windows 2008 domain administrator ID stopped having access to RDP, VCenter, and VCS

On our windows 2008 domain, the Administrator ID just stopped being able to RDP.  I also noticed that when logging into our VMWare VCS and Vcenter that it comes back and says the ID / PW is incorrect.

I was able to RDP into the DC with another ID that had permissions and changed the pw.  I also made sure the account wasn't disabled.   I was still getting the same message when trying to RDP, connect to VCS, and connect to Vcenter.  

Using a different domain ID with permissions I have no problems getting to all 3 of these servers.  

This was working yesterday and just stopped today.   The odd thing is that once I log into the DC using the other ID.  I can connect fine to the VCenter and to the VCS using the Administrator ID.   When testing the RDP to the DC, VCenter, and VCS I am connecting from a computer that is not on the domain.   So maybe it is a domain issue, but I can login from the same computer using a different domain ID.  

I went through the windows event logs on the DC and don't see anything showing up.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Do you have any services running under this domain account? If you do the service could be making the account lockout by using incorrect credentials.
tiptechsAuthor Commented:
Not that I am aware of.   I also just noticed that if l log into the VCenter server which is a windows 2003 member server, that it wanted the old password and said I need to enter in a new password as the old one is going to expire in 1 day.
Sounds like possibly some kind of replication issue. Try running dcdiag from your DC to see if there are any issues -
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

tiptechsAuthor Commented:
There is only one windows 2008 domain controller currently.    The functional level is Win2k8 R2.     I just logged into our DC via console and it took the old password ????    I then tried the connection to VCS (win2k3) and Vcenter (win2k8) using the old password and it worked.  Not sure what is going on.  I don't see anything in the event viewer on either one of the servers.
Are there other DC's - like server 2003, or is this the ONLY DC in your domain?
tiptechsAuthor Commented:
the 2008 is the only DC in the domain.     We will be adding more shortly.  But for now it is just the one dc.

So from the Console, you can get in with the old password, but from a different PC - connecting via RDP, it doesn't take the username/PW?
tiptechsAuthor Commented:
I thought I replied to this earlier, but just noticed i did not.

Since I logged into all 3 servers through console with the Administrator ID and the "old" pw.  I have been able to login through Vcenter, RDP, and VCS on a different pc using the Administrator ID and the old password.  

Everything seems to be back to normal.  But still feel like something might be wrong.  But still nothing shows in the logs.

Do you think it could have been a service running like you mentioned in the first post that would have somehow caused issues?

Odd behavior. Perhaps the client you were RDPing from was having connectivity issues and maybe using a temp profile. This could cause different credentials being supplied within the profile.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tiptechsAuthor Commented:
Thanks for your help.  Will keep an eye on this for a few days.
rdp was cracked in march by hackers is your server updated as that could point to the odd problems
tiptechsAuthor Commented:
With RDP being cracked... what does this mean... can hackers rdp to the server without credentials, etc.. ?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.