Win11 24H2 Blocking NTLM for RDP and SMB

Posted on by

I have two laptops on the same domain. One has been running Windows 11 Pro for a while and even with a recent update to 24H2, has no problems connecting to remote RDP hosts or to my local NAS via SMB. The other laptop I just upgraded from Windows 10 22H2 to Windows 11 24H2 and lost the ability to connect via RDP or SMB.

The messages were always about failed NTLM connections.

Wni11 Connection 1   Wni11 Connection 2

Hours of analysis with three AIs (ChatGPT, Gemini, and Perplexity) had me checking all kinds of NTLM settings, SMB settings, cipher suites, etc. As far as I could see, all settings matched between the two laptops. One AI led towards the conclusion re. RDP that the TCP connection was failing before the authentication step, but I didn’t get far enough to confirm or fix that.

Then Perplexity cited this obscure thread about how re-installing the Windows Server Essentials connector solved the problem:

https://learn.microsoft.com/en-us/answers/questions/3892952/authentication-failed-because-ntlm-authentication

Well yes, the failing laptop probably had the Essentials 2016 connector installed. I uninstalled it when I decommissioned the 2016 Essentials server. I tried re-installing it, but the installation won’t finish if there is no 2016 Essentials server on the network.

The thread referenced the 2012 R2 Essentials connector, specifically WSEClient-x64.msi, available here:

https://www.microsoft.com/en-us/download/details.aspx?id=40285&msockid=28f752d53ba962a734eb47e73a936349

I installed that on my “bad” Windows 11 24H2 laptop. The installation finished without any prompts for server name etc. After a reboot, both RDP and SMB started working again. Amazing.

Reference

These event logs, under Applications and Services Logs, are relevant for troubleshooting RDP connections:

Client side

  • Microsoft-Windows-TerminalServices-RDPClient/Operational
  • TerminalServices-ClientActiveXCore/Operational

Host (Target) side

  • Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin

And these more specific tips from Perplexity:

  • Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

    • Look for errors around the time of your failed connection attempt. Event IDs like 143, 142, or 226 are relevant (especially related to connections, disconnects, and handshake failures).

  • Microsoft-Windows-TerminalServices-LocalSessionManager/Operational

    • Successful logins will yield events like ID 24 (disconnect), 25 (reconnect succeeded), and failures may appear as missed session starts.

  • Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

    • Event ID 261 (“Listener RDP-Tcp received a connection”) appears even for failed handshakes—the server acknowledges an attempt, even if handshake fails.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.