Solved

Rejected when RDP'ing by IP. Accepted when using FQDN?!

Posted on 2013-05-17
7
515 Views
Last Modified: 2015-03-19
hi guys,

we have a windows 2008 R2 Virtual machine (Vmware).

It's been running fine for ages. However, now when I try to log onto it by RDP with the IP address, it asks me for the domain credentials. When I enter them, I am rejected.

When I do the same thing using the FQDN, it asks me for credentials and when I enter them, I'm in!

Also, when I go to the Vcenter console and log onto the machine using the same credentials, it also works!

In the event id for security, I'm getting the event ID 4625 showing up and something about a NULL SID when I get rejected.

Is it possible, that this machine needs to be taken off the domain. Applied a Newsid (risky?) Rejoined to the domain?

It's a very important server, so I need to sort this out soon.

Thanks for your help:)
Yashy
0
Comment
Question by:Yashy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 9

Accepted Solution

by:
djsharma earned 250 total points
ID: 39174243
0
 
LVL 9

Expert Comment

by:VirastaR
ID: 39174244
Hi,

Is this how the Event 4625 Looks?

The event entry that has an Event ID 4625 resembles the following:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: date
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: computer name
Description:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: COMPU1$
Account Domain: MYDOMAIN
Logon ID: ID
Logon Type: 7
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc000006d
Sub Status: 0xc0000380
Process Information:
Caller Process ID: 0x384
Caller Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: computer name
Source Network Address: IP address
Source Port: 0
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

if that's the case then it is a "Logon failure" issue nothing to do with SID because if it is a SID issue then AD cannot authenticate you either using IP Address or FQDN,but in our case its working fine with FQDN,So "NULL SID" has nothing to do with this issue.

As you stated that it was working for ages, then what changed in the Environment? after which it stopped working?

Any change at all? in a Physical machine/VM - like windows updates/driver updates etc.
0
 
LVL 1

Author Comment

by:Yashy
ID: 39174274
I'm getting this:

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            administrator
      Account Domain:            FC

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xc000006d
      Sub Status:            0xc000006a

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      CAMIT
      Source Network Address:      -
      Source Port:            -

Detailed Authentication Information:
      Logon Process:            NtLmSsp
      Authentication Package:      NTLM
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 1

Author Comment

by:Yashy
ID: 39174288
Nothing has changed in this environment as far as I know.

If we restart the server, we can log onto the server by IP address. Then around one hour later, we are unable to. But then I wonder if there are some services that could be affecting it?
0
 
LVL 9

Assisted Solution

by:VirastaR
VirastaR earned 250 total points
ID: 39175262
Hi Yashy,

Try this solution and let me know whether it worked.
http://www.aaronpalermo.com/wordpress/archives/96
0
 
LVL 1

Author Comment

by:Yashy
ID: 39199016
hi,

This apparently has been removed.
0
 

Expert Comment

by:mathieuboulaz
ID: 40675306
Hello,

I have the same problem actually on two physical servers in my Active Directory. It's working fine with all other servers.

Does somebody find anything ?

TIA for answering
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question