WIndows server 2008R2 RDP issue

Daniel 81 Reputation points
2024-02-27T13:40:53.22+00:00

Hello, I'm in a process of migration of a services from an old Windows server 2008R2 to Windows server 2022 and I'm struggling with and RDP issue. All of a sudden I'm not able to connect to a server via RDP which is making migration process a bit painful. I have check server logs and in the logs it looks like the RDP session is established and user was connected to server: The computer attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: user Source Workstation: PC01 ############################################################################ Special privileges assigned to new logon. Subject: Security ID: DOMAIN\user Account Name: user Account Domain: domain Logon ID: 0x25f987 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeEnableDelegationPrivilege SeTcbPrivilege SeAssignPrimaryTokenPrivilege ############################################################################# An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: DOMAIN\user Account Name: user Account Domain: DOMAIN Logon ID: 0x25f987 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: PC01 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V2 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. ################################################################################################################################################################################################################### An account was logged off. Subject: Security ID: DOMAIN\user Account Name: user Account Domain: DOMAIN Logon ID: 0x25f987 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. But I get this error when I try to login: User's image

Dos anyone have any idea how to solve this issue so I can complete the migration?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,920 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,503 questions
0 comments No comments
{count} votes

Accepted answer
  1. Karlie Weng 18,031 Reputation points Microsoft Vendor
    2024-02-28T07:22:43.2966667+00:00

    Hello,

    This issue is may caused by Encryption methods, you can try to disable NLA for a workaround.

    a. Open gpedit.msc applet.

    b. Navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security.

    c. Enable Require use of specific security layer for remote (RDP) connections and select RDP as Security Layer.

    Disable Require user authentication for remote connections by using Network Level Authentication policy.

    Reboot Terminal server.

    d. Navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Require use of specific security layer for remote (RDP) connections

    e. Choose RDP layer and save.

    Then the authentication will occur on terminal server.


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.