RDS Logon failure with domain accounts over internet, but not over VPN

2

We have a domain-joined RDS 2008 R2 server where logons are rejected for domain accounts (even domain admins) coming in directly over the internet, but it works fine over VPN or internally.

The RDS server also has a number of local accounts, and those logons work fine directly over the internet or over VPN. The domain is controlled by SBS 2003.

Some configuration and locking down was done long ago on this server, so I'm not sure if this is due to some configuration or it's a Windows issue.

I don't think it is a Windows or hardware firewall issue, since the attempted RDP logon reaches the server. The failed logon is recorded in the Event Viewer:

        An account failed to log on.
        Subject:
            Security ID:        NULL SID
            Account Name:       -
            Account Domain:     -
            Logon ID:       0x0

        Logon Type:         3
        Account For Which Logon Failed:
            Security ID:        NULL SID
            Account Name:       testuser
            Account Domain:     testdomain
        Failure Information:
            Failure Reason:     An Error occured during Logon.
            Status:         0xc000006d
            Sub Status:     0x0
        Process Information:
            Caller Process ID:  0x0
            Caller Process Name:    -
        Network Information:
            Workstation Name:   testPC
            Source Network Address: -
            Source Port:        -
        Detailed Authentication Information:
            Logon Process:      NtLmSsp 
            Authentication Package: NTLM
            Transited Services: -
            Package Name (NTLM only):   -
            Key Length:     0

All the single dashes above are verbatim from the log entry, I did not insert them for privacy.

windows-server-2008
domain
login
rds
asked on Server Fault Mar 23, 2015 by unimatter • edited Mar 24, 2015 by unimatter

2 Answers

1

It turns out this issue is due to KB3002657 and KB3046049: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_28642944.html

I uninstalled KB3046049 and the problem went away for a few weeks. Recently the problem returned, so I uninstalled KB3002657 and the problem went away again. Hopefully it will stay that way this time.

See also: http://windowsitpro.com/patch-tuesday/patch-tuesday-kb3002657-causing-authentication-problems-exchange-other-apps

answered on Server Fault May 1, 2015 by unimatter
-1

You threw a curve ball when you said local accounts work directly over the internet. Then you threw another one when you said the authentication does reach the server when you look at the log.

I only can come up with 2 answers. Since you said lock down configuration was done before I would look in 2 places.

Have you checked the remote desktop users group to see who's in it? Perhaps only the local accounts are there and not the domain accounts. Lastly, check the gpo that this server belongs to. Specifically computer configuration > windows settings > local policies > user rights assignments > allow log on through rds.

answered on Server Fault Apr 29, 2015 by Jon

User contributions licensed under CC BY-SA 3.0