NULL SID Security Log Event ID 4625 when attempting logon to 2008 R2 Remote Desktop Session Host

This is a new deployment of Server 2008 R2 in a newly created 08 R2 active directory on a newlyt installed 08 R2 RDSH server.
A new generic user is created in AD. That user can log on to the terminal server on the console just fine. But that user cannot logon via RDP. Furthermore, the domain admin credentials also cannot logon via RDP.
When either set of credentials is used, the logon attempt registered in the Windows Security Even Log as a denied attempt with Event ID 4625 reporting a NULL SID.
Troubleshooting: The RDSH has already been disjoined and rejoined to the domain. Also, curious note, there are three ways to save the user account on the RDSH server as a valid user account which has permissions to logon. The one Microsoft recommends is to open computer management and edit the remote desktop users group. When I the accounts here and click apply, they immediately dissapear. Secondly, I can open the computer properties and go to the remote tab. There I find the user accounts added using the previous method are enumerated but not displaying correctly. They show up with the RDSH server name and a question mark. The last way, is to open the Remote Desktop Session Configuration tool and edit the properties of the rdp connection and go to the security tab. This was the only place I could get a user to ‘stick’ but the logon attempts still show a NULL SID and access is denied.
I have scoured every bit of RDS documenation I can find with no luck.
Thanks,
Chris

I am also experiencing this issue.
2008 servers, 2007 exchange on server 2008.
These are fresh servers, fresh AD. Users can log onto domain normally, RDP not working for admin accounts, generating same errors as posted above.
The bigger issue, is that we have a cisco messaging service account that is generating this error on the DC's and the Exchange server as well. The service basically emails users voicemails to their inbox. The user we've created for the cisco service is unable
to authenticate to the exchange server, in turn generating the same errors posted above as well. We can log on to the domain with this account just fine.
Any ideas on this? We have not tried re-adding the servers to the domain.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/5/2010 9:01:13 AM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: xx.corp
Description:
An account failed to log on.
Subject:
Security ID: NULL SID
   Account Name: -
   Account Domain: -
   Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
   Security ID: NULL SID
   Account Name:
xxxx
   Account Domain:
xxxx
Failure Information:
   Failure Reason: Domain sid inconsistent.
   Status: 0xc000006d
   Sub Status: 0xc000019b
Process Information:
   Caller Process ID: 0x0
   Caller Process Name: -
Network Information:
   Workstation Name: laptop
   Source Network Address: -
   Source Port: -
Detailed Authentication Information:
   Logon Process: NtLmSsp
   Authentication Package: NTLM
   Transited Services: -
   Package Name (NTLM only): -
   Key Length: 0

Similar Messages

Onscreen Keyboard appears when shadowing session on 2012R2 Remote Desktop Session Host

As the title suggests, whenever I shadow a session on our 2012R2 RDSH server, the onscreen keyboard appears. The taskbar also unlocks.
Both of these behaviours mean that the user can tell when their session is being shadowed, which I don't always want to be the case - sometimes I want to be able to monitor the session without their knowledge.
Anyone know how I can stop this from happening?

Hi,
Thank you for posting in Windows Server Forum.
Yeah, we can use the following command where we can take user shadow session without giving him any notification, and no need to approve by the user.
mstsc.exe /shadow:ID /v:ServerName /control /noConsentPrompt
But for this, we need to set the following group policy:
[Computer Configuration | User Configuration]
\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Set rules for remote control of Remote Desktop Services user sessions: Enable
Select the option: Full Control without User’s permission
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support

Remote Desktop Session Authentication logs in Active Directory

Hi
I would like to know when a Remote Desktop session happens between two workstations in a AD domain, Is there an event logged in the AD servers and if so what is the event code and Category.
Many Thanks,

There is an event which is generated on source computers who initiating the remote desktop. If they are above Vista operating system look for 4648 event id in event viewer. You can track kerberos related events on domain controllers. Because
kerberos is responsible for authenticating in your environment, I am not really sure if explicit credentials are logged in event viewer.
Mahdi Tehrani Loves Powershell
Please kindly click on Propose As Answer or to mark this post as
and helpfull to other poeple.

Adobe Acrobat Reader Starts when opening a Remote Desktop Session

I recently upgraded to Acrobat Reader 8. Now I have a problem that Acrobat Reader loads when I open a Remote Desktop session. Has anyone else experienced this? Does anyone know what I should look at to get it to stop loading? Thank you.

