Your credentials did not work

sglee used Ask the Experts™
  I have SBS2011 network and within that, I have Windows 2008 Terminal Server "TS1". Internal network users connect to TS1 using remote desktop connection program from their workstation PC without a problem.
  However when I tried to connect to TS1 from outside of the network, it fails with the message "Your credentials did not work" when even using domain admin account. When I click [Connect] button on RDP, it prompts for the password, but when I enter a correct password, it fails.
 So the problem is not related to user account credentials. There must be something more internal or systematic and I don't know where to begin looking.
 On the remote computer, I installed SBS2011 self-generated certificate downloaded from \Public\Download folder.
 Below is my remote desktop settings:
 (1) Computer: TS1
 (2) Username: domain\domain_admin  ( I also used domain\user_name)
 (3) Advanced tab\Settings\Use these RD Gateway server settings:
       Server name:
      Logon method: Allow me to select later
  [x] Bypass RD Gateway server for local address.

The settings above is same settings that I use for all other SBS2011 networks that I manage and they always work except this network.

Can you help?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Have you got port 3389 forwarded to the TS1 at your router


I know that forwarding 3389 to TS1 will work. However in SBS2011, all you need is 443 for RWA and OWA and directing 3389 to TS1 is NOT recommended.

I had to ask as you didn't say in your post. I know about 3389


Then choose an alternate port and change the port on the server.  For example you could use port 63390, configuring it as the listening port on the RDS server.


Is it registered in the RWW as an available device
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

If SBS2011 Std



Add a new key named RemoteUserPortal


Within that key create a new Multi-String Value entry named TsServerNames Then edit the new entry and insert as a value, the exact name of your Terminal (RDS) server..


I hesitate to make any registry change as all other SBS2011 installations that I manage do not have this problem.


Any other suggestions?
I finally fixed it.
The reason was because the time on SBS2011 and TS1 was several hours off.
Thank you for your help and I will close this case.


I corrected the time on Domain Controller and Terminal Server and I was able to connect to Terminal Server remotely.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial