[Solved] Remote Desktop Protocol Problems

[RavenLunatic]

I am having difficulties with my home network.

I have 5 Windows PC’s a mixture of Windows 10 & 11 Pro O/S’s.

The problem is I cannot remote desktop 2 of the machines (PC 1 and PC 2) or share files from them within the explorer network folder. It keeps telling me my credentials did not work. However, I can RDP the other way from them to the 3 working ones. All the machines are configured to be in a private network and discoverable. It’s as if they are not communicating over the network.

The only reason I bought Windows 10 & 11 Pro keys was to be able to use RDP, so I am a bit annoyed.

PC 1 is a Windows 10 Pro laptop recently installed with all current updates.

PC 2 is a Windows 11 Pro desktop with a fresh clean install of Windows.

I have exhausted searches on google for a solution. Does anyone have any suggestions?

The only workaround I can see is to use TeamViewer instead of RDP.

Thank you in advance.

 

[ChrisD.]

Are the firewalls configured to allow RDP connections? A quick check is to make sure that they are on the private firewall profile, switch it off and try again. Also, are they configured to allow remote connections? It's a setting in the control panel.

 

[RavenLunatic]

Tried resetting the firewall to defaults and re-enabling Remote desktop through the firewall without success. Since I can’t even do basic things like access shared folders on the 2 malfunctioning machines I think suggests it’s something else. Remote desktop is turned on within settings.

 

[ChrisD.]

Have you disabled the firewall and tried again?

 

[RavenLunatic]

Tried it, same result. I guess this means we can rule out the windows defender firewall.

 

[Simon42]

As above the firewall (Windows or third party AV firewalls) are a common cause.

Other causes can be host name resolution if you're using host name (try by IP), cached credentials using an old password (remove any cached ones in Credential Manager), not using an Admin account or one granted RDP access or RDP being disabled in settings but only the first two could possibly explain the lack of file access as well as RDP.

Also do the event logs show any more detailed?

 

[ChrisD.]

Are they all on the same network (VLAN)? And configured with the correct IP addresses, subnet masks and gateways? Also as above, try IP only.

I assume local accounts, are you doing .\ in front of the usernames when trying to log in?

 

[RavenLunatic]

All the network devices have local IP addresses in the 192.168.0.xxx range

Subnet mask is 255.255.255.0 on all machines gateway is 192.168.0.1

I am not sure how to check a VLAN. I don't think I have one configured

Tried using IP address to log in and every variasion of my username i get a message `your credentials did not work`

 

[ChrisD.]

If your username on a PC is

username

on the PC and you can log on locally with it, then put in

.\username

as the username via RDP. Assuming that the user has the rights to log in.

I have around ten Windows 10/11 & Server VMs and I don't have any issues with logging in on any of them.

 

[RavenLunatic]

When I use the .\username I get an error 'the username or password is incorrect'
Which is progress since it is getting checked by something.
I have created a local admin account which did not work either.

I have also tried running the RDP app with full admin which did not work.

Had another idea to turn off the vm hub4 firewall, alas that made no differnece either.

 

[ChrisD.]

When I use the .\username I get an error 'the username or password is incorrect'

Check the security log in eventvwr of the PC you are trying to log onto, there should be an Audit Deny message at the time you get a failed log on. It might give more information.

Also it might be a key mapping issue, ie, US vs UK keyboard.

 

[RavenLunatic]

Audit Failure logs found names and ip addresses have been modified.

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 07/02/2022 18:26:16
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: PC1
Description:
An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: [email protected]
Account Domain: MicrosoftAccount

Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A

Process Information:
Caller Process ID: 0x0
Caller Process Name: -

Network Information:
Workstation Name: Local PC
Source Network Address: fe81::a079:f5a6:d742:55b7
Source Port: 51288

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2022-02-07T18:26:16.7526963Z" />
<EventRecordID>42666</EventRecordID>
<Correlation ActivityID="{c9bf9ed0-1c4f-0001-699f-bfc94f1cd801}" />
<Execution ProcessID="776" ThreadID="836" />
<Channel>Security</Channel>
<Computer PC1</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">[email protected]</Data>
<Data Name="TargetDomainName">MicrosoftAccount</Data>
<Data Name="Status">0xc000006d</Data>
<Data Name="FailureReason">%%2313</Data>
<Data Name="SubStatus">0xc000006a</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp </Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">local pc</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">fe81::a079:f5a6:d742:55b7</Data>
<Data Name="IpPort">51288</Data>
</EventData>
</Event>


Looks encouraging. Login attempts are getting through but for some reason, they are not accepting my password.

 

[RavenLunatic]

I don't think its a keymapping issue as the account used was an exsisting ms e-mail one.

Also my user name and password are just fine on 3 other machines using the same account.

 

[ChrisD.]

Are they Microsoft accounts? Have your tried [email protected]?

 

[RavenLunatic]

Yes, it was the 1st thinng I did. I then tried it without the outlook.com and finaly the sortened version that shows it in the c:/users/

 

[RavenLunatic]

I had another idea - boot the target system(PC1) into safemode with networking but it did not allow sharing

 

[RavenLunatic]

I have found the solution by accident. I decided to log in to the local account set up on PC1 no PIN was set up so I used the full password in a futile hope enabling sharing on a fresh account would work. I turned on allow RDP in settings and went to try connecting on that account with my local machine and miraculously it connected!

Here is how I did it!

At the login screen of the computer, you want to remotely log in on instead of entering a PIN choose “forgotten PIN” it will then ask you to enter your full password. Then reset your PIN and log in as normal. And that’s it! The PC is now fully discoverable, and RDP works once remote desktop is enabled and network shares are turned on in settings.

I think the problem is I have always used a PIN to log in to both PC’s never to have had to use the full password, other than confirming my Microsoft account during the installation. The OS must need you to log in at least once with the full password to be able to check the password from the RDP request.