After a third uninstall and re-install I've managed to crack it.
Thanks anyhow everyone.

Security Log Event ID 4624 Auditing - Few Questions

I am working on a PowerShell script that collects Event ID's 4624 with LogonType 10 (Logon) and Event ID's 4647 (Logoff). This is basically keeping an audit trail of logon's and logoff's of users on our terminal services environment.
This is working as expected, however, I am seeing two things that I have remaining questions on:
For the Logon Event ID 4624...for a few users, I am seeing two Logon Event's created. They are exactly the same, except one has a LogonGuid of all 0's : {00000000-0000-0000-0000-000000000000}.
Why would there be two Logon events created where one of them has a LogonGuid of all 0's? For the correlating Logoff event, it is tied to the Logon Event with the all 0's LogonGuid. I would expect the logoff event to
be ties to the LogonGuid that isn't all 0's.
If a user disconnects (not logoff), and when they logon again, another logon event is created. Is there anyway to decipher from a completely new logon event and from a logon event to resume a disconnected session?

Hi mabrito,
I assume you meeting the following scenario event.
When a user logon, two events get logged with event id 4624. the only difference between them is followings:-
Logon GUID:
{00000000-0000-0000-0000-000000000000}
Logon GUID:
{user GUID }
Logon GUID: {00000000-0000-0000-0000-000000000000} is for anything other than Kerberos, Logon GUID is a unique identifier that can be used to correlate this event with a KDC
event.
You can refer the following article:
Deciphering Account Logon Events
http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447934.aspx
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Windows 8 crashes when trying to connect to a Remote Desktop or a VPN

