So, my knowledge on Remote desktop services is not so good, but I managed to get it up and running last year, it's been working just fine for eight months. Now today no Remote desktop users can login. Console sessions are working fine though. I checked and the licensing is okay, no errors. But users trying to login are logged in the security log such:
EVENT ID: 4625
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: xxxxxxxx
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: xxxxxxxxx
Description:
An account failed to log on.
Subject:
Logon Type: 3
....
To narrow it down I followed this tip to get logging running in the
netlogon.log
-file https://social.technet.microsoft.com/Forums/windowsserver/en-US/1001bb80-c490-4ec6-828a-9090588c570c/cannot-remote-desktop-into-windows-2008-server-eventid-4625?forum=winserverTSMy log shows the following:
03/11 22:38:44 [LOGON] [3000] SamLogon: Network logon of domainuser from client Entered
03/11 22:38:44 [CRITICAL] [3000] NlPrintRpcDebug: Couldn't get EEInfo for I_NetLogonSamLogonEx: 1761 (may be legitimate for 0xc000006d)
03/11 22:38:44 [LOGON] [3000] SamLogon: Network logon of domainuser from client Returns 0xC000006D
When searching on the
[CRITICAL]
part of the above log it looks like it has to do with the wrong DC is answering or something. We used to have a BDC but it is gone since long. I can't figure it out, Any suggestions?jthemanjtheman
4 Answers
Try to check if DC's and user machines has correctly synchronized time. If so, check your RDP setting and try to disable NTLM authentication. Another thing can be that some profiles are broken (because of some migration when SID's are gone), did you tried create new profile and connect to RDP with sufficient privileges to RDP? Last thing it can do this problem is with bad configured DNS servers on workstations and DC's.
MyKEMyKE
I have no clue why this apparently got changed - or other thing made this not to work. But unselecting the 'network level authentication for remote-desktop services' for the server worked. Now everyone can access.
I used this simple guide:
Source: http://www.2x.com/disabling-network-level-authentication-for-remote-desktop-services-connections-2/
jthemanjtheman
We are also experiencing the exact same problem since a few days.Try setting the security level in the RDP-Tcp settings to RDP Security Layer instead of negotiate or SSL.That (temporarily) fixed it for us. Must be a Windows update or so..
SamSam
Thanks Sam, setting the security level in the RDP-Tcp settings to RDP Security Layer fixed it for us.
Easy vpn (pro) 2.1 apk. Turns out the better fix was to uninstall update KB3002657 from the domain controllers - that was the cause of the Netlogon problem for us.
Maxim TechMaxim Tech
protected by Greg AskewMar 13 '15 at 14:42
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Would you like to answer one of these unanswered questions instead?
Not the answer you're looking for? Browse other questions tagged windows-server-2012remote-desktop-services or ask your own question.
Hi have had a problem i can’t seem to figure out and can’t seem to find an answer on the net.Our setup is simple:
2008 domain.
1 server is running Win2008R2 acting as a Remote desktop Gateway server and an Exchange 2010 Client access server. (we do have other servers on the network this one just acts as a gateway)
We got a San certificate from Go daddy which we use to access remotely to webmail/Outlook Anywhere through this server.
All remote exchange comms with hostname mail.abcd.com work fine so we know the certificate is fine.
We have port 443 open.
The install of the role went through fine I tried to keep the default settings to avoid to many changes…. Installed the role. Added the mail.abcd.com certificate. Added the users to the CAP, selected the allow to any network resource in the RAP. All seems ok.
I have added the certificate to the server personal and trusted root containers as well as a few external clients I’m using for testing. (these clients use XP and win7)
The NPS is set to default install…(don’t know if this is causing it, can’t see anything specific)
Our problem is when we attempt to connect to a machine on the local network through the RD gateway remotely using the default workstation remote desktop connection we keep getting the logon error and it keeps prompting for credentials.
If I try using the rdweb page I still can´t connect to any local machines. (I have verified local machines do have allow remote connections enabled.)
I have spent days reading up forums and there is a lot about this but it all points to the same thing which I have tried…
I have tried:
Verifying that the Default Web is not redirecting anywhere.
I can logon to the site https://mail.****.co.uk/rpc and it gives me a blank white page.
I have tried going to my IISdefault web siterdwebpages and changing the application setting “DefaultTsGateway” and adding the hostname, mail.abcd.com
Remote Desktop The Logon Attempt Failed Rd Gateway Windows 10
There is nothing in the logs that point to anything.All services are running, RDGateway: RPC: IIS: etc.
The Logon Attempt Failed
Using the RDP client internally does not work either. (If I enable the bypassing internal address locally it works)
Using the RDWEB page I can connect locally but I’m sure it’s because its bypassing internal address locally.
Because I have Outlook anywhere and exchange 2010 client access installed I have been very careful with this as I have many client connecting remotely.
Any help would be appreciated.