RDS Logon failure with domain accounts over internet, but not over VPN

We have a domain-joined RDS 2008 R2 server where logons are rejected for domain accounts (even domain admins) coming in directly over the internet, but it works fine over VPN or internally.

The RDS server also has a number of local accounts, and those logons work fine directly over the internet or over VPN.  The domain is controlled by SBS 2003.

Some configuration and locking down was done long ago on this server, so I'm not sure if this is due to some configuration or it's a Windows issue.

I don't think it is a Windows or hardware firewall issue, since the attempted RDP logon reaches the server. The failed logon is recorded in the Event Viewer:

        An account failed to log on.
            Security ID:        NULL SID
            Account Name:       -
            Account Domain:     -
            Logon ID:       0x0

        Logon Type:         3
        Account For Which Logon Failed:
            Security ID:        NULL SID
            Account Name:       testuser
            Account Domain:     testdomain
        Failure Information:
            Failure Reason:     An Error occured during Logon.
            Status:         0xc000006d
            Sub Status:     0x0
        Process Information:
            Caller Process ID:  0x0
            Caller Process Name:    -
        Network Information:
            Workstation Name:   testPC
            Source Network Address: -
            Source Port:        -
        Detailed Authentication Information:
            Logon Process:      NtLmSsp
            Authentication Package: NTLM
            Transited Services: -
            Package Name (NTLM only):   -
            Key Length:     0

All the single dashes above are verbatim from the log entry, I did not insert them for privacy.
Who is Participating?
Your event is similar to the one here: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28638299.html

Possibly due to  updates KB3002657 and KB3046049. Still, those updates should be updated by Microsoft by now. But, it depends if you've been updated, also:
arms145Author Commented:
Thank you, those updates were installed on 3/22.  We've never tried to login via RDP outside the VPN before, so it's not a case where something was working, applied Windows Updates, and it broke...We don't know if it worked before the updates, so it was hard to diagnose.  That looks promising, will remove the updates tonight since server will need reboot after removal.
Hypercat (Deb)Commented:
Are the domain users prefacing their login user ids with the domain name, i.e., domain\username?
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Please make sure that your RDS server's NIC is configured to ONLY have the SBS 2003's IP as the DNS Server.

Having external DNS Server IPs can cause a misdirection of the authentication process.

arms145Author Commented:
I uninstalled just KB3046049, rebooted, and that resolved the issue.  Thanks NewVillageIT!
I hope MS will issue a fix so that KB3046049 can be applied and not cause this problem.
You mentioned those updates were installed 3/22. I thought ms fixed it by now. Maybe they missed something. Anyway, that's good news, arms145.
arms145Author Commented:
Ugh, this problem has returned after a reboot of the server.  No Windows updates were applied.  I have verified in Control Panel that KB3002657 and KB3046049 are NOT installed.  I do not see them in list of pending Windows updates or hidden updates, so not sure where they went.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.