Your credentials did not work

  I have SBS2011 network and within that, I have Windows 2008 Terminal Server "TS1". Internal network users connect to TS1 using remote desktop connection program from their workstation PC without a problem.
  However when I tried to connect to TS1 from outside of the network, it fails with the message "Your credentials did not work" when even using domain admin account. When I click [Connect] button on RDP, it prompts for the password, but when I enter a correct password, it fails.
 So the problem is not related to user account credentials. There must be something more internal or systematic and I don't know where to begin looking.
 On the remote computer, I installed SBS2011 self-generated certificate downloaded from \Public\Download folder.
 Below is my remote desktop settings:
 (1) Computer: TS1
 (2) Username: domain\domain_admin  ( I also used domain\user_name)
 (3) Advanced tab\Settings\Use these RD Gateway server settings:
       Server name:
      Logon method: Allow me to select later
  [x] Bypass RD Gateway server for local address.

The settings above is same settings that I use for all other SBS2011 networks that I manage and they always work except this network.

Can you help?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Have you got port 3389 forwarded to the TS1 at your router
sgleeAuthor Commented:
I know that forwarding 3389 to TS1 will work. However in SBS2011, all you need is 443 for RWA and OWA and directing 3389 to TS1 is NOT recommended.
I had to ask as you didn't say in your post. I know about 3389


Then choose an alternate port and change the port on the server.  For example you could use port 63390, configuring it as the listening port on the RDS server.


Is it registered in the RWW as an available device
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

If SBS2011 Std



Add a new key named RemoteUserPortal


Within that key create a new Multi-String Value entry named TsServerNames Then edit the new entry and insert as a value, the exact name of your Terminal (RDS) server..
sgleeAuthor Commented:
I hesitate to make any registry change as all other SBS2011 installations that I manage do not have this problem.
sgleeAuthor Commented:
Any other suggestions?
sgleeAuthor Commented:
I finally fixed it.
The reason was because the time on SBS2011 and TS1 was several hours off.
Thank you for your help and I will close this case.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sgleeAuthor Commented:
I corrected the time on Domain Controller and Terminal Server and I was able to connect to Terminal Server remotely.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.