[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Terminal Services Credentials Problem

Posted on 2009-12-17
8
Medium Priority
?
697 Views
Last Modified: 2013-11-21
Hi,
I have a 30 computer network (mix of Windows XP and Vista machines) running on a Windows Server 2008-based single-server domain The server is used as a file server and also hosts our intranet (using Sharepoint 3).

I am now trying to deploy terminal services on the network. The terminal services role is installed and I have also installed 30 per-device CALs. I have set up terminal services to be accessed by client machines through the local URL http://mydomain/ts. Client machines can succssfully access the terminal services page.

When you attempt to run a terminal services application (in this case, the bog standard windows Calculator found under Programs/Accessories/Calculator!) however, you are asked for your username and password but no username or password works, not even any of the administrators passwords. The username/password screen always returns and says ' the credentials that were used to connect to [server name] did not work. Please enter new credentials'.

Why won't the credentials work?
0
Comment
Question by:LondonTown123
  • 5
  • 3
8 Comments
 
LVL 2

Expert Comment

by:Libis_aka_Dusk
ID: 26076894
did you ad realm to the login? like DOMAIN\username? Are you in active directory enviroment? Do you have AD configured for kerberos only auth?
0
 
LVL 2

Author Comment

by:LondonTown123
ID: 26079314
Hi, thanks for the response.

 the realm is included in the login. I am using active directory. How do I check how AD is configured for authorisation?

Thanks
0
 
LVL 2

Expert Comment

by:Libis_aka_Dusk
ID: 26079374
1) firt of all check firewall - maybe try to turn it off for a while - I saw cases where it caused auth issues
2) check if the usergroup of domain users who should access the RDP is added into Remote Desktop Users local group (Local group on Terminal Server) in user management. This is a must.
3) enforced kerberos auth can be found at domain GPO object
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
LVL 2

Author Comment

by:LondonTown123
ID: 26080532
Hi, thanks again.

I've turned the firewalls off on both client and server side. All the domain users and computers are added to the Remote Desktop Users group. I think Kerberos authentication is enforced (I have attached a screenshot from the domain GPO). The problem is still occuring.

I don't think it is a general authentication problem, as client computers can authenticate for Sharepoint services on the server, and for Remote Desktop sessions on the server (*- see note below), but just not for Terminal Services applications runnning on the server.

*I've found that authentication for Remote Desktop sessions only succeeds when you connect to the server via it's IP address, but not when you connect via the server name. If you connect via the server name it gives the same problem of 'credentials not working'. Why would authentication work with the IP address but not the computer name?
Whatever is causing this is probably related to the Terminal Services problem that I am trying to solve.



Domain-GPO---Kerberos.jpg
0
 
LVL 2

Accepted Solution

by:
Libis_aka_Dusk earned 1500 total points
ID: 26080741
1) this seems to be be a certificate problem. Make sure the certificate name match the address of the server...
2) also double check if permission for the application are correctly set
3) and always the basic one check the DNS configuration if it points to right server. Especially in case you have multiple DNS there could be different configuration
0
 
LVL 2

Author Comment

by:LondonTown123
ID: 26081325
Hi, and thanks.

I'm pretty sure that you're right about the certification issue...I know how to get to the server certifcates area in IIS 7.0, everything I've done once I got there has pretty much been guesswork. I've had other certificate problems with the server which I've mentioned to get around but without quite understanding how. How do I go about getting a valid certificate in place?

Just for the record,I have checked the permissions and DNS settings and they are fine.

You've been really helpful so far.

0
 
LVL 2

Author Comment

by:LondonTown123
ID: 26081340
Sorry, *managed' not 'mentioned'
0
 
LVL 2

Author Closing Comment

by:LondonTown123
ID: 31667588
This was a partial solution.To solve the problem I had to install the Certification Authority role in Windows Server 2008 and issue a domain certificate to the Terminal Server.  I also had to troubleshoot a possible conflict issue I was having with Windows Sharepoint 3 using the same ports as the TS Gateway (see http://tinyurl.com/6zc9zu for a walkthrough).
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question