NLA — Network Level Authentication.

RDP server without NLA when connected draws this login interface:

If on RDP server NLA is turned on, then server won't show any interface before password check. Then client should draw interface. WTware login interface:

By default since Windows 2012 Server NLA is turned on. Advantages of NLA:

• + NLA is safer. Without NLA server communicates about graphics compression, allows to open COM-ports, connect smartcards to any connected by TCP/IP client. The more communication between client and server, the higher hacking probability. With NLA server doesn't communicate with client before password check.

Disadvantages of NLA:

• - There's no way to change expired password inside RDP. You are to change password in some other interface, not by RDP connection. For example update expired password using RDWeb
• - There's no on-screen keyboard in login interface.
• - No error diagnostics. Without NLA Windows will explain what is the problem with login or password. With NLA server just disconnects without explanations.

To turn off NLA run on server Local Group Policy Editor (for domain server you may use domain policies):

Change only one setting: