desktop in case connection was lost by some other means. This solution provides an easy and secure method for thin clients to gain access to a terminal server.


Comments (1)

kevinhsiehNetwork Engineer
Distinguished Expert 2021

I am glad you figured it out. I was going to say that the behavior is by design. In fact, I have that setting specifically enabled... :-)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.