This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
we upgraded two of our jump/admin servers from server 2019 to server 2022. one was installed fresh, the other one was upgraded via inplace upgrade.
now mstsc /remoteguard no longer works correctly, we seem to run into a kerberos double-hop issue.
what we do is, we logon to the admin server as usual with credentials. then from the admin server we use mstsc /remoteguard to jump to a different machine. on the destination machine, upon opening network shares we receive the message:
"The system cannot contact a domain controller to service the authentication reuqest. Please try again later."
this did not happen before the upgrade. everything still works fine when starting from a server 2019 admin server.
no group policies, security settings or other modifications were done the infrastructure.
anyone else experiencing this?
We opened a support case on 2022-02-22 but so far no resolution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 81%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Same problem here: when using an Windows Server 2022 jump/admin host to connect to other machines using mstsc /remoteguard then we run in the kerberos double hop issue as robert described (you can´t access file shares, ...). It doesn´t matter if the destination machine is Windows Server 2016, 2019 or 2022. If you use an Windows Server 2016 or 2019 jump/admin host to connect to other machines using mstsc /remoteguard, then everything works as expected (access to file shares works, ...).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 85%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Similar issue here, using Windows 10 21H2 after applying January Patch Tuesday Update (KB5009543) as source of RDP (destination machine is Windows Server 2019 or 2022.)
A work arround is to Lock / Unlock the remote session (CTRL+ALT+END) ... but I imagine then you are not relying on RGC but local Authentication.
We also opened a support case on 2022-01-14, and provided a reproduction scenario on 19-02-2022 ...
Good news,
Preview update (4C) is available, and addresses the issue
Windows Server 2022 - KB5012637 ,Windows 11 (SV) - KB5012643 , Windows 10 2004 \ 20H1 \ 20H2 \ 21H1 \21H2 -KB5011831
“Addresses an issue that causes Kerberos authentication to fail, and the error is “0xc0030009 (RPC_NT_NULL_REF_POINTER)”. This occurs when a client machine attempts to use the Remote Desktop Protocol (RDP) to connect to another machine while Remote Credential Guard is enabled.”
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 33%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Solved the problem on my RDS 2019 environment by installing the KB below.
...This update addresses an issue that affects a network resource. You cannot access it from a Remote Desktop session. This occurs when you turn on the Remote Credential Guard feature and the client is Windows 11, version 22H2 or higher...
April 9, 2024—KB5036896 (OS Build 17763.5696) - Microsoft Support