How to set up remote desktop connection, from private pc into work pc which uses Azure? Getting failed logon error with correct details.

[Delano.888]

So my normal pc is just no my normal local network, no vpn.

Then I have a work pc running, next to the normal pc, which has an always-on work VPN.

I now use a second monitor for work, which isn't great. It's next to my much bigger normal monitor. I use input director to use my 1 keyboard and mouse for both computers, that works fantastic even with the work VPN on. Didn't need any special setup.

However setting up remote desktop connection doesn't seem to work, or I might be doing it wrong.

I'm thinking it's the latter. Because it keeps saying my password is wrong, even though it's 100% right. See:

And yes, the receiving computer does have RDP access enabled, network discovery is on, and even file and printer sharing is on.

Any other ideas? And no the admin hasn't disabled the setting because remote assistance is greyed out, but remote desktop is not greyed out. Remote assistance doesn't need to be turned on, right?

Also I noticed when I go to select users for RDP, it's empty. But I have another PC set up exactly the same way (non work) and it also has users empty, and it works just fine.

[Electronics Wizardy]

Since its saying access denied, its probably a permissions error, not a network error as the rdp service needs to communicate to get that error.

 

Is this system managed by your IT dept? 

 

Are you including the domain in the username? You many need to use domain\userName instead of just the userName if your are connecting from a system that is not on the same domain.

 

Are you using a local, AD, or Azure account on the system?

[Delano.888]

1 minute ago, Electronics Wizardy said:

Since its saying access denied, its probably a permissions error, not a network error as the rdp service needs to communicate to get that error.

 

Is this system managed by your IT dept? 

 

Are you including the domain in the username? You many need to use domain\userName instead of just the userName if your are connecting from a system that is not on the same domain.

 

Are you using a local, AD, or Azure account on the system?

I'm sorry I'm such a failure, I had noticed my work pc local network was set to public network all along, changed that and got a lot further, edited the op. I now only get denied on the password.

[Electronics Wizardy]

1 minute ago, Delano.888 said:

I'm sorry I'm such a failure, I had noticed my work pc local network was set to public network all along, changed that and got a lot further, edited the op. I now only get denied on the password.

There is a different error if your user isn't allowed to have a RDP connection, so this is probably a wrong username and password combo. Check that the domain is set correctly.

[Delano.888]

1 minute ago, Electronics Wizardy said:

There is a different error if your user isn't allowed to have a RDP connection, so this is probably a wrong username and password combo. Check that the domain is set correctly.

Okay well then I'm almost there I guess. However the username and password are 100% correct, even checked it on the work pc and copy pasted it. It's correct.

The username can be entered as only my email, or domain\myemail. Both give the same error though.

[Delano.888]

Also if I enter the domain\localusername it gives a different error:

 

 

So I am pretty sure it has to be my email.

[Delano.888]

Also did all of this besides the regedit because I don't think I should be regediting the work pc:

 

https://appuals.com/fix-your-credentials-did-not-work-in-remote-desktop/

 

Didn't help.

[Electronics Wizardy]

1 minute ago, Delano.888 said:

Also did all of this besides the regedit because I don't think I should be regediting the work pc:

 

https://appuals.com/fix-your-credentials-did-not-work-in-remote-desktop/

 

Didn't help.

Try following this guide https://www.niallbrady.com/2017/08/23/how-can-i-rdp-to-an-azure-ad-joined-windows-10-device/

 

Since your work laptop has azure ad.

[Delano.888]

12 minutes ago, Electronics Wizardy said:

Try following this guide https://www.niallbrady.com/2017/08/23/how-can-i-rdp-to-an-azure-ad-joined-windows-10-device/

 

Since your work laptop has azure ad.

Awww that really looked like it could have been the solution for me, but no, still "the logon attempt failed"

[Delano.888]

Also just changed the account PW because on some site it said Azure RDP only works with a really strong password, didn't help either.

[Delano.888]

Looking for alternatives I was thinking maybe I can set up wireless display. Got that working! Dang that input lag is crazy slow. But it's something until I get RDP working.

[RiffTheRaff]

When checking step 1 in this manual How can I RDP to an Azure AD joined Windows 10 device ? | just another windows noob ? (niallbrady.com)

have you also checked the "Select users...." button.

 

Check if your user is in the list or has already access. Otherwise add the user ....

[Delano.888]

2 minutes ago, RiffTheRaff said:

When checking step 1 in this manual How can I RDP to an Azure AD joined Windows 10 device ? | just another windows noob ? (niallbrady.com)

have you also checked the "Select users...." button.

