Logon attempt failed via RDP periodically

Arnold MIshaev 216 Reputation points
2022-01-16T23:01:00.203+00:00

Hey everyone,

We've got an issue, domain users who allow to access to member server\client via RDP couldn't access even Administrator who allow to access to any computer\Server object in domain.
it's happened periodically.
which means if we would reset VM three or four time then we could access via RDP, or if we would reset one of DCs

the issue appear on Layer 2 in the same network\LAN
All communication is good including required ports tested via telnet and windows firewall is off, we just keep getting "The logon attempt failed"
We are doing authentication with the same credentials via VM console and it worked normally.
if we make authentication via IP address or full FQDN example "PTR-01.domain.local." it works great, only when we tried to access via NetbiosName name example: "PTR-01" we getting error "Logon attempt failed"

There is no much information in event viewer about this.
also we run a sniffer on the network and it appears like the source who initiate the session he is also closing it after we enter the credentials.

Does anyone encounter with this issue or has any direction?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,493 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,127 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,243 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
Windows Server Management
Windows Server Management
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Management: The act or process of organizing, handling, directing or controlling something.
421 questions

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 32,506 Reputation points
    2022-01-24T01:43:19.283+00:00

    Hi,

    When you try to connect using netbios , the machine will add automatically a suffix defined in the suffix search list of the client machine to able to send a DNS query and resolve the name. The DNS resolve only FQDN not Netbios.
    I think when you try with Netbios the DNS return a wrong IP.
    Check the IP returned by the following command: 

    ping PRT-01.domain.local

ping PRT-01

    Please don't forget to mark helpful reply as answer

    0 comments
  2. Arnold MIshaev 216 Reputation points
    2022-01-24T07:03:10.92+00:00

    Hi @Thameur-BOURBITA

    Thanks for your answer.

    But this is not the case, When I'm pinging to NetBIOS name the windows autocompleted to FQDN.
    and as I mentioned the session is established, it's drop\failed on authentication process, which means it's passing the DNS process.

    167677-capture2.png

    0 comments
  3. Pablo Bin [US] 1 Reputation point
    2022-11-14T23:26:52.32+00:00

    Any news here? Having this issue

    0 comments
  4. Greig Ritchie 1 Reputation point
    2022-12-14T21:21:58.047+00:00

    Having the same issue. Has any fix been found?

    0 comments
  5. Roman Zatko 1 Reputation point
    2022-12-16T09:48:27.787+00:00

    We have also the same issue. any news with possible fix?

    0 comments