Domain accounts won't authenticate on Termainal Server on other domain

Posted on 2011-05-04
Medium Priority
Last Modified: 2012-05-11
Okay, I'm crying uncle here.  I think I've become the victim of windows security I'm not aware of.  I'm setting up a rather unique configuration so please look at the diagram. DiagramI've got a terminal server that belongs to network B with an internal subnet different from network A.  The terminal server has 2 network adapters, one on each network.  Now, when a thin client connected to Network A passes username, password and domain to the terminal server all is peachy.  When the PC, however, on the same network but governed by Domain A tries, the credentials fail.  It may be worth mentioning that my home PC on my home domain fails as well when connecting to Network A by way of VPN.  All computers will authenticate and work find if you're logging into using the local credentials ComputerName\Username but anyone on an existing domain fails when using DomainB\ADUserName.  Any thoughts?
Question by:sifugreg
  • 5

Expert Comment

ID: 35695033
You are not a victim of windows security. This is just configuration issue.  You need to create trust relationship between two domain to authenticate users from domain a to domain b. Please see the example http://microsoftguru.com.au/2009/11/30/how-to-create-an-external-trust-between-two-separate-domainsforests/

Author Comment

ID: 35695047
But I'm using RDP!  I sit at home and RDP servers all day long at work and there is no trust relationship between my home domain and work. So why can't I RDP a machine on That domain?

Author Comment

ID: 35695051
Btw I log in with the correct domain credentials. Meaning when prompted I enter work domain\login
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 35695463
To add one layer of strangenes, I can RDP the Domain Controller of Domain B with Domain B credentials just fine, I just can't RDP the Terminal Server OR the SQL server unless I use their local accounts.

Accepted Solution

sifugreg earned 0 total points
ID: 35702841
Interesting article I found that provided a work around for my problem.  It is in fact a security feature in RDP 6.0 client.  I'm assuming it works fine on my office domain because it is not a 2008R2 AD schema.

http://support.microsoft.com/default.aspx?scid=kb;en-us;941641 tells us that  the work around is to create and save the .RDP file, then edit it with wordpad:

Change this line to read
     authentication level:i:0 (mine had a 2 where the zero was)
and add this line to the bottom

And I quote:
"Note After you follow these steps, the new security features that Remote Desktop Connection 6.0 provides are removed. Additionally, Remote Desktop Connection 6.0 becomes incompatible with Windows Vista-based computers that have the Allow connections only from computers running Remote Desktop with Network Level Authentication option enabled in the system properties."

Author Closing Comment

ID: 35726973
Found Microsoft KB Article which explains the issue and provides a work around.

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question