10.3.1. Procedure – Network Level Authentication (NLA) with domain membership

Purpose: 

Joining a domain is required when using Credential Security Service Provider (CredSSP, also called Network Level Authentication or NLA).

Prerequisites: 

The target servers and PSM must be in the same domain, or you must establish trust between the domains that contain the target servers and PSM. For details on the type of trust required, see Section 10.3.2, Using PSM across multiple domains. If you cannot or do not want to join PSM to the domain, see Procedure 10.3.3, Network Level Authentication without domain membership.

Steps: 

  1. Navigate to RDP Control > Settings, and select the Enable Network Level Authentication option. (If you will have connections that will not use Network Level Authentication, create a separate RDP Settings policy).

  2. Navigate to RDP Control > Domain membership.

  3. Enter the name of the domain (for example mydomain) into the Domain field.

    Figure 10.2. RDP Control > Settings — Joining a domain

    RDP Control > Settings — Joining a domain
  4. Enter the name of the realm (for example mydomain.example.com) into the Full domain name field.

    Note

    Ensure that your DNS settings are correct and that the full domain name can be resolved from PSM. To check this, navigate to Basic Settings > Troubleshooting > Ping, enter the full domain name into the Hostname field, and select Ping host.

  5. Click .

  6. Click Join domain. A pop-up window is displayed.

  7. PSM requires an account to your domain to be able to join the domain. Enter the following information:

    • The name of the user into the Username field.

    • The password into the Password field.

      Note

      PSM accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[\]^-`{|}

    • The name of your domain controller into the Domain controller field. If you leave this field blank, PSM tries to find the domain controller automatically.

      Note

      Ensure that your DNS settings are correct and that the hostname of the domain controller can be resolved from PSM. To check this, navigate to Basic Settings > Troubleshooting > Ping, enter the name of the domain controller into the Hostname field, and select Ping host.

    • The organizational unit into the Organization unit field.

  8. Click Join domain.

  9. If successful, PSM displays the name of the domain it joined.

    Note

    If you need PSM to leave the domain for some reason, click Leave domain.