shpresa
asked on
Can't access Windows 2012 Server via RDP
I have the whole week and tried everything on my computer to RDP 2012 windows server. I can RDP easy 2008 virtual servers. ANy suggestion. I have enabled RDP connections. I am running windows 7 on my computer.
ASKER
Yes, my firewall is disabled.
I have 6.3.9600 version of remote desktop.
the error i get is "your credentials did not work". login attempt failed.
I have 6.3.9600 version of remote desktop.
the error i get is "your credentials did not work". login attempt failed.
Can you screenshot your RDP settings on the server? Also, are you able to connect to the server over RDP with any other computer?
Have you also tried to logon with SERVERNAME\Username and your password?
Windows RDP from Windows 7, 8 and 10 into Server 2012 works just fine.
Maybe you need the form \domain\username to log in.
Also (as noted above) check firewalls.
What you want to do does work.
Maybe you need the form \domain\username to log in.
Also (as noted above) check firewalls.
What you want to do does work.
ASKER
Can you login to console? If yes, try to restart that server.
Jarda
Jarda
Open RDP, click on the More Options button and go to the advanced tab. Click on Connect from Anywhere and compare to a working machine. I have the top (Auto detect) button set and all other settings in that screen off.
I don't believe you're dealing with a Firewall issue, as you're clearly connecting to the server, just dropping credentials...
Try this on your Windows 7 side..
1) Open Local Policy Editor (Start >Run> gpedit.msc)
2) Navigate to Computer Configuration > Administrative Templates > System > Credentials Delegation
3) Open Policy "Allow Delegating Saved Credentials with NTLM-only Server Authentication"
4) Set Policy status to Enabled
5) Click on Show next to Add servers to the list
6) Add the servers you are connecting to in format TERMSRV/<server> (or use a wildcard as TERMSRV/*)
7) Close all dialog boxes saving changes
8) Open command prompt (Start>Run>CMD) and type: gpupdate
Try this on your Windows 7 side..
1) Open Local Policy Editor (Start >Run> gpedit.msc)
2) Navigate to Computer Configuration > Administrative Templates > System > Credentials Delegation
3) Open Policy "Allow Delegating Saved Credentials with NTLM-only Server Authentication"
4) Set Policy status to Enabled
5) Click on Show next to Add servers to the list
6) Add the servers you are connecting to in format TERMSRV/<server> (or use a wildcard as TERMSRV/*)
7) Close all dialog boxes saving changes
8) Open command prompt (Start>Run>CMD) and type: gpupdate
ASKER
ASKER
To John Hurst, i tried that as well. and it had the same setting as my working computer. This is one mysterious problem.
ASKER
It is not a network problem, i think has something to do with compute settings at work. Work group policies or something. But i cant figure it out.
Does this work in another machine? Probably yes.
Perhaps consider running System File Checker to see if your OS needs repair. Run SFC /SCANNOW from an admin command prompt and restart after.
Perhaps consider running System File Checker to see if your OS needs repair. Run SFC /SCANNOW from an admin command prompt and restart after.
ASKER
It has to be some setting because, it does not work in a couple of computers from work and it works on some other computer such as personal, and other computers.
Assuming all the computers are working properly (usually a big assumption), double check ALL the settings in every tab of RDP from a problem computer to a good computer.
Make sure the problem computers are Windows PRO and not Home.
Make sure the problem computers are Windows PRO and not Home.
Is 3389 port opened worldwide? Check your firewall if there are multiple attempts to connect to your RDP.
I heard about similar issue last week.
Jarda
I heard about similar issue last week.
Jarda
ASKER
HI Jarda,
I have the firewall off.
I have the firewall off.
check this 2 weeks old issue:
http://community.spiceworks.com/topic/1119647-remote-desktop-issues
Jarda
http://community.spiceworks.com/topic/1119647-remote-desktop-issues
Jarda
what error do u get when trying to connect via RDP?
ASKER
I get "Your credentials did not work."
as if am entering a wrong username and password.
as if am entering a wrong username and password.
