We opened a support case on 2022-02-22 but so far no resolution.
Remote Credential Guard double-hop issue after server 2022 upgrade
we upgraded two of our jump/admin servers from server 2019 to server 2022. one was installed fresh, the other one was upgraded via inplace upgrade.
now mstsc /remoteguard no longer works correctly, we seem to run into a kerberos double-hop issue.
what we do is, we logon to the admin server as usual with credentials. then from the admin server we use mstsc /remoteguard to jump to a different machine. on the destination machine, upon opening network shares we receive the message:
"The system cannot contact a domain controller to service the authentication reuqest. Please try again later."
this did not happen before the upgrade. everything still works fine when starting from a server 2019 admin server.
no group policies, security settings or other modifications were done the infrastructure.
anyone else experiencing this?
14 answers
Sort by: Most helpful
-
-
Simon Kleinl-Roscic 1 Reputation point
2022-03-10T10:00:08.003+00:00 Same problem here: when using an Windows Server 2022 jump/admin host to connect to other machines using mstsc /remoteguard then we run in the kerberos double hop issue as robert described (you can´t access file shares, ...). It doesn´t matter if the destination machine is Windows Server 2016, 2019 or 2022. If you use an Windows Server 2016 or 2019 jump/admin host to connect to other machines using mstsc /remoteguard, then everything works as expected (access to file shares works, ...).
-
SIMONS Philippe 1 Reputation point
2022-03-14T10:14:17.78+00:00 Similar issue here, using Windows 10 21H2 after applying January Patch Tuesday Update (KB5009543) as source of RDP (destination machine is Windows Server 2019 or 2022.)
A work arround is to Lock / Unlock the remote session (CTRL+ALT+END) ... but I imagine then you are not relying on RGC but local Authentication. -
SIMONS Philippe 1 Reputation point
2022-03-14T11:30:25.443+00:00 We also opened a support case on 2022-01-14, and provided a reproduction scenario on 19-02-2022 ...
-
SIMONS Philippe 1 Reputation point
2022-04-26T15:05:55.483+00:00 Good news,
Preview update (4C) is available, and addresses the issueWindows Server 2022 - KB5012637 ,Windows 11 (SV) - KB5012643 , Windows 10 2004 \ 20H1 \ 20H2 \ 21H1 \21H2 -KB5011831
“Addresses an issue that causes Kerberos authentication to fail, and the error is “0xc0030009 (RPC_NT_NULL_REF_POINTER)”. This occurs when a client machine attempts to use the Remote Desktop Protocol (RDP) to connect to another machine while Remote Credential Guard is enabled.”