RDS Logon failure with domain accounts over internet, but not over VPN

arms145
arms145 used Ask the Experts™
on
We have a domain-joined RDS 2008 R2 server where logons are rejected for domain accounts (even domain admins) coming in directly over the internet, but it works fine over VPN or internally.

The RDS server also has a number of local accounts, and those logons work fine directly over the internet or over VPN.  The domain is controlled by SBS 2003.

Some configuration and locking down was done long ago on this server, so I'm not sure if this is due to some configuration or it's a Windows issue.

I don't think it is a Windows or hardware firewall issue, since the attempted RDP logon reaches the server. The failed logon is recorded in the Event Viewer:

        An account failed to log on.
        Subject:
            Security ID:        NULL SID
            Account Name:       -
            Account Domain:     -
            Logon ID:       0x0

        Logon Type:         3
        Account For Which Logon Failed:
            Security ID:        NULL SID
            Account Name:       testuser
            Account Domain:     testdomain
        Failure Information:
            Failure Reason:     An Error occured during Logon.
            Status:         0xc000006d
            Sub Status:     0x0
        Process Information:
            Caller Process ID:  0x0
            Caller Process Name:    -
        Network Information:
            Workstation Name:   testPC
            Source Network Address: -
            Source Port:        -
        Detailed Authentication Information:
            Logon Process:      NtLmSsp
            Authentication Package: NTLM
            Transited Services: -
            Package Name (NTLM only):   -
            Key Length:     0

All the single dashes above are verbatim from the log entry, I did not insert them for privacy.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
End-user support
Commented:
Your event is similar to the one here: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28638299.html

Possibly due to  updates KB3002657 and KB3046049. Still, those updates should be updated by Microsoft by now. But, it depends if you've been updated, also:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/Q_28636661.html#a40671657
arms145CIO

Author

Commented:
Thank you, those updates were installed on 3/22.  We've never tried to login via RDP outside the VPN before, so it's not a case where something was working, applied Windows Updates, and it broke...We don't know if it worked before the updates, so it was hard to diagnose.  That looks promising, will remove the updates tonight since server will need reboot after removal.
Are the domain users prefacing their login user ids with the domain name, i.e., domain\username?
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Commented:
Please make sure that your RDS server's NIC is configured to ONLY have the SBS 2003's IP as the DNS Server.

Having external DNS Server IPs can cause a misdirection of the authentication process.

Jeff
TechSoEasy
arms145CIO

Author

Commented:
I uninstalled just KB3046049, rebooted, and that resolved the issue.  Thanks NewVillageIT!
I hope MS will issue a fix so that KB3046049 can be applied and not cause this problem.
NVITEnd-user support

Commented:
You mentioned those updates were installed 3/22. I thought ms fixed it by now. Maybe they missed something. Anyway, that's good news, arms145.
arms145CIO

Author

Commented:
Ugh, this problem has returned after a reboot of the server.  No Windows updates were applied.  I have verified in Control Panel that KB3002657 and KB3046049 are NOT installed.  I do not see them in list of pending Windows updates or hidden updates, so not sure where they went.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial