Share via

Mac RDP client cannot log into new Windows 11 Pro machine – “The credentials used to connect did not work” + certificate warning

Lafayette Williams 0 Reputation points
2026-03-11T16:05:05.17+00:00

trying to remote into a new Windows 11 Pro with remote desktop enabled, but receive the message: "The Credentials used to connect to [ip address] did not work."

I am using the same credentials that I remote into another Windows box from the Apple Windows App. The firewall is not blocking.

Here's the other message received: "You are connecting to the RDP host [Computer Name]. The certificate couldn't be verified back to a root certificate. Your connection may not be secure. Do you want to continue?" I said "yes", but it still will not allow access even though I changed the certificate option to "trust." I've tried both the computer name and the IP address.

It seems to alternate between the two error messages above based on the changes I made, but it never allows access. The other kicker is that logging in now prompts for a password on my old Windows RDP, which it never did before; after entering it, it allows access. Going in the wrong direction is a PITA!

Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Scott Nguyen 75 Reputation points Independent Advisor
    2026-03-11T19:25:48.7833333+00:00

    Hi Lafayette Williams,

    Thank you for giving your question to us.

    To my knowledge, this specific error sequence on Windows 11 Pro usually stems from a conflict between the Windows App (formerly Remote Desktop) on macOS and the enhanced security defaults in the latest Windows builds.

    Here are the recommended solutions to help you:

    1. Disable "Require Windows Hello" for Sign-in

    Windows 11 often defaults to allowing only "passwordless" sign-in for Microsoft Accounts. This prevents RDP from accepting a standard password because it expects a PIN or biometric that RDP cannot transmit.

    On the host Windows 11 PC, go to Settings > Accounts > Sign-in options.

    Under Additional settings, toggle OFF "For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device."

    Restart the PC and attempt to connect again.

    1. Verify the Username Format

    Remote Desktop is pedantic regarding how usernames are passed from macOS.

    If using a Local Account: Use .\Username or ComputerName\Username.

    If using a Microsoft Account: Use the full email address (e.g., ******@outlook.com).

    1. Adjust Network Level Authentication

    While NLA is a security best practice, it can occasionally cause the "Credentials did not work" loop if there is a mismatch in security providers.

    Go to Settings > System > Remote Desktop.

    Click the dropdown arrow next to "Remote Desktop" (Ensure it is On).

    Uncheck the box: "Require devices to use Network Level Authentication to connect (recommended)."

    Then test the connection again.

    1. Group Policy Adjustment

    If the above fails, you may need to force the security layer to negotiate correctly.

    Press Win + R, type gpedit.msc, and hit Enter.

    Navigate to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

    Find "Require use of specific security layer for remote (RDP) connections".

    Set it to Enabled and select RDP from the dropdown menu.

    If you find the answer useful, please mark it as the "Accepted Answer" so other members can find the solution easily. Your help in supporting the community is much appreciated!

    Best regards,
    Scott Nguyen

    0 comments
  2. Q&A Assist
    2026-03-11T16:05:32.1+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Use the following checks and fixes on the new Windows 11 Pro machine and the RDP configuration, focusing on authentication and the RDP listener/certificate.

    1. Verify the machine state and basic RDP configuration
    • Confirm the Windows 11 Pro machine is running and reachable on the network (ping or console access).
    • On the Windows 11 Pro machine, open System PropertiesRemote and ensure Allow remote connections to this computer is enabled.
    • Confirm the account being used is either a local account on that machine or a domain account that has permission, and that it is in the Remote Desktop Users group (or is an administrator).
    1. Check that the RDP listener is functioning If basic settings are correct but authentication still fails, verify the RDP-TCP listener:
    • On the Windows 11 Pro machine, check the registry key:
      • HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-tcp
    • If the listener configuration is suspected to be corrupt, export this key from a working Windows machine of the same version, back up the existing key on the new machine, replace it with the exported one, then restart the Remote Desktop Services (TermService) service and test again.
    • After changes, test RDP again from the Mac client.
    1. Fix certificate and encryption negotiation issues The certificate warning and repeated credential prompts indicate possible issues with the RDP self-signed certificate or security protocol negotiation.

    3.1 Reset the RDP self-signed certificate On the Windows 11 Pro machine:

    1. Open mmc.exe.
    2. Add the Certificates snap-in for Computer accountLocal computer.
    3. Navigate to Remote DesktopCertificates.
    4. Delete the existing RDP self-signed certificate.
    5. Restart the Remote Desktop Services service.
    6. Refresh the Certificates snap-in and confirm a new RDP self-signed certificate is created.

    3.2 Verify security protocol-related registry values On the Windows 11 Pro machine, check:

    • Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
      • If SSLCertificateSHA1HashValue exists and does not match the Thumbprint of the RDP certificate under Remote DesktopCertificates, delete SSLCertificateSHA1HashValue, restart the system, and test again. (Do not do this if the server has the Remote Desktop Connection Broker role.)
      • Ensure fAllowSecProtocolNegotiation is set to 1.
      • Ensure MinEncryptionLevel is set to 3.

    3.3 Check SSL cipher suite policy If a cipher suite policy is configured, it can break TLS negotiation with some clients:

    • In Group Policy, check:
      • Computer ConfigurationAdministrative TemplatesNetworkSSL Configuration SettingsSSL Cipher Suite Order.
    • Set this policy to Not configured if it is defined.
    • Then delete the registry value (if present):
      • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002Functions.
    • Reboot and test RDP again.
    1. Test with a local account If domain credentials are in use and still fail, test RDP using a local account on the Windows 11 Pro machine. If local accounts work but domain accounts fail intermittently, investigate domain connectivity and possible TCP port exhaustion as described below.
    2. Check for intermittent or port-exhaustion-related issues If the error appears intermittently or after the machine has been running for some time:
    • On the Windows 11 Pro machine, open Event ViewerWindows LogsSystem and look for events such as 1129 (Group Policy), 4227/4231 (Tcpip), or 5719 (NETLOGON).
    • If these events are present, troubleshoot TCP port exhaustion and identify any misbehaving process that may be consuming ports. Stopping that process and then signing in via RDP with domain credentials can restore access.
    1. If issues persist If, after resetting the RDP certificate, confirming the RDP listener, and validating encryption and cipher suite settings, the Mac client still cannot authenticate while other clients can, collect logs and consider contacting Microsoft Support for deeper analysis.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.