RDP Session Sometimes Fail Authentication.

Hi,
I am having some issues with some servers at a remote location.  This remote location doesn't have a local DC, so authentication requests must cross an IPsec VPN tunnel.

The tunnel is working well with no errors to report.

Here is what I get from the Windows 2012 event log on the remote server:


Open in new window

An account failed to log on.

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            USER1
      Account Domain:            mydomain

Failure Information:
      Failure Reason:            An Error occured during Logon.
      Status:                  0xC000006D
      Sub Status:            0x0

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      MYLOCALPC
      Source Network Address:      -
      Source Port:            -

Detailed Authentication Information:
      Logon Process:            NtLmSsp
      Authentication Package:      NTLM
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
      - Transited services indicate which intermediate services have participated in this logon request.
      - Package name indicates which sub-protocol was used among the NTLM protocols.
      - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Open in new window


I know the user/id password combo is correct.  I've tried with multiple user IDs.  If I logon to the console using the same credentials it works... then when I retry the RDP login, I have no issues.

It is very strange.  I'm not seeing any errors or failures at the domain controllers.

Any ideas?
LVL 1
jsctechyInfrastructure Team LeadAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jrhelgesonCommented:
Within Active Directory Sites and Services, have you created that subnet and assigned that subnet to an AD site?  This is what will specify the closest AD servers that will be used to authenticate sessions.

Do you have network level authentication enabled? Or is the RDP client allowing anyone to connect?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jsctechyInfrastructure Team LeadAuthor Commented:
Hi,
I have a single subnet in sites & services.

192.168.0.0/16

Main site is 192.168.1.0/24
Remote is 192.168.2.0/24
I have approx. 50 other sites utilizing the 192.168.x.0/24 space.
jsctechyInfrastructure Team LeadAuthor Commented:
The RDP client allows specified users to connect.
It seems to work if I logon locally.  Like the credentials get cached... so RDP works.  After a while, it doesn't work, I guess because the credentials get aged out or something.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

jsctechyInfrastructure Team LeadAuthor Commented:
Also, no NLA.  

Clients are Windows 7, 8.1 and the servers are 2012 R2.
jsctechyInfrastructure Team LeadAuthor Commented:
I was able to resolve the issue.

One of our 2003 DCs had an update installed, KB3002657.  I removed it and installed the KB3002657-V2 update.  This resolved the issue.

Thanks,
jsctechyInfrastructure Team LeadAuthor Commented:
Selected my own answer because it is the correct solution.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.