Can't access Windows 2012 Server via RDP

I have the whole week and tried everything on my computer to RDP 2012 windows server. I can RDP easy 2008 virtual servers. ANy suggestion. I have enabled RDP connections. I am running windows 7 on my computer.
shpresaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

unrealized92Commented:
Have you tried disabling your firewall on the 2012 server, or at least allowing rdp connections through it?

Also do you ahve the latest version of Remote Desktop installed on your computer?

What is the exact error you are getting?
0
shpresaAuthor Commented:
Yes, my firewall is disabled.
I have 6.3.9600 version of remote desktop.
the error i get is "your credentials did not work". login attempt failed.
0
unrealized92Commented:
Can you screenshot your RDP settings on the server?  Also, are you able to connect to the server over RDP with any other computer?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

A. S. BurgessLead TechnicianCommented:
Have you also tried to logon with SERVERNAME\Username and your password?
1
JohnBusiness Consultant (Owner)Commented:
Windows RDP from Windows 7, 8 and 10 into Server 2012 works just fine.

Maybe you need the form  \domain\username to log in.

Also (as noted above) check firewalls.

What you want to do does work.
0
shpresaAuthor Commented:
Yes, i have tried to logon with servername\username and servername/username , nothing works.

when i try log in from my personal computer, it works.

here are the remote settings if that what you were looking for,
remote settings
0
Jaroslav LatalMSPCommented:
Can you login to console? If yes, try to restart that server.

Jarda
0
JohnBusiness Consultant (Owner)Commented:
Open RDP, click on the More Options button and go to the advanced tab. Click on Connect from Anywhere and compare to a working machine. I have the top (Auto detect) button set and all other settings in that screen off.
0
A. S. BurgessLead TechnicianCommented:
I don't believe you're dealing with a Firewall issue, as you're clearly connecting to the server, just dropping credentials...

Try this on your Windows 7 side..

1) Open Local Policy Editor (Start >Run> gpedit.msc)
2) Navigate to Computer Configuration > Administrative Templates > System > Credentials Delegation
3) Open Policy "Allow Delegating Saved Credentials with NTLM-only Server Authentication"
4) Set Policy status to Enabled
5) Click on Show next to Add servers to the list
6) Add the servers you are connecting to in format TERMSRV/<server> (or use a wildcard as TERMSRV/*)
7) Close all dialog boxes saving changes
8) Open command prompt (Start>Run>CMD) and type: gpupdate
0
shpresaAuthor Commented:
To A.s Burges.
Thank you, i tried that and i was able to enable it. It didn't work again. the same error message

unnamed2.png
0
shpresaAuthor Commented:
pasted the worng image.
here is enabled.
2222.png
0
shpresaAuthor Commented:
To John Hurst, i tried that as well. and it had the same setting as my working computer. This is one mysterious problem.
0
shpresaAuthor Commented:
It is not a network problem, i  think has something to do with compute settings at work. Work group policies or something. But i cant figure it out.
0
JohnBusiness Consultant (Owner)Commented:
Does this work in another machine?  Probably yes.

Perhaps consider running System File Checker to see if your OS needs repair. Run SFC /SCANNOW from an admin command prompt and restart after.
0
shpresaAuthor Commented:
It has to be some setting because, it does not work in a couple of computers from work and it works on some other computer such as personal, and other computers.
0
JohnBusiness Consultant (Owner)Commented:
Assuming all the computers are working properly (usually a big assumption), double check ALL the settings in every tab of RDP from a problem computer to a good computer.

Make sure the problem computers are Windows PRO and not Home.
0
Jaroslav LatalMSPCommented:
Is 3389 port opened worldwide? Check your firewall if there are multiple attempts to connect to your RDP.
I heard about similar issue last week.

Jarda
0
shpresaAuthor Commented:
HI Jarda,
I have the firewall off.
0
Jaroslav LatalMSPCommented:
0
systechadminConsultantCommented:
what error do u get when trying to connect via RDP?
0
shpresaAuthor Commented:
I get "Your credentials did not work."
as if am entering a wrong username and password.
0
systechadminConsultantCommented:
Please try to first enable the below setting in Local GPO
"Network Security: LAN Manager authentication level" : NTLMv2
and then after enable this settings in GPO
0
shpresaAuthor Commented:
Where do i find that ???
0
systechadminConsultantCommented:
Sorry forgot to mention. Open the local gp editer and then check below path

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
0
JohnBusiness Consultant (Owner)Commented:
Here is the Microsoft article for NTLM 2

https://support.microsoft.com/en-us/kb/239869

I have that on my machine but not on a client machine that works. See if it helps.
0
shpresaAuthor Commented:
ok thank you,
I have it set as "SEND LM & NTLM - use NTLMv2 session security if negotiated". i don't see settings to just enable it.
0
JohnBusiness Consultant (Owner)Commented:
Quoting from the article

Value Name: LMCompatibility
 Data Type: REG_DWORD
 Value: 3
 Valid Range: 0,3
 Description: This parameter specifies the mode of authentication and session security to be used for network logons. It does not affect interactive logons.
•Level 0 - Send LM and NTLM response; never use NTLM 2 session security. Clients will use LM and NTLM authentication, and never use NTLM 2 session security; domain controllers accept LM, NTLM, and NTLM 2 authentication.
•Level 3 - Send NTLM 2 response only. Clients will use NTLM 2 authentication and use NTLM 2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLM 2 authentication.


So it is the value in the key you need to set.

I should not think Windows 7 needs this to talk to Server 2012, but try it. The compatibility setting is normally for very old systems (which is why I have it set in my host machine)
0
systechadminConsultantCommented:
is it greyed out?
0
shpresaAuthor Commented:
no it is already selected.
0
systechadminConsultantCommented:
is the machine is in domain or standalone. Also make sure the account is created on the server
0
shpresaAuthor Commented:
it was under a domain, and i changed to workgroup. so right now it is a standalone. Still no RDP success
0
JohnBusiness Consultant (Owner)Commented:
Do you have a spare computer?  You might try rebuilding a problem computer and see if that solves the issue. We have discussed all the settings so there may be something else deeper causing the problem.
0
albert_miquelit managerCommented:
First of all from the server try to rdp to localhost and see if it works

After that try to rdp to ip of the server and check that it does not work


Check changing port to another port number f.e 3391

If it works, and the port was opened to port 3389 publicly opened some atacks has happened the last 2 weeks
On port 3391 should work and will arrange the problem
0
shpresaAuthor Commented:
It appeared to be some sort of setting on the domain group i was in. Once i formatted the computer, it worked out well. Once i joined the domain, it failed.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shpresaAuthor Commented:
that is the solution that worked
0
JohnArmstrongCommented:
That's because you were getting a policy on that group that either enabled Network Level Authentication for RDP or disabled it. NLA for RDP was NOT enabled by default on Win2008 but is on Win2012. Which is why you could connect to Win2008 but not Win2012. This is the issue and it's why moving the domain group fixed the issue, you had a change in the policy applied to that group.

To disable it on Win2012 server, type gpedit.msc in the RUN box. Then navigate to:  Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using NLA: Disable

I don't recommend leavning it disabled. This setting is to eliminate M-I-M attacks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.