Good day All,
Welcome back!!! recently i was pulled to a little issue for RDP and found it interesting so thought to share to all.
The requirement was user had a JumpServer in TestEU domain and trying to RDP to a Server in TestUS domain.
So after connecting to TestEU domain when they launch mstsc and punch in the username and password for TestUS domain, it will take sometime and through error saying "Directory Logon Failure: bad credentials supplied"
1. Firewall ports was verified nothing blocking
2.Telnet on port 3389 from TestEU domain was working to a Server in TestUS domain
This is when i was called to check, it took time to understand why they doing double hop and i was able to tell them that this error is in RDP Client.
As we all know when RDP client version before 7.0 you will see RDP desktop first and then ask for credentials but after 7.0 as you soon as you hit connect it will ask for username and password and it will do the authentication process and it will take right you in the Server.
So what was happening when user is trying from a Jump Server in TestEU, even though he explicit provides TestUS domain name ,username and password the username and password are was checked against the current domain and getting that bad credentials error.
Why it does please google it because of single sign-on and registry it keeps validating the user name and password in current domain.
Work around:
1. Start, run , type mstsc and click options and remove any ip under Computer
2. In mstsc under connection settings click saveas on the desktop and it will get saved as default.rdp and close the mstsc
3. Now open a notepad and click open , select all files and open default.rdp and click ok
4. Scroll all the way down and add the following 2 below in the notepad and save it.
enablecredsspsupport:i:0
authentication level:i:0
5. Now asked them to double click the default.rdp on the desktop, type in the ip and see , does it open a RDP screen of windows 2012 to punch in domain name,user name and password.
Note: If you have a RDP client version 7 and below you would have never encountered this error because when you click mstsc and hit connect it will open a RDP session allowing to punch in username and password.
Hopefully this will help some and until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Welcome back!!! recently i was pulled to a little issue for RDP and found it interesting so thought to share to all.
The requirement was user had a JumpServer in TestEU domain and trying to RDP to a Server in TestUS domain.
So after connecting to TestEU domain when they launch mstsc and punch in the username and password for TestUS domain, it will take sometime and through error saying "Directory Logon Failure: bad credentials supplied"
1. Firewall ports was verified nothing blocking
2.Telnet on port 3389 from TestEU domain was working to a Server in TestUS domain
This is when i was called to check, it took time to understand why they doing double hop and i was able to tell them that this error is in RDP Client.
As we all know when RDP client version before 7.0 you will see RDP desktop first and then ask for credentials but after 7.0 as you soon as you hit connect it will ask for username and password and it will do the authentication process and it will take right you in the Server.
So what was happening when user is trying from a Jump Server in TestEU, even though he explicit provides TestUS domain name ,username and password the username and password are was checked against the current domain and getting that bad credentials error.
Why it does please google it because of single sign-on and registry it keeps validating the user name and password in current domain.
Work around:
1. Start, run , type mstsc and click options and remove any ip under Computer
2. In mstsc under connection settings click saveas on the desktop and it will get saved as default.rdp and close the mstsc
3. Now open a notepad and click open , select all files and open default.rdp and click ok
4. Scroll all the way down and add the following 2 below in the notepad and save it.
enablecredsspsupport:i:0
authentication level:i:0
5. Now asked them to double click the default.rdp on the desktop, type in the ip and see , does it open a RDP screen of windows 2012 to punch in domain name,user name and password.
Note: If you have a RDP client version 7 and below you would have never encountered this error because when you click mstsc and hit connect it will open a RDP session allowing to punch in username and password.
Hopefully this will help some and until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!