 

Check if your user is in the list or has already access. Otherwise add the user ....

I find this setting on the to-be-controlled pc, correct?

And the user that it says there has to be the user of that same pc, right?

 

Or should I somehow add the controlling pc there?

[RiffTheRaff]

It is on the PC that you want to control and the user is the Azure user (work user) on the controlled PC you want to connect with.

 

[Delano.888]

Just now, RiffTheRaff said:

It is on the PC that you want to control and the user is the Azure user (work user) on the controlled PC you want to connect with.

 

The one I want to control is the work pc with Azure. The one I want to use to control everything is the personal pc.

[RiffTheRaff]

6 minutes ago, Delano.888 said:

The one I want to control is the work pc with Azure. The one I want to use to control everything is the personal pc.

On the work PC you have to add the work account (azure) to the RDP users list (users in the administrators group have access automatically).

On the personal PC you connect with RDP client to the work PC and you have to use your work account (azure) to authenticate.

[Delano.888]

9 minutes ago, RiffTheRaff said:

On the work PC you have to add the work account (azure) to the RDP users list (users in the administrators group have access automatically).

On the personal PC you connect with RDP client to the work PC and you have to use your work account (azure) to authenticate.

Did all that. Still gives the same error.

[RiffTheRaff]

Can you check the event log Security for an Audit Failure.

Try to login via RDP from your personal PC and immediately check the "Security" log (refresh with F5 key) on your work PC for an error.

It should contain the details why the login failed, hopefully.

Copy it into here and mask your private/work data. 

 

 

Example: 

An account failed to log on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		**********@outlook.***
	Account Domain:		

Failure Information:
	Failure Reason:		Unknown user name or bad password.
	Status:			0xC000006D
	Sub Status:		0xC000006A

Process Information:
	Caller Process ID:	0x0
	Caller Process Name:	-

Network Information:
	Workstation Name:	MYPC
	Source Network Address:	192.168.0.66
	Source Port:		0

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

 

[RiffTheRaff]

Have you added the two lines

enablecredsspsupport:i:0
authentication level:i:2

to your RDP file on the personal PC and afterwards opened it with mstsc.exe? As it is descibed in this article: How can I RDP to an Azure AD joined Windows 10 device ? | just another windows noob ? (niallbrady.com)

 

Have you tried to use 'AzureAD\yourname@domain.com' for RDP username.

[RiffTheRaff]

Maybe following checkbox is enough to set and connect with  'AzureAD\yourname@domain.com'

[Delano.888]

3 hours ago, RiffTheRaff said:

Have you added the two lines

enablecredsspsupport:i:0
authentication level:i:2

to your RDP file on the personal PC and afterwards opened it with mstsc.exe? As it is descibed in this article: How can I RDP to an Azure AD joined Windows 10 device ? | just another windows noob ? (niallbrady.com)

 

Have you tried to use 'AzureAD\yourname@domain.com' for RDP username.

 

Did all that, doesn't help.

 

2 hours ago, RiffTheRaff said:

Maybe following checkbox is enough to set and connect with  'AzureAD\yourname@domain.com'

Thanks, tried that. Didn't help. I'm desensitizing the event viewer info now maybe some of you can understand the issue there.

[Delano.888]

3 hours ago, RiffTheRaff said:

Can you check the event log Security for an Audit Failure.

Try to login via RDP from your personal PC and immediately check the "Security" log (refresh with F5 key) on your work PC for an error.

It should contain the details why the login failed, hopefully.

Copy it into here and mask your private/work data. 

 

 

Example: 

An account failed to log on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		**********@outlook.***
	Account Domain:		

Failure Information:
	Failure Reason:		Unknown user name or bad password.
	Status:			0xC000006D
	Sub Status:		0xC000006A

Process Information:
	Caller Process ID:	0x0
	Caller Process Name:	-

Network Information:
	Workstation Name:	MYPC
	Source Network Address:	192.168.0.66
	Source Port:		0

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

 

Hope you can make some sense out of this, thanks for trying!:

 

 

2 events got added:

 

The computer attempted to validate the credentials for an account.

