Remote Desktop to Server 2008R2 fails from one particular Win7 client

windows-7 windows-server-2008-r2 remote-desktop login

5,568

Solution 1

A couple of things based on your post of the event log:

The NULL SID indicates that no such user account exists.
The status code 0xc0000064 indicates that the user name does not exist
Logon Type 3 is a network logon, but an RDP logon is normally a logon type 10 (RemoteInteractive).

Aside form the logon type being 3 instead of 10 as I would expect, have you tried logging on to the server with a domain account (domain\username)? It looks like you're trying to log on with a local user account (machine\username). Are you sure the local user account exists?

Solution 2

It sounds like you're on the right track, it's most likely a username issue. I would confirm that:

On Win 7, RDP app, Options, Advanced Tab: "If server authentication fails" s/b set to "connect & don't warn me" or "warn me" as you prefer but not "don't connect".
In same tab make surer there isn't anything unusual in the the "Connect from Anywhere" Settings button.
Then go back to the General tab and confirm the host\username settings. Since it's a local account I would also try it w/ just the username, no hostname.

If this is a saved connection then I would delete it and/or create a new connection in case it's just corrupt.

Solution 3

Long shot... I know this is NTLM, but there are some aspects of NTLM that might be factoring in time skew (There's this: https://superuser.com/questions/395966/how-inaccurate-must-the-clocks-time-be-for-ntlm-requests-to-be-denied-due-to-th which leads to this: http://support.microsoft.com/en-au/kb/976918). Might want to check the clocks.

5,568

Jesse McGrew

Updated on September 17, 2022

Comments

Jesse McGrew over 1 year
I have a VPS running Windows Web Server 2008 R2. I'm able to connect using Remote Desktop from my home PC (Windows 7), personal laptop (Windows 7), and work laptop (Windows XP).

However, I cannot connect from my work PC (Windows 7). I receive the error "The logon attempt failed" in the RDP client, and the server event log shows "An account failed to log on" with this explanation:
```
Subject:
    Security ID:        NULL SID
    Account Name:       -
    Account Domain:     -
    Logon ID:       0x0

Logon Type:         3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:       username
    Account Domain:     hostname

Failure Information:
    Failure Reason:     Unknown user name or bad password.
    Status:         0xc000006d
    Sub Status:     0xc0000064

Process Information:
    Caller Process ID:  0x0
    Caller Process Name:    -

Network Information:
    Workstation Name:   JESSE-PC
    Source Network Address: -
    Source Port:        -

Detailed Authentication Information:
    Logon Process:      NtLmSsp 
    Authentication Package: NTLM
    Transited Services: -
    Package Name (NTLM only):   -
    Key Length:     0
```
I can connect from the offending work PC if I start up Windows XP Mode and use the RDP client inside that.

The server is part of a domain but my account is local, so I'm logging in using a username of the form hostname\username. None of the clients are part of a domain. The server uses a self-signed certificate, and connecting from home I get a warning about that, but connecting from work I just get the logon error.
- joeqwerty over 12 years
  
  Can you post the Event log entry in it's entirety? I'm particularly interested in the Event ID and the logon type.
- Jesse McGrew over 12 years
  
  @joeqwerty: Done.
- Colyn1337 over 10 years
  
  For purposes of clarity, when you're entering the hostname, is it the computer you're connecting FROM or the server you're connecting TO that you substitute with? Also, if it's a local account on the server you're trying to authenticate as, in the user box put "\username". Do you get the same error?
Jesse McGrew over 13 years

(1) It is set to "warn me". (2) It is set to automatically detect the gateway settings, but no luck either if I tell it to never use a gateway. (3) Doesn't work with or without the hostname. (4) It is not a saved connection.
Ed Fries over 13 years

I haven't seen anything interfere w/ the user/pswd entry once the connection handshake has been established. If it was a firewall issue on the client then I would expect the connection to fail before that authentication dialogue box and the server wouldn't record the logon failure. I guess the AV & firewall could be disabled but that seems unlikely to help. Also could try setting up a new local user w/ different pswd on the server, also a somewhat unlikely solution. Out of ideas for the moment.