AzureAD Failure 2313

Question

AzureAD Failure 2313

Everest MacDonald 21

Hi All,

Spun up a new Azure Server 2019, and trying to authenticate using AzureAD user accounts for server login for the first time using that new preview functionality.

I've verified that the users have the "Virtual Machine Administrator Login" role, and that the PC trying to RDP From is AzureAD Registered.

However, I can't get any users to finish authentication properly. In the server logs, the RDP log identifies that an attempt to login happened, but did not complete. In the security log, I get the failure shown below. Through some Googling it is suggested that the error code & sub-error code mean that the user account does not exist. I tried adding the user accounts right on the server as "Work or school users" just in case, but it still throws the same error.

Any thoughts?

System

-
EventData

SubjectUserSid
S-1-0-0

SubjectUserName

-
SubjectDomainName

-
SubjectLogonId
0x0

TargetUserSid
S-1-0-0

TargetUserName
username@keyman .ca

TargetDomainName
AzureAD

Status
0xc000006d

FailureReason
%%2313

SubStatus
0xc0000064

LogonType
3

LogonProcessName
NtLmSsp

AuthenticationPackageName
NTLM

WorkstationName
My_Workstation

TransmittedServices

-
LmPackageName

-
KeyLength
0

ProcessId
0x0

ProcessName

-
IpAddress
216.223.79.xx

IpPort
0

James Hamil 14,346 Reputation points Microsoft Employee

2021-03-03T22:25:03.98+00:00

Hi @Everest MacDonald , can you please post the full error message and any screenshots associated with it?

Thank you,
James
Everest MacDonald 21 Reputation points

2021-03-04T02:53:17.087+00:00

Hi James, thanks for your reply. There isn't an error message other than the entry in the event log that I posted, and a rejection of the RDP session which I've posted a screenshot to here:
Jitendra Rai 221 Reputation points

2021-03-08T06:26:21.767+00:00

Thanks @Everest MacDonald . The Failure reason mentioned in the FailureReason %%2313 means - Unknown user name or bad password (529). Could you please makesure your domain name or domain controller are correct. Please follow this document - https://learn.microsoft.com/en-us/azure/active-directory-domain-services/overview
Everest MacDonald 21 Reputation points

2021-03-08T21:19:08.09+00:00

Hi Jitendra,

Thanks for your response. The thing about this setup is that the server was newly created in Azure with the AADLoginForWindows plugin (selected as part of the wizard). So there really isn't a domain name/controller that could be set wrong, because it's provided directly by AAD.

The guide we followed is at:
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

James Hamil 14,346 Reputation points Microsoft Employee

2021-03-03T22:25:03.98+00:00

Hi @Everest MacDonald , can you please post the full error message and any screenshots associated with it?

Thank you,
James
Everest MacDonald 21 Reputation points

2021-03-04T02:53:17.087+00:00

Hi James, thanks for your reply. There isn't an error message other than the entry in the event log that I posted, and a rejection of the RDP session which I've posted a screenshot to here:
Jitendra Rai 221 Reputation points

2021-03-08T06:26:21.767+00:00

Thanks @Everest MacDonald . The Failure reason mentioned in the FailureReason %%2313 means - Unknown user name or bad password (529). Could you please makesure your domain name or domain controller are correct. Please follow this document - https://learn.microsoft.com/en-us/azure/active-directory-domain-services/overview
Everest MacDonald 21 Reputation points

2021-03-08T21:19:08.09+00:00

Hi Jitendra,

Thanks for your response. The thing about this setup is that the server was newly created in Azure with the AADLoginForWindows plugin (selected as part of the wizard). So there really isn't a domain name/controller that could be set wrong, because it's provided directly by AAD.

The guide we followed is at:
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

AzureAD Failure 2313

Activity