Forum Discussion
RDP from W11 to W11 computer fails with invalid credentials error. But credentials are correct.
Hello,
I'm unable to RDP from one W11 computer to another in a Active Directory domain environment.
The error reported in the RDP app is: The login attempt failed. Your credentials did not work.
I'm able to use the same credentials on a W10 computer and successfully RDP to the W11 'server' computer.
There are no Event 4625 errors on the W11 'client' computer.
There are no cached credentials on the client computer.
I used Test-NetConnection -ComputerName $target -Port 3389 -InformationLevel Detailed
RemoteAddress : 192.168.0.33
RemotePort : 3389
NameResolutionResults : 192.168.0.33
MatchingIPsecRules :
NetworkIsolationContext : Private Network
InterfaceAlias : Ethernet
SourceAddress : 192.168.0.10
NetRoute (NextHop) : 0.0.0.0
TcpTestSucceeded : True
I would appreciate suggestions on how to troubleshoot the authentication issue.
Thank you
VW
3 Replies
- Walid_91Copper Contributor
Hi,
You might need to consider checking the following:
1- You may need to explicitly allow credential delegation via Group Policy as might be a missing delegation or missconfigured :
- Navigate to:
Computer Configuration > Administrative Templates > System > Credentials Delegation - Enable:
- Allow delegating saved credentials with NTLM-only server authentication
- Add TERMSRV/* to the list of allowed serve
2- Ensure using the the correct format that include the correct domain example: Domain\username or mailto:username@domain.local.
3-Check the local security Policy permissions and confirm that the user is allowed to logon via RDP:
- Run secpol.msc as admin
- Go to : Local policies > user rights assignement > Check allow log on through remote desktop services then add the user.
4-Might be a DNS resolution issue, try via the IP Address or via the hostname.
5-Try adding manually the credentials into the credential manager : Control Panel > Crendentials Manager > Windows Credentials > Add: TERMSRV/Hostname or TERMSRV/IP with correct domain credentials.
cmdkey /generic:TERMSRV/192.168.0.33 /user:DOMAIN\username /pass:yourpassword
Hopefully my troubleshooting steps helps you resolved the issue.
Good luck.
Walid
- Navigate to:
- VeeDub1Copper Contributor
Hello,
I subsequently realised that I needed to check the destination Security Event Log, rather than the client.
There are 4625 events in the Security Log. They're unusual.
- Status/Sub Status: 0xC000006D (Generic Failure)
- Account Name / Account Domain: Blank/Empty/NULL
That is, the username and password are not being transmitted.
I've tested from a 2nd computer and the behaviour is the same.
- PhilU115Copper Contributor
May be obvious, but worth checking that your W11 'client' has all the relevant services running (should be three of them listed in Services manager - ensure all are running.) Also check the Firewall is allowing it through.