question

ManishChawda-0385 avatar image
0 Votes"
ManishChawda-0385 asked ManishChawda-0385 answered

RDP Authentication error

Hi,

I recently by mistake configured "Network security: Restrict NTLM: NTLM authentication in this domain" on Domain Controller and found that my mails outgoing was stopped, users were not able to access SMB using \\IP instead they had to use \\SMBServerName

Then after I removed the, did gpupdate and asked users to continue using \\SMBServerName. Somehow work started but one issue I started to faced. Prior to above configuration I was able to RDP using domain accounts which were member of Administrators. But now if I RDP using other then Administrator. I received the error as attached.

200860-image.png




I did the settings as available on Net, but nothing doing.

After that I came across a line on one of site explaining about disable NLA - As soon as I disabled NLA I was able to connect using accounts other then Administrator. But before configuring NTLM as explained above, NLA was working absolutely fine!

It is production server which I configured. I did all the above just to check as if I have NTLM or Kerberos enabled / disabled. As per one of site explanation, if we access using IP then NTLM authentication is used and if we access using DNS name then Kerberos is used.

Now I just configured below so I can make sure what Authentication is used.

Network security: Restrict NTLM: Audit Incoming NTLM Traffic - Enable auditing for all accounts --- On All Systems
Network security: Restrict NTLM: Audit NTLM authentication in this domain - Enable all --- On Domain Controller
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers - Audit all --- On All Systems.

As soon as I got the event viewer what I see is in Event Viewer "Kerberos-Key-Distribution-Center" has no logs while NTLM is logs with Event ID 4004.

Please advise for 2 issues - One for RDP not available other then Administrator and Second - Why NTLM is showing logs with 4004 ID and Kerberos is blank.

Please help me resolve and understand why it is happening.

remote-desktop-services
image.png (8.6 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

200928-domain-controller-blocked.pdf



Even though I have removed NTLM authentication restriction then also receiving such logs as attached. I have just added Auditing NTLM logs.

0 Votes 0 ·

HOLA MANISH SOY EDGARDO DESDE COLOMBIA Y TENGO EL SIGUIENTE PROBLEMA ME PODRIAS AYUDAR RESULTA QUE CREEC UNA MAQUINA VIRTUAL GRATIS EN AZURE PARA UNAS PRUEBAS YA QUE AL CREAR LA MAQUINA LE APLIIQUE QUE DICHO ARCHIVO SE DESCARGARA POR EL SISTEMA RDP PERO AL CONECTARME POR MEDIO DEL ESCRITORIO REMOTO NO ME ACEPTA LAS CREDENCIALES Y LE DOY CAMBIALAS Y TAMPOCO ME LAS ACEPTA QUE DEBO HACER GRACIAS.

0 Votes 0 ·

1 Answer

ManishChawda-0385 avatar image
0 Votes"
ManishChawda-0385 answered

Please help!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.