Sudden login failure on RDS server on Windows 2012

0

So, my knowledge on Remote desktop services is not so good, but I managed to get it up and running last year, it's been working just fine for eight months. Now today no Remote desktop users can login. Console sessions are working fine though. I checked and the licensing is okay, no errors. But users trying to login are logged in the security log such:

EVENT ID: 4625

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: xxxxxxxx

Event ID: 4625

Task Category: Logon

Level: Information

Keywords: Audit Failure

User: N/A

Computer: xxxxxxxxx

Description:

An account failed to log on.

Subject:

Security ID:                 NULL SID

Account Name:                      -

Account Domain:                            -

Logon ID:                            0x0

Logon Type: 3

........

To narrow it down I followed this tip to get logging running in the netlogon.log-file https://social.technet.microsoft.com/Forums/windowsserver/en-US/1001bb80-c490-4ec6-828a-9090588c570c/cannot-remote-desktop-into-windows-2008-server-eventid-4625?forum=winserverTS

My log shows the following:

03/11 22:38:44 [LOGON] [3000] SamLogon: Network logon of domain\user from client Entered

03/11 22:38:44 [CRITICAL] [3000] NlPrintRpcDebug: Couldn't get EEInfo for I_NetLogonSamLogonEx: 1761 (may be legitimate for 0xc000006d)

03/11 22:38:44 [LOGON] [3000] SamLogon: Network logon of domain\user from client Returns 0xC000006D

When searching on the [CRITICAL] part of the above log it looks like it has to do with the wrong DC is answering or something. We used to have a BDC but it is gone since long. I can't figure it out, Any suggestions?

windows-server-2012
remote-desktop-services
asked on Server Fault Mar 11, 2015 by jtheman

4 Answers

1

Try to check if DC's and user machines has correctly synchronized time. If so, check your RDP setting and try to disable NTLM authentication. Another thing can be that some profiles are broken (because of some migration when SID's are gone), did you tried create new profile and connect to RDP with sufficient privileges to RDP? Last thing it can do this problem is with bad configured DNS servers on workstations and DC's.

answered on Server Fault Mar 11, 2015 by MyKE
1

I have no clue why this apparently got changed - or other thing made this not to work. But unselecting the "network level authentication for remote-desktop services" for the server worked. Now everyone can access.

I used this simple guide: guide

Source: http://www.2x.com/disabling-network-level-authentication-for-remote-desktop-services-connections-2/

answered on Server Fault Mar 11, 2015 by jtheman
1

We are also experiencing the exact same problem since a few days. Try setting the security level in the RDP-Tcp settings to RDP Security Layer instead of negotiate or SSL. That (temporarily) fixed it for us. Must be a Windows update or so...

answered on Server Fault Mar 12, 2015 by Sam
0

Thanks Sam, setting the security level in the RDP-Tcp settings to RDP Security Layer fixed it for us.

Turns out the better fix was to uninstall update KB3002657 from the domain controllers - that was the cause of the Netlogon problem for us.

answered on Server Fault Mar 13, 2015 by Maxim Tech • edited Mar 13, 2015 by Maxim Tech

User contributions licensed under CC BY-SA 3.0