Solved

windows 2008 domain administrator ID stopped having access to RDP, VCenter, and VCS

Posted on 2012-04-09
12
450 Views
Last Modified: 2012-05-22
On our windows 2008 domain, the Administrator ID just stopped being able to RDP.  I also noticed that when logging into our VMWare VCS and Vcenter that it comes back and says the ID / PW is incorrect.

I was able to RDP into the DC with another ID that had permissions and changed the pw.  I also made sure the account wasn't disabled.   I was still getting the same message when trying to RDP, connect to VCS, and connect to Vcenter.  

Using a different domain ID with permissions I have no problems getting to all 3 of these servers.  

This was working yesterday and just stopped today.   The odd thing is that once I log into the DC using the other ID.  I can connect fine to the VCenter and to the VCS using the Administrator ID.   When testing the RDP to the DC, VCenter, and VCS I am connecting from a computer that is not on the domain.   So maybe it is a domain issue, but I can login from the same computer using a different domain ID.  

I went through the windows event logs on the DC and don't see anything showing up.

Thanks.
0
Comment
Question by:tiptechs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37823902
Do you have any services running under this domain account? If you do the service could be making the account lockout by using incorrect credentials.
0
 

Author Comment

by:tiptechs
ID: 37823988
Not that I am aware of.   I also just noticed that if l log into the VCenter server which is a windows 2003 member server, that it wanted the old password and said I need to enter in a new password as the old one is going to expire in 1 day.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37824010
Sounds like possibly some kind of replication issue. Try running dcdiag from your DC to see if there are any issues -

http://technet.microsoft.com/en-us/library/cc773199%28v=ws.10%29.aspx
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:tiptechs
ID: 37824038
There is only one windows 2008 domain controller currently.    The functional level is Win2k8 R2.     I just logged into our DC via console and it took the old password ????    I then tried the connection to VCS (win2k3) and Vcenter (win2k8) using the old password and it worked.  Not sure what is going on.  I don't see anything in the event viewer on either one of the servers.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37824044
Are there other DC's - like server 2003, or is this the ONLY DC in your domain?
0
 

Author Comment

by:tiptechs
ID: 37824052
the 2008 is the only DC in the domain.     We will be adding more shortly.  But for now it is just the one dc.

Thanks.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37824057
So from the Console, you can get in with the old password, but from a different PC - connecting via RDP, it doesn't take the username/PW?
0
 

Author Comment

by:tiptechs
ID: 37824396
I thought I replied to this earlier, but just noticed i did not.

Since I logged into all 3 servers through console with the Administrator ID and the "old" pw.  I have been able to login through Vcenter, RDP, and VCS on a different pc using the Administrator ID and the old password.  

Everything seems to be back to normal.  But still feel like something might be wrong.  But still nothing shows in the logs.

Do you think it could have been a service running like you mentioned in the first post that would have somehow caused issues?

Thanks.
0
 
LVL 9

Accepted Solution

by:
Geodash earned 500 total points
ID: 37824511
Odd behavior. Perhaps the client you were RDPing from was having connectivity issues and maybe using a temp profile. This could cause different credentials being supplied within the profile.
0
 

Author Comment

by:tiptechs
ID: 37824575
Thanks for your help.  Will keep an eye on this for a few days.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 37826898
rdp was cracked in march by hackers is your server updated as that could point to the odd problems
0
 

Author Comment

by:tiptechs
ID: 37827546
With RDP being cracked... what does this mean... can hackers rdp to the server without credentials, etc.. ?
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question