 

Authentication Package:           MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon Account: *work mail address*

Source Workstation:     *private pc name*

Error Code:      0xC0000064

 

- System

 

  - Provider

 

   [ Name]  Microsoft-Windows-Security-Auditing

   [ Guid]  {54849625-5478-4994-a5ba-3e3b0328c30d}

 

   EventID 4776

 

   Version 0

 

   Level 0

 

   Task 14336

 

   Opcode 0

 

   Keywords 0x8010000000000000

 

  - TimeCreated

 

   [ SystemTime]  2023-01-12T14:49:03.7400541Z

 

   EventRecordID 4232905

 

  - Correlation

 

   [ ActivityID]  {84e06888-d1f4-4858-a054-d892caf97901}

 

  - Execution

 

   [ ProcessID]  988

   [ ThreadID]  13400

 

   Channel Security

 

   Computer *work pc name*

 

   Security

 

 

- EventData

 

  PackageName MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

  TargetUserName *work mail address*

  Workstation *private pc name*

  Status 0xc0000064

 

 

 

----

 

 

An account failed to log on.

 

Subject:

            Security ID:                  NULL SID

            Account Name:             -

            Account Domain:                      -

            Logon ID:                     0x0

 

Logon Type:                             3

 

Account For Which Logon Failed:

            Security ID:                  NULL SID

            Account Name:             *work mail address*

            Account Domain:                     

 

Failure Information:

            Failure Reason:            Unknown user name or bad password.

            Status:                         0xC000006D

            Sub Status:                  0xC0000064

 

Process Information:

            Caller Process ID:         0x0

            Caller Process Name:    -

 

Network Information:

            Workstation Name:        *private pc name*

            Source Network Address:         *ipv6 address removed*

            Source Port:                 0

 

Detailed Authentication Information:

            Logon Process:            NtLmSsp

            Authentication Package:           NTLM

            Transited Services:       -

            Package Name (NTLM only):    -

            Key Length:                  0

 

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

 

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

 

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

 

The Process Information fields indicate which account and process on the system requested the logon.

 

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

 

The authentication information fields provide detailed information about this specific logon request.

            - Transited services indicate which intermediate services have participated in this logon request.

            - Package name indicates which sub-protocol was used among the NTLM protocols.

            - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

 

- System

 

  - Provider

 

   [ Name]  Microsoft-Windows-Security-Auditing

   [ Guid]  {54849625-5478-4994-a5ba-3e3b0328c30d}

 

   EventID 4625

 

   Version 0

 

   Level 0

 

   Task 12544

 

   Opcode 0

 

   Keywords 0x8010000000000000

 

  - TimeCreated

 

   [ SystemTime]  2023-01-12T14:49:03.7433226Z

 

   EventRecordID 4232906

 

  - Correlation

 

   [ ActivityID]  {84e06888-d1f4-4858-a054-d892caf97901}

 

  - Execution

 

   [ ProcessID]  988

   [ ThreadID]  13400

 

   Channel Security

 

   Computer *work pc name*

 

   Security

 

 

- EventData

 

  SubjectUserSid S-1-0-0

  SubjectUserName -

  SubjectDomainName -

  SubjectLogonId 0x0

  TargetUserSid S-1-0-0

  TargetUserName *work mail address*

  TargetDomainName 

  Status 0xc000006d

  FailureReason %%2313

  SubStatus 0xc0000064

  LogonType 3

  LogonProcessName NtLmSsp 

  AuthenticationPackageName NTLM

  WorkstationName *private pc name*

  TransmittedServices -

  LmPackageName -

  KeyLength 0

  ProcessId 0x0

  ProcessName -

  IpAddress *ipv6 address removed*

  IpPort 0

 

[RiffTheRaff]

The sub status 0xC0000064 means that the username is unknown. (Source 4776(S, F) The computer attempted to validate the credentials for an account. (Windows 10) | Microsoft Learn)

Try different username variants and check if the sub status changes.

On the work pc run "net user" or "echo %username%" in a command line (cmd.exe) and use the name that is displayed there for logon.

[Delano.888]

10 minutes ago, RiffTheRaff said:

The sub status 0xC0000064 means that the username is unknown. (Source 4776(S, F) The computer attempted to validate the credentials for an account. (Windows 10) | Microsoft Learn)

Try different username variants and check if the sub status changes.

On the work pc run "net user" or "echo %username%" in a command line (cmd.exe) and use the name that is displayed there for logon.

Net user has none of the users I normally use to logon, strange?:

 

-------------------------------------------------------------------------------
Administrator            DefaultAccount           defaultuser0
Gast                     WDAGUtilityAccount

 

Echo name does nothing it just says whatever I entered again on the next line.

[RiffTheRaff]

try "Administrator" or "defaultuser0"