You might have encountered an issue where you can’t log in to an Azure AD-joined VM with your Ad account.

I recently encountered this issue myself on my demo tenant when I was creating a Windows 10 VM. The error I was faced with said ”The user name or password is incorrect. Try again” or «The logon attempt failed»

You should be able to log in with the local admin account with RDP which you used to Azure AD join it, however, this is not what we want.

So, how do we fix this?

The steps below describe how I managed to solve this issue.

  1. Log in with RDP to your Windows 10 VM in Azure with the local admin account first.
    Open Control Panel and go to System then Remote settings.
    Untick the Allow connections only from computers running Remote Desktop with Network Level Authentication. Then sign out again.
RDP

2. Now you need to create an RDP-file that you edit in a text editor such as Visual Studio or Notepad. You can also edit your existing RDP-file if you want. Below you can read what the new values we add to the RPD-file does.

RDP CONFIG

full address:s:ENTERIPHERE:3389
prompt for credentials:i:1
authentication level:i:2
enablecredsspsupport:i:0
username:s:USERNAME@DOMAIN.onmicrosoft.com

RDP DESCRIPTION OF VALUES – Don’t use

full address:s:ENTERIPADDRESS:3389			
# Set your IP address here to your VM
prompt for credentials:i:0			
# Defines if you should enter credentials before you enter your session - 0: Will not prompt for credentials
authentication level:i:2			
# Defines the server authentication level settings. - 2: If server authentication fails, show a warning and allow me to connect or refuse the connection (Warn me)
enablecredsspsupport:i:0			
# This setting determines whether RDP will use the Credential Security Support Provider (CredSSP) for authentication if it is available. - 0: RDP will not use CredSSP, even if the operating system supports CredSSP
username:s:USERNAME@DOMAIN.onmicrosoft.com 	
# Defines what username you should logon with

3. Now use your RDP-file to connect to your VM.
You should now be able to connect to the Windows login screen.
The username field will be populated with the username you have set in the RDP file. However, the domain name is not set. You will have to do this manually in the username field. To do this enter AzureAD\ in front of the username, then enter the password as usual.

Add AzureAD\ in front of the username and enter the password

4. Success! You should now be logged in with your Azure AD-account on your VM created in Azure. Now, remember to use this RDP file whenever you want to connect to the VM with your Azure AD Account.

Hopefully, you found this article helpful and I saved you some time and headache. 🙂