Unable to login on RDSH over SAML

2 users found this article helpful


Unable to login with the following error:


In most cases, this is related to Active Directory Group Policies configuration.


Make sure that there is a separate policy linked to the Organizational Unit with only RD Session Host servers in it.

The following settings should be applied in that policy:

Deny logon through Remote Desktop Services > add NLAUser:

Allow logon through Remote Desktop Services > add Domain Users:

NOTE: Ideally, the above-mentioned settings should not be configured in the Default Domain Policy for better flexibility in policy management.

Was this article helpful?

Tell us how we can improve it.