RDS Logon failure with domain accounts over internet, but not over VPN

We have a domain-joined RDS 2008 R2 server where logons are rejected for domain accounts (even domain admins) coming in directly over the internet, but it works fine over VPN or internally.

The RDS server also has a number of local accounts, and those logons work fine directly over the internet or over VPN.  The domain is controlled by SBS 2003.

Some configuration and locking down was done long ago on this server, so I'm not sure if this is due to some configuration or it's a Windows issue.

I don't think it is a Windows or hardware firewall issue, since the attempted RDP logon reaches the server. The failed logon is recorded in the Event Viewer:

        An account failed to log on.
            Security ID:        NULL SID
            Account Name:       -
            Account Domain:     -
            Logon ID:       0x0

        Logon Type:         3
        Account For Which Logon Failed:
            Security ID:        NULL SID
            Account Name:       testuser
            Account Domain:     testdomain
        Failure Information:
            Failure Reason:     An Error occured during Logon.
            Status:         0xc000006d
            Sub Status:     0x0
        Process Information:
            Caller Process ID:  0x0
            Caller Process Name:    -
        Network Information:
            Workstation Name:   testPC
            Source Network Address: -
            Source Port:        -
        Detailed Authentication Information:
            Logon Process:      NtLmSsp
            Authentication Package: NTLM
            Transited Services: -
            Package Name (NTLM only):   -
            Key Length:     0

All the single dashes above are verbatim from the log entry, I did not insert them for privacy.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NVITEnd-user supportCommented:
Your event is similar to the one here: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28638299.html

Possibly due to  updates KB3002657 and KB3046049. Still, those updates should be updated by Microsoft by now. But, it depends if you've been updated, also:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arms145CIOAuthor Commented:
Thank you, those updates were installed on 3/22.  We've never tried to login via RDP outside the VPN before, so it's not a case where something was working, applied Windows Updates, and it broke...We don't know if it worked before the updates, so it was hard to diagnose.  That looks promising, will remove the updates tonight since server will need reboot after removal.
Hypercat (Deb)Commented:
Are the domain users prefacing their login user ids with the domain name, i.e., domain\username?
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Please make sure that your RDS server's NIC is configured to ONLY have the SBS 2003's IP as the DNS Server.

Having external DNS Server IPs can cause a misdirection of the authentication process.

arms145CIOAuthor Commented:
I uninstalled just KB3046049, rebooted, and that resolved the issue.  Thanks NewVillageIT!
I hope MS will issue a fix so that KB3046049 can be applied and not cause this problem.
NVITEnd-user supportCommented:
You mentioned those updates were installed 3/22. I thought ms fixed it by now. Maybe they missed something. Anyway, that's good news, arms145.
arms145CIOAuthor Commented:
Ugh, this problem has returned after a reboot of the server.  No Windows updates were applied.  I have verified in Control Panel that KB3002657 and KB3046049 are NOT installed.  I do not see them in list of pending Windows updates or hidden updates, so not sure where they went.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.