Can't access Windows 2012 Server via RDP

Have you tried disabling your firewall on the 2012 server, or at least allowing rdp connections through it?

Also do you ahve the latest version of Remote Desktop installed on your computer?

What is the exact error you are getting?

Yes, my firewall is disabled.
I have 6.3.9600 version of remote desktop.
the error i get is "your credentials did not work". login attempt failed.

Can you screenshot your RDP settings on the server?  Also, are you able to connect to the server over RDP with any other computer?

Have you also tried to logon with SERVERNAME\Username and your password?

Windows RDP from Windows 7, 8 and 10 into Server 2012 works just fine.

Maybe you need the form  \domain\username to log in.

Also (as noted above) check firewalls.

What you want to do does work.

Yes, i have tried to logon with servername\username and servername/username , nothing works.

when i try log in from my personal computer, it works.

here are the remote settings if that what you were looking for,

Can you login to console? If yes, try to restart that server.

Jarda

Open RDP, click on the More Options button and go to the advanced tab. Click on Connect from Anywhere and compare to a working machine. I have the top (Auto detect) button set and all other settings in that screen off.

I don't believe you're dealing with a Firewall issue, as you're clearly connecting to the server, just dropping credentials...

Try this on your Windows 7 side..

1) Open Local Policy Editor (Start >Run> gpedit.msc)
2) Navigate to Computer Configuration > Administrative Templates > System > Credentials Delegation
3) Open Policy "Allow Delegating Saved Credentials with NTLM-only Server Authentication"
4) Set Policy status to Enabled
5) Click on Show next to Add servers to the list
6) Add the servers you are connecting to in format TERMSRV/<server> (or use a wildcard as TERMSRV/*)
7) Close all dialog boxes saving changes
8) Open command prompt (Start>Run>CMD) and type: gpupdate

To A.s Burges.
Thank you, i tried that and i was able to enable it. It didn't work again. the same error message

pasted the worng image.
here is enabled.

To John Hurst, i tried that as well. and it had the same setting as my working computer. This is one mysterious problem.

It is not a network problem, i  think has something to do with compute settings at work. Work group policies or something. But i cant figure it out.

Does this work in another machine?  Probably yes.

Perhaps consider running System File Checker to see if your OS needs repair. Run SFC /SCANNOW from an admin command prompt and restart after.

It has to be some setting because, it does not work in a couple of computers from work and it works on some other computer such as personal, and other computers.

Assuming all the computers are working properly (usually a big assumption), double check ALL the settings in every tab of RDP from a problem computer to a good computer.

Make sure the problem computers are Windows PRO and not Home.

Is 3389 port opened worldwide? Check your firewall if there are multiple attempts to connect to your RDP.
I heard about similar issue last week.

Jarda

HI Jarda,
I have the firewall off.

check this 2 weeks old issue:
http://community.spiceworks.com/topic/1119647-remote-desktop-issues 

Jarda

what error do u get when trying to connect via RDP?

I get "Your credentials did not work."
as if am entering a wrong username and password.

Please try to first enable the below setting in Local GPO
"Network Security: LAN Manager authentication level" : NTLMv2
and then after enable this settings in GPO

Where do i find that ???

Sorry forgot to mention. Open the local gp editer and then check below path

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Here is the Microsoft article for NTLM 2

https://support.microsoft.com/en-us/kb/239869

I have that on my machine but not on a client machine that works. See if it helps.

ok thank you,
I have it set as "SEND LM & NTLM - use NTLMv2 session security if negotiated". i don't see settings to just enable it.

Quoting from the article

Value Name: LMCompatibility
 Data Type: REG_DWORD
 Value: 3
 Valid Range: 0,3
 Description: This parameter specifies the mode of authentication and session security to be used for network logons. It does not affect interactive logons.
•Level 0 - Send LM and NTLM response; never use NTLM 2 session security. Clients will use LM and NTLM authentication, and never use NTLM 2 session security; domain controllers accept LM, NTLM, and NTLM 2 authentication.
•Level 3 - Send NTLM 2 response only. Clients will use NTLM 2 authentication and use NTLM 2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLM 2 authentication.


So it is the value in the key you need to set.

I should not think Windows 7 needs this to talk to Server 2012, but try it. The compatibility setting is normally for very old systems (which is why I have it set in my host machine)

is it greyed out?

no it is already selected.

is the machine is in domain or standalone. Also make sure the account is created on the server

it was under a domain, and i changed to workgroup. so right now it is a standalone. Still no RDP success

Do you have a spare computer?  You might try rebuilding a problem computer and see if that solves the issue. We have discussed all the settings so there may be something else deeper causing the problem.

First of all from the server try to rdp to localhost and see if it works

After that try to rdp to ip of the server and check that it does not work


Check changing port to another port number f.e 3391

If it works, and the port was opened to port 3389 publicly opened some atacks has happened the last 2 weeks
On port 3391 should work and will arrange the problem

that is the solution that worked

That's because you were getting a policy on that group that either enabled Network Level Authentication for RDP or disabled it. NLA for RDP was NOT enabled by default on Win2008 but is on Win2012. Which is why you could connect to Win2008 but not Win2012. This is the issue and it's why moving the domain group fixed the issue, you had a change in the policy applied to that group.

To disable it on Win2012 server, type gpedit.msc in the RUN box. Then navigate to:  Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using NLA: Disable

I don't recommend leavning it disabled. This setting is to eliminate M-I-M attacks