Remote Desktop to Server 2008R2 fails from one particular Win7 client

2

I have a VPS running Windows Web Server 2008 R2. I'm able to connect using Remote Desktop from my home PC (Windows 7), personal laptop (Windows 7), and work laptop (Windows XP).

However, I cannot connect from my work PC (Windows 7). I receive the error "The logon attempt failed" in the RDP client, and the server event log shows "An account failed to log on" with this explanation:

Subject:
    Security ID:        NULL SID
    Account Name:       -
    Account Domain:     -
    Logon ID:       0x0

Logon Type:         3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:       username
    Account Domain:     hostname

Failure Information:
    Failure Reason:     Unknown user name or bad password.
    Status:         0xc000006d
    Sub Status:     0xc0000064

Process Information:
    Caller Process ID:  0x0
    Caller Process Name:    -

Network Information:
    Workstation Name:   JESSE-PC
    Source Network Address: -
    Source Port:        -

Detailed Authentication Information:
    Logon Process:      NtLmSsp 
    Authentication Package: NTLM
    Transited Services: -
    Package Name (NTLM only):   -
    Key Length:     0

I can connect from the offending work PC if I start up Windows XP Mode and use the RDP client inside that.

The server is part of a domain but my account is local, so I'm logging in using a username of the form hostname\username. None of the clients are part of a domain. The server uses a self-signed certificate, and connecting from home I get a warning about that, but connecting from work I just get the logon error.

windows-7
windows-server-2008-r2
remote-desktop
login
asked on Server Fault Dec 10, 2010 by Jesse McGrew • edited Feb 24, 2012 by JohnThePro

3 Answers

2

A couple of things based on your post of the event log:

  1. The NULL SID indicates that no such user account exists.

  2. The status code 0xc0000064 indicates that the user name does not exist

  3. Logon Type 3 is a network logon, but an RDP logon is normally a logon type 10 (RemoteInteractive).

Aside form the logon type being 3 instead of 10 as I would expect, have you tried logging on to the server with a domain account (domain\username)? It looks like you're trying to log on with a local user account (machine\username). Are you sure the local user account exists?

answered on Server Fault Sep 21, 2011 by joeqwerty
1

It sounds like you're on the right track, it's most likely a username issue. I would confirm that:

  1. On Win 7, RDP app, Options, Advanced Tab: "If server authentication fails" s/b set to "connect & don't warn me" or "warn me" as you prefer but not "don't connect".

  2. In same tab make surer there isn't anything unusual in the the "Connect from Anywhere" Settings button.

  3. Then go back to the General tab and confirm the host\username settings. Since it's a local account I would also try it w/ just the username, no hostname.

If this is a saved connection then I would delete it and/or create a new connection in case it's just corrupt.

answered on Server Fault Dec 12, 2010 by Ed Fries
1

Long shot... I know this is NTLM, but there are some aspects of NTLM that might be factoring in time skew (There's this: https://superuser.com/questions/395966/how-inaccurate-must-the-clocks-time-be-for-ntlm-requests-to-be-denied-due-to-th which leads to this: http://support.microsoft.com/en-au/kb/976918). Might want to check the clocks.

answered on Server Fault Apr 9, 2015 by Mayyit • edited Mar 20, 2017 by Community

User contributions licensed under CC BY-SA 3.0