I have a VPS running Windows Web Server 2008 R2. I'm able to connect using Remote Desktop from my home PC (Windows 7), personal laptop (Windows 7), and work laptop (Windows XP).
However, I cannot connect from my work PC (Windows 7). I receive the error "The logon attempt failed" in the RDP client, and the server event log shows "An account failed to log on" with this explanation:
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: username
Account Domain: hostname
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: JESSE-PC
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
I can connect from the offending work PC if I start up Windows XP Mode and use the RDP client inside that.
The server is part of a domain but my account is local, so I'm logging in using a username of the form hostname\username
. None of the clients are part of a domain. The server uses a self-signed certificate, and connecting from home I get a warning about that, but connecting from work I just get the logon error.
A couple of things based on your post of the event log:
The NULL SID indicates that no such user account exists.
The status code 0xc0000064 indicates that the user name does not exist
Logon Type 3 is a network logon, but an RDP logon is normally a logon type 10 (RemoteInteractive).
Aside form the logon type being 3 instead of 10 as I would expect, have you tried logging on to the server with a domain account (domain\username)? It looks like you're trying to log on with a local user account (machine\username). Are you sure the local user account exists?
It sounds like you're on the right track, it's most likely a username issue. I would confirm that:
On Win 7, RDP app, Options, Advanced Tab: "If server authentication fails" s/b set to "connect & don't warn me" or "warn me" as you prefer but not "don't connect".
In same tab make surer there isn't anything unusual in the the "Connect from Anywhere" Settings button.
Then go back to the General tab and confirm the host\username settings. Since it's a local account I would also try it w/ just the username, no hostname.
If this is a saved connection then I would delete it and/or create a new connection in case it's just corrupt.
Long shot... I know this is NTLM, but there are some aspects of NTLM that might be factoring in time skew (There's this: https://superuser.com/questions/395966/how-inaccurate-must-the-clocks-time-be-for-ntlm-requests-to-be-denied-due-to-th which leads to this: http://support.microsoft.com/en-au/kb/976918). Might want to check the clocks.
User contributions licensed under CC BY-SA 3.0