Please try to first enable the below setting in Local GPO
"Network Security: LAN Manager authentication level" : NTLMv2
and then after enable this settings in GPO
"Network Security: LAN Manager authentication level" : NTLMv2
and then after enable this settings in GPO
ASKER
Where do i find that ???
Sorry forgot to mention. Open the local gp editer and then check below path
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Here is the Microsoft article for NTLM 2
https://support.microsoft.com/en-us/kb/239869
I have that on my machine but not on a client machine that works. See if it helps.
https://support.microsoft.com/en-us/kb/239869
I have that on my machine but not on a client machine that works. See if it helps.
ASKER
ok thank you,
I have it set as "SEND LM & NTLM - use NTLMv2 session security if negotiated". i don't see settings to just enable it.
I have it set as "SEND LM & NTLM - use NTLMv2 session security if negotiated". i don't see settings to just enable it.
Quoting from the article
Value Name: LMCompatibility
Data Type: REG_DWORD
Value: 3
Valid Range: 0,3
Description: This parameter specifies the mode of authentication and session security to be used for network logons. It does not affect interactive logons.
•Level 0 - Send LM and NTLM response; never use NTLM 2 session security. Clients will use LM and NTLM authentication, and never use NTLM 2 session security; domain controllers accept LM, NTLM, and NTLM 2 authentication.
•Level 3 - Send NTLM 2 response only. Clients will use NTLM 2 authentication and use NTLM 2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLM 2 authentication.
So it is the value in the key you need to set.
I should not think Windows 7 needs this to talk to Server 2012, but try it. The compatibility setting is normally for very old systems (which is why I have it set in my host machine)
Value Name: LMCompatibility
Data Type: REG_DWORD
Value: 3
Valid Range: 0,3
Description: This parameter specifies the mode of authentication and session security to be used for network logons. It does not affect interactive logons.
•Level 0 - Send LM and NTLM response; never use NTLM 2 session security. Clients will use LM and NTLM authentication, and never use NTLM 2 session security; domain controllers accept LM, NTLM, and NTLM 2 authentication.
•Level 3 - Send NTLM 2 response only. Clients will use NTLM 2 authentication and use NTLM 2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLM 2 authentication.
So it is the value in the key you need to set.
I should not think Windows 7 needs this to talk to Server 2012, but try it. The compatibility setting is normally for very old systems (which is why I have it set in my host machine)
is it greyed out?
ASKER
no it is already selected.
is the machine is in domain or standalone. Also make sure the account is created on the server
ASKER
it was under a domain, and i changed to workgroup. so right now it is a standalone. Still no RDP success
Do you have a spare computer? You might try rebuilding a problem computer and see if that solves the issue. We have discussed all the settings so there may be something else deeper causing the problem.
First of all from the server try to rdp to localhost and see if it works
After that try to rdp to ip of the server and check that it does not work
Check changing port to another port number f.e 3391
If it works, and the port was opened to port 3389 publicly opened some atacks has happened the last 2 weeks
On port 3391 should work and will arrange the problem
After that try to rdp to ip of the server and check that it does not work
Check changing port to another port number f.e 3391
If it works, and the port was opened to port 3389 publicly opened some atacks has happened the last 2 weeks
On port 3391 should work and will arrange the problem
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
that is the solution that worked
That's because you were getting a policy on that group that either enabled Network Level Authentication for RDP or disabled it. NLA for RDP was NOT enabled by default on Win2008 but is on Win2012. Which is why you could connect to Win2008 but not Win2012. This is the issue and it's why moving the domain group fixed the issue, you had a change in the policy applied to that group.
To disable it on Win2012 server, type gpedit.msc in the RUN box. Then navigate to: Computer Configuration\Administrati ve Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using NLA: Disable
I don't recommend leavning it disabled. This setting is to eliminate M-I-M attacks
To disable it on Win2012 server, type gpedit.msc in the RUN box. Then navigate to: Computer Configuration\Administrati
I don't recommend leavning it disabled. This setting is to eliminate M-I-M attacks
Also do you ahve the latest version of Remote Desktop installed on your computer?
What is the exact error you are getting?