Hello,
Since 2 days, when I try to connect with admin account of my server (DC on Win2008 R2) from my desktop (Win7) through RDP, I have the following error "Login Attempt Failed".
This occured after I applied last patches (december) and changed all admin account' passwords.
I investigated without any result for the moment:
- I uninstalled all patches one by one but the issue is still here. Then I applied them again and error is still here;
- The admin accounts are OK as I'm able to authenticate on other Windows servers through RDP;
- my workstation can use RDP on another server so my workstation's RDP configuration seems ok;
- I don't find any error in the eventlogs of my server regarding RDP connections: when I initiate a RDP connection, I only have the event "Event ID 261: Listener RDP-TCp has received a connexion" on my server when I try to start the RDP connexion.
- registry keys value on my servers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp have the same values.
On top of that, if I use the following process, I'll be able to create the RDP session:
1) start a RDP connexion from my workstation to my server with an account from another domain (not connected to my DC) with a valid certificate on a smartcard;
2) RDP session will initiate on my server;
3) local authentication prompt on the server will appear (as my DC is not able to get the domain of the other account);
4) on this prompt, I use my admin account (meaning not the one which initiated the RDP);
5) the authentication works and RDP is OK.
Because of this behavior, I was thinking it could come from NLA nevertheless I'm not using it to authenticate.
As I'm able with this process to get the RDP connexion, firewalls on my workstation and my server are well configured to establish the RDP link.
Do you have any idea about the root cause?
Thank you in advance for your help.
Best regards.