I've got a single Domain Controller (DC) and a few domain-joined workstations. Recently, I applied the Windows 11 STIG to the workstation with Hyper-V, and now I'm facing connection issues to my virtual machines (VMs). When I try to connect to a VM by right-clicking and selecting 'connect', it briefly shows 'connecting' before the session just closes. Additionally, when attempting to use Remote Desktop Protocol (RDP) from this workstation or others in the domain, I get an error saying 'An authentication error has occurred. The local security authority cannot be contacted' after entering my username and password. I've checked that the domain account I'm using works on other machines, and everything pings fine. Interestingly, RDP works smoothly from a Windows 11 machine where I didn't apply the STIG. I'm puzzled about which specific STIG setting might be causing this issue. Any insights would be greatly appreciated!
2 Answers
Could you tell me which STIG you used? Knowing the specific version could help narrow down the settings that might be affecting your connections.
It looks like your issues stem from the STIG hardening interfering with authentication. You might want to check the following settings:
- NTLM restrictions or any policies that deny all connections.
- CredSSP and encryption oracle settings might be playing a role too.
- LSA protection and restricted admin policies could also be causing trouble.
- Lastly, look into any firewall rules that are tied to remote services.
The key here is that your setup works fine on a non-STIG machine, so it's definitely a policy issue that has changed after applying the STIG. A good approach would be rolling back the settings incrementally to pinpoint the specific policy that’s causing the trouble.
I totally see your point. Can you go deeper into how I might check those settings you're suggesting? The firewall is currently disabled, so I'm curious why I can't connect to a VM through Hyper-V—it feels like that should be separate from remote service settings. Thanks!
Sure! I applied Windows 11 v2r6.