User account lost ability to connect to remote desktop

%3CLINGO-SUB%20id%3D%22lingo-sub-1440823%22%20slang%3D%22en-US%22%3EUser%20account%20lost%20ability%20to%20connect%20to%20remote%20desktop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1440823%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20user%20that%20has%20been%20connecting%20over%20our%20VPN%20to%20her%20desktop%20for%20months.%20Two%20days%20ago%2C%20it%20started%20to%20fail%20to%20connect%20(basically%20the%20generic%20'couldn't%20connect'%20message%20in%20the%20Windows%20store%20RD%20client).%20Using%20my%20account%20or%20any%20other%20account%20we%20can%20easily%20connect%20to%20her%20PC%2C%20just%20not%20her%20account.%20We%20tried%20having%20her%20connect%20to%20several%20different%20PC's%20but%20all%20fail%2C%20just%20on%20her%20user%20account%2C%20so%20this%20is%20not%20the%20PC%20or%20it's%20settings%2C%20it's%20her%20account.%20Plus%20it%20was%20working%20fine%20for%20a%20long%20time%20right%20up%20until%20it%20started%20failing%2C%20no%20changes%20at%20all%20in%20her%20account%2C%20groups%2C%20etc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20went%20into%20her%20account%20just%20to%20double%20check%20she's%20part%20of%20the%20remote%20users%20group%2C%20is%20allowed%20on%20the%20machine%2C%20passwords%20okay%2C%20etc.%20Everything%20looks%20fine%2C%20she%20just%20can%20no%20longer%20connect.%20The%20only%20thing%20I%20can%20think%20of%20is%20some%20update%20either%20on%20the%20server%20or%20all%20the%20clients%20have%20cut%20her%20off%20for%20some%20reason%3F%20It's%20definitely%20tied%20to%20her%20user%20account%20as%20a%20bunch%20of%20other%20accounts%20(including%20mine)%20work%20fine.%20The%20PC%20is%201909%2C%20the%20AD%20server%20is%20Windows%20Server%202019%20v.1809%2C%20fully%20patched%2Fup%20to%20date.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20seen%20this%3F%20Is%20her%20AD%20account%20somehow%20corrupt%20or%20some%20new%20security%20thing%20come%20out%20and%20bork%20this%20connection%3F%20Any%20help%20greatly%20appreciated%20as%20we%20just%20had%20the%20preliminary%20report%20of%20another%20user%2C%20but%20still%20have%20to%20confirm.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1440823%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eactive%20directory%20account%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eremote%20desktop%20connection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Erights%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Euser%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1440859%22%20slang%3D%22en-US%22%3ERe%3A%20User%20account%20lost%20ability%20to%20connect%20to%20remote%20desktop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1440859%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F89316%22%20target%3D%22_blank%22%3E%40Curt%20Kessler%3C%2FA%3E%26nbsp%3BMore%20info--we've%20now%20had%20three%20people%20(our%20whole%20accounting%20team%20and%20primary%20users%20of%20RD)%20that%20can't%20get%20back%20into%20their%20machines%2C%20so%20it's%20spreading.%20Some%20things%20we've%20seen%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20still%20get%20in%20(but%20am%20an%20administrator)%20to%20any%20PC%20I%20connect%20to%20(all%20admin%20accts%20seem%20to%20be%20fine)%3C%2FP%3E%3CP%3ERemoting%20in%20with%20GoTo%20Assist%20still%20works%2C%20the%20PC's%20are%20fine%3C%2FP%3E%3CP%3EAll%20three%20broken%20users%20are%20in%20remote%20desktop%20group%3C%2FP%3E%3CP%3EAll%20machines%20internally%20are%20on%201909%20Windows%3C%2FP%3E%3CP%3EOpening%20a%20Windows%20VM%20on%20server%20and%20logging%20in%20directly%20under%20a%20broken%20user%20still%20works%3C%2FP%3E%3CP%3ELocal%20login%20to%20the%20PC%20still%20works%20for%20users%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

I have a user that has been connecting over our VPN to her desktop for months. Two days ago, it started to fail to connect (basically the generic 'couldn't connect' message in the Windows store RD client). Using my account or any other account we can easily connect to her PC, just not her account. We tried having her connect to several different PC's but all fail, just on her user account, so this is not the PC or it's settings, it's her account. Plus it was working fine for a long time right up until it started failing, no changes at all in her account, groups, etc.

 

I went into her account just to double check she's part of the remote users group, is allowed on the machine, passwords okay, etc. Everything looks fine, she just can no longer connect. The only thing I can think of is some update either on the server or all the clients have cut her off for some reason? It's definitely tied to her user account as a bunch of other accounts (including mine) work fine. The PC is 1909, the AD server is Windows Server 2019 v.1809, fully patched/up to date. 

 

Anyone seen this? Is her AD account somehow corrupt or some new security thing come out and bork this connection? Any help greatly appreciated as we just had the preliminary report of another user, but still have to confirm. 

 

2 Replies
Highlighted

@Curt Kessler More info--we've now had three people (our whole accounting team and primary users of RD) that can't get back into their machines, so it's spreading. Some things we've seen:

 

I can still get in (but am an administrator) to any PC I connect to (all admin accts seem to be fine)

Remoting in with GoTo Assist still works, the PC's are fine

All three broken users are in remote desktop group

All machines internally are on 1909 Windows

Opening a Windows VM on server and logging in directly under a broken user still works

Local login to the PC still works for users

 

Highlighted

@Curt Kessler And yet some more information. This appears to be a problem with the Windows store RDP client (both normal and release preview). The old 'classic' ugly application seems to work if we connect to the IP address directly. So it's maybe not the accounts but the client app. 

 

Oddly, the modern client application works fine for administrator accounts to PC's, VM's and servers. Only standard users fail. Some new 'enhanced security' bumping out users?