Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,457 questions
RDS 2019 - Will not accept password for users in "RemoteApp and Desktop Connections" but does accept them on RDWeb and the RDP file downloaded from RDWeb
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 94%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marcus Tägtström
41
Reputation points
Hi,
Users passwords are not accepted when trying to set up "RemoteApp and Desktop Connections" from client computers but does accept them on RDWeb and the RDP file downloaded from RDWeb.
We started experiencing the issue after an attempt to expand and rearrange the RDS server farm to include two more servers, one RD Session Host and one server to replace hosting of the RD services RD Connection Broker, RD Web Access and RD Gateway from the RDS server farms (before previously mentioned exercise) only RD Session Host. The plan was to remove the migrated services from the RD Session Host when everything seemed like it was working.
The project had to be aborted when we noticed that the new RD Web Access server didn't publish anything, everything looked ok in the IIS but there were no RD Webpage when surfing to the server from the server itself or from the outside. I believe this was due to the server not being added to the "RDS Remote Access Services " security group.
Because we no longer could add new connections from client computers we had to steer back the WAN https forwarding from the new RDS server to the old Session Host server and by doing so we could once again connect to resources on the old RD Session Host server.
However.. when we tried to add new RemoteApp and Desktop Connections from client computers the RDS environment did not accept the password of any user accounts but as I mentioned earlier it did work to connect through RDWeb and the RDP file downloaded from RDWeb.
I added both RDSH01 and RDS01 to the "RDS Remote Access Services " security group to see if this could solve the authentication issue but this had the result that no users could access any published resources one any of the two RD Session Hosts however the tried to connect to them. I subsequently hade to remove both servers from the security group so the users could access there remote resources.
The setup:
Old environment
DC01 – (Primary) AD services, DNS Server and RD licensing sever.
DC02 – (Secondary) AD services, DNS server
RDSH01 - RD Connection Broker, RD Web Access and RD Gateway, RD Session Host
After the expansion
DC01 – (Primary) AD services, DNS Server and RD licensing sever.
DC02 – (Secondary) AD services, DNS server
RDSH01 - RD Connection Broker, RD Web Access and RD Gateway, RD Session Host
RDSH02 - RD Session Host
RDS01 - RD Connection Broker, RD Web Access and RD Gateway
Duos anyone have an idea were to start looking for the cause of the issue?
{count} votes
-
Karlie Weng 14,031 Reputation points Microsoft Vendor2021-02-17T02:37:44.053+00:00 hi
what's the prompt error messages when RemoteApp and Desktop Connections not accepting passwords?
Is it possible related with RD Web server’s SSL certificate name changed? -
Marcus Tägtström 41 Reputation points
2021-02-17T07:41:23.4+00:00 Hi KarlieWeng,
Thank you for your reply.
As you can se on the image below it's the username or password that’s the issue, it’s most likely the account itself that’s not allowed to log in.
We are using a wildcard SSL Cert so even if the RD Web servers FQDN would have changed (which it hasn't) I can't see how this would have an impact.
-
Karlie Weng 14,031 Reputation points Microsoft Vendor
2021-02-24T08:44:47.677+00:00 How about the workaround in this article ?Fix: Your Credentials Did not Work in Remote Desktop
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 26%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Scott Healey 1 Reputation point2022-05-10T21:03:33.41+00:00 Did you ever resolve this issue? I have the exact same issue but this is on a new RDS deployment with Gateway, Connection Broken and RD Web Access on a single server and Two RD Session Host on two separate servers.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEL%3C/text%3E%3C/svg%3E)
edgardo lora 26 Reputation points2022-05-12T15:05:39.593+00:00 HOLA MARCUS SOY EDGARDO DESDE COLOMBIA ME PODRIAS POR FAVOR COLABORAR CON UN PROBLEMITA QUE TENGO RESULTA QUE EN DIAS PASADOS DESCARGUE UNA MAQUINA VIRTUAL GRATIS EN AZURE ESTE ARCHIVO LO DESCARGUE POR SISTEMA RDP EL CUAL LE ASIGNA LAS CREDENCIALES DE RIGOR PERO AL INTENTAR CONECTARME NO ME ACXETA LAS CREDENCIALES REALES QUE LE ASIGNE Y INTENTO CON OTRAS PERO IGUAL NO ME ABRE CUAL SERIA EL PROBLEMA AHI GRACIAS.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 60%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Ghaith Alhourani 1 Reputation point2023-09-20T11:03:14.82+00:00 non-domain computers:
both server and clients must edit Policy: LAN Manager Authentication to use NTLMv2 response only and refuse NT also Require NTLMv2 session security must be enabled in Minimum session security for NTLM SSP based (including secure RPC) clients.
in the GPO editor, go to Computer Configuration –> Administrative Templates –> System –> Credentials and allow delegating saved credentials, and add your server name like TERMSRV/"just exact the certificate name" force update group policy and once you finish,
Make new MSTSC profile and save it to save credentials do not use username @ domain, use domain\username instead.
Sign in to comment