Forum Discussion
Protected Users on a brand new active directory (to force Kerberos)
- Dec 26, 2023
Ok, I found out what the problem is.
For some reason email address username @ domain.com shows no domain in the 4625 log, the domain\username shows just domain in the 4625 log and the email username @ domaine.dom shows domain.dom in the field and it works.
I'll have to look into why that is the case.
Hi,
I have the same exact issue on my own domain now.
With VPN on both computers, one works fine the other throws the usual 0xC07 error.
Also, the other worked fine a few days ago (through an ipsec tunnel, which doesnt work either now) which is even more weird.
Hi ArnaudTez,
thanks for your update.
The 0xC07 error suggests issues with Kerberos authentication. Check:
- VPN and IPsec Settings: Ensure consistent configurations on both ends.
- Firewall: Confirm ports for RDP and VPN are open.
- Network Connectivity: Verify no network issues between client and server.
- Updates: Check recent updates or changes on both machines.
- Event Logs: Investigate Windows Event Viewer for detailed error information.
- Rollback Changes: If issues started after a change, consider rolling back.
- Consult IT Support: Seek assistance from IT support or Microsoft for specific guidance.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
- ArnaudTezDec 19, 2023Copper Contributor
Hi,
Thanks for the informations !
1- I hooked up the computers to the same network and had the same issue
2- I can connect just fine without the protect user group on both (using RDP)
3- I dont remember any updates happening between friday and monday (both on windows 11 22h2 22621.2861)
4- what events should i be looking for ? (i only checked the 4625 until now)
Also for the first points that I didn't really answer :
1- The AD only has one FQDN
2- All ports should be opened (at least on the network part since one machine can communicate)
3- I have no idea how to check if the AES key is correct or not (?) i can check that as well. Since I am connecting with the same user I was thinking it was good.
Thanks !
Arnaud- ArnaudTezDec 26, 2023Copper Contributor
Ok, I found out what the problem is.
For some reason email address username @ domain.com shows no domain in the 4625 log, the domain\username shows just domain in the 4625 log and the email username @ domaine.dom shows domain.dom in the field and it works.
I'll have to look into why that is the case.