Link to home
Start Free TrialLog in
Avatar of edhasted
edhastedFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Unable to RDP into Workgroup PC running WIndows 10 Pro

Trying to RDP remotely via VPN to workstation (Windows 10 Pro) running on a WORKGROP.
3389 opened up, VPN when opened can ping IP of machine.

The login I presume is the one quotes in Control Panel/System/Advanced System Settings/Remote/Select Users
The Password is the Pin?

Only all connections from computers running RD and NLA - unchecked

Any ideas why I'm not getting through?

The machine was recently upgraded from Home to Pro - it has been rebooted several times since then.
Avatar of Jason Johanknecht
Jason Johanknecht
Flag of United States of America image

You cannot use the PIN for RDP.
Avatar of edhasted

ASKER

I tried the password as well but again no joy. Ed
Are you attempting to connect using the IP address?  Do you get asked for the login credentials?
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Jason - Yes I get asked for the password credential.

Rob - It's listening - I get a blank screen. RDP was opened firewall and I forced 3389 open both ways out of paranoia.
try user name in the form    PCname\UserName
Tried that but no joy. I presume there is no incorrectness of prefixing the username with the machine name\ ?

The username is her e-mail address?

I am beginning to wonder if the issue is the password and need to reset it to be sure...

If I do a CONTROL-ALT-DEL and change password can I reset the password and not the PIN.

This machine is not a domain/networked machine and sits on a WOORKGROUP. Until 4 hours ago it was Windows 10 Home and subsequently upgraded to Professional.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yes, that will only change the password.  You wouldn't be asked for credentials if RDP wasn't enabled.  It should be set to Private network already, or you wouldn't get the login.  Make sure you enter the user name and not what is displayed as the user.  Open a run dialog and type:

                   Control userpasswords2

Don't put spaces in between words that are joined.  That is what it should look like.  Take not of the user name.
Rob is exactly right.  It must be a local account.  But then you shouldn't have been able to select that user for RDP.
Many thanks - I'll have to go in and manhandle the machine. More later but maybe over the weekend.
I only deal with domain PC, but as a favor recently I tried setting up RDP to machine which was activated with a Microsoft on-line account, i.e. e-mail and pin, and had exactly the same experience, everything worked as expected, except it wouldn't accept the password.  The link I provide above was the solution, editing the rdp connection file.
Do you have Azure Domain?  The MS online account only works with Azure.
>>"The MS online account only works with Azure. "
By default yes, but editing the RDP client will allow.  The edits change/add authentication options.
once you are physically at the machine look at c:\users that is where you will see the username as a directory use machinename\username 
make sure the ms firewall allows RDP port through incoming rules. Confirm network identification is work/private and not public

Create a local account with a password. Test connection from another system.
Confirm your remore desktop setting do not require NLA but is more relaxed.
Don't rely on the folder name from C:\users.  It can be shortened version of the name, or the original name of the profile.  If anyone changes the user name, the folder name doesn't change along with it.
Many thanks for all your attention that I thought was a backwater question.

Let's make sure I understand this correctly, as by default I normally deal with Domains, and think it is the home user aspect of the setup that has thrown me.

The user logins in formally with her email name/PIN.

The e-mail is embedded so all she is asked for is the PIN.

You are saying the password is the issue? To reset this from a CMD box I run:

Control userpasswords2

What do I do after that or is that some magic command that makes the existing PIN be acceptable for RDP?

The username is the one listed as having RDP access rights in:

Control Panel/System/Advanced System Settings/Remote/Select Users

I want to make sure I have this right. Due to current epidemic I only want to have to go back into the office once even though it is empty.

With many thanks for everyone's help and hope that you are all safe.
Is this a ms account login versus local account?
An ms account, is mapped to a local account.
Have not tried so uncertain whether Remote Desktop connection can use pins to authenticate

If you ave two systems at home, test it out before heading into the office.
the PIN is only valid for local logins
from a cmd prompt type 'whoami' it will return the computername\username
rdp into the ipadress of the computer at the logon prompt type the computername\username and enter the password and click ok it should now connect. You will get some warnings about the self signed certificate is not trusted.. I always say ignore for this computer.

Understood. What I don't understand is the relationship between the PIN and the password.

To log into this machine she uses her PIN.

If I run "Control userpasswords2" what exactly is it doing? Forcing a new password in?

And if this works and I RDP in will I see her account and desktop or a new incarnation?
If this is a Microsoft account, the user controls the pin/password settings via MS account settings not locally onthe system.
Have you tried editing the rdp client as per my link?
For a MS account (online account), you can use the password or the PIN to login locally to the PC.  The PIN is a cheat for faster login, but doesn't work for RDP.  I have never heard of a hack to allow MS account for remote, but Rob has included that in this thread.  Have you tried that yet?  

Control Userpasswords2 is just an easy way to see users (Not display name) and change passwords.  If you make a local account to go along with the current MS account... you will see a different desktop and files when connecting to the new local account.  You don't really want to do this.  

You can convert a MS account back to local account, and then connect MS services like One Drive again.  If you change to local account, make sure you set RESET PASSWORD QUESTIONS!
Rob - that link is for an Azure system? This is a PC that is now running Pro but originally Home and some genius decided to run on a Workgroup.
Can I use it to log into the lowest form of Windows 10 life?

Ed
using MS account, ties the computer into "MS systems" this is why to make changes to some of your settings, are done through the MS web site..

if you can RDP using the MS account/password and then you can create a local account either as an administrative or standard and add it to the remote desktop group.
At which point you can use the new local account to remote in, though it will be a separate and different from the one you used.

What is available in the environment, you could after creating a new local administrative account, unlink it from the MS side and join in into the AD domain if one exists.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Excuse naivety. I can log into this client's Azure account via the Azure app:

https://portal.azure.com/App/Download?configHash=zXr-tHjTB5jq&iepolyfills=true&l=en.en-us&pageVersion=5.0.303.33218460068.200313-2139

Are you saying that once logged in, which I can, I can RDP from the portal into her machine? If so how?

Many thanks.
NO, you need to use the email address as the username and the password to RDP
Many thanks - going into a completely empty building over the weekend and will report back.

Ed
Apolgies for leaving this question open for so long.