Hello,
When trying to perform a connection to a remote desktop or a VPN the application crashes (either MSTSC.exe or Explorer.exe). I've noticed this happens when credentials are about to be asked (same happens when trying to access a restricted folder on a network
machine).
Useful PC specs:
- i7 3770k, 16GB Ram, GTX460 (2x-SLI) (Intel HD 4000 on board)
> All latest drivers and Windows updates installed.
> Ran Memory Diagnostic. No errors.
Event Log:
Faulting application name: mstsc.exe, version: 6.2.9200.16384, time stamp: 0x50108ae1
Faulting module name: DUI70.dll, version: 6.2.9200.16384, time stamp: 0x50108e6a
Exception code: 0xc0000005
Fault offset: 0x00000000000027ee
Faulting process ID: 0x994
Faulting application start time: 0x01cdf16f9b46e882
Faulting application path: C:\WINDOWS\system32\mstsc.exe
Faulting module path: C:\WINDOWS\system32\DUI70.dll
Report ID: dadcc27c-5d62-11e2-bf13-bc5ff4390e7a
Faulting package full name:
Faulting package-relative application ID:
WinDbg: (RDP Crash dump with procdump)
Loading unloaded module list
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(994.1118): Access violation - code c0000005 (first/second chance not available)
dui70!DirectUI::Element::_SetValue+0xe:
000007fe`c5be27ee 488b01 mov rax,qword ptr [rcx] ds:00000000`00000000=????????????????
0:000> .ecxr
rax=000007fec5cbbd80 rbx=000000989f3afa28 rcx=0000000000000000
rdx=000007fec5cbbd80 rsi=00000000fffffffd rdi=00000098a3e805b0
rip=000007fec5be27ee rsp=000000989f23a8b0 rbp=0000000000000000
r8=0000000000000001 r9=000000989f3afa28 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=00000098a1d29401
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010200
dui70!DirectUI::Element::_SetValue+0xe:
000007fe`c5be27ee 488b01 mov rax,qword ptr [rcx] ds:00000000`00000000=????????????????
0:000> !analyze -v
* Exception Analysis *
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/mstsc_exe/6_2_9200_16384/50108ae1/dui70_dll/6_2_9200_16384/50108e6a/c0000005/000027ee.htm?Retriage=1
FAULTING_IP:
dui70!DirectUI::Element::_SetValue+e
000007fe`c5be27ee 488b01 mov rax,qword ptr [rcx]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fec5be27ee (dui70!DirectUI::Element::_SetValue+0x000000000000000e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000000
Attempt to read from address 0000000000000000
DEFAULT_BUCKET_ID: NULL_POINTER_READ
PROCESS_NAME: mstsc.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
READ_ADDRESS: 0000000000000000
FOLLOWUP_IP:
dui70!DirectUI::Element::_SetValue+e
000007fe`c5be27ee 488b01 mov rax,qword ptr [rcx]
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
FAULTING_THREAD: 0000000000001118
PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ
BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ
LAST_CONTROL_TRANSFER: from 000007fec5be7db8 to 000007fec5be27ee
STACK_TEXT:
00000098`9f23a8b0 000007fe`c5be7db8 : 00000098`9f23a950 00000098`00000004 00000098`9f23a954 00000098`9f3afa28 : dui70!DirectUI::Element::_SetValue+0xe
00000098`9f23a930 000007fe`b5378a73 : 00000098`a3f11208 00000098`9f23aa70 000007fe`b5418c58 000007fe`c4dc20f5 : dui70!DirectUI::Element::SetLayoutPos+0x98
00000098`9f23a970 000007fe`b53a5f7e : 00000098`a3f154d0 000007fe`b533bd54 00000098`a3ea80e0 00000000`00000000 : authui!UserList::_OnEnumerationSyncReply+0x689
00000098`9f23af80 000007fe`b5332670 : 00000098`a3f111f0 000007fe`b53212d1 00000098`a3f153a0 00000000`00000001 : authui!CCredDialog::UIJobEvent+0x15e
00000098`9f23afc0 000007fe`b533cf1b : 00000000`00000000 00000000`00000000 00000000`00000000 000007fe`cae3545f : authui!CEnumerationSyncReplyJob::DeferredExecute+0x20
00000098`9f23b000 000007fe`b533cfbc : 00000098`a3f111f0 00000000`00000001 00000000`00000000 00000098`0000029e : authui!CDeferredUIThreadJob::Do+0x37
00000098`9f23b030 000007fe`b53a7f42 : 00000098`a1d29350 00000000`000e0602 00000000`00000002 00000000`000e0602 : authui!CCredentialJobQueue::_ProcessJobs+0x69
00000098`9f23b070 000007fe`b53a7e76 : 00000000`00000000 00000000`00000000 00000000`00008003 00000000`00000000 : authui!CCredDialog::DialogProc+0xa2
00000098`9f23b0d0 000007fe`c86ab3b9 : 00000000`00000001 00000098`9f23b241 00000000`00008003 00000000`00000000 : authui!CCredDialog::s_DialogProc+0x66
00000098`9f23b100 000007fe`c86ab108 : 00000098`9f9522d0 00000000`00000000 00000000`00008003 00000000`00000000 : user32!UserCallDlgProcCheckWow+0x135
00000098`9f23b1d0 000007fe`c86ab02e : 00000000`00000000 00000000`000e0602 00000000`00008003 000007fe`c4dc120b : user32!DefDlgProcWorker+0xb8
00000098`9f23b2a0 000007fe`c869171e : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : user32!DefDlgProcW+0x56
00000098`9f23b2e0 000007fe`c86914d7 : 00000098`9f9522d0 00000098`9f23b4e0 000007f7`f30de800 000007fe`cae31b95 : user32!UserCallWinProcCheckWow+0x13a
00000098`9f23b3a0 000007fe`c86be067 : 00000098`9f9522d0 00000098`9f9522d0 00000098`9f9522d0 00000000`00000001 : user32!DispatchMessageWorker+0x1a7
00000098`9f23b420 000007fe`c86bc641 : 00000098`9f9522d0 00000098`9f9522d0 00000000`00000000 00000000`0000c000 : user32!IsDialogMessageW+0x242
00000098`9f23b4b0 000007fe`c86bb8a3 : 00000000`00000000 00000000`000909fc 000007fe`b53a7e10 00000098`9f3a6cd0 : user32!DialogBox2+0xfc
00000098`9f23b540 000007fe`c86bb936 : 000007fe`b5320000 00000000`000909fc 000007fe`b53a7e10 000007fe`b53a7df8 : user32!InternalDialogBox+0x113
00000098`9f23b5a0 000007fe`c86bbc1b : 00000000`00000000 000007fe`b5320000 00000098`9f3a6cd0 00000098`9f3a6cd0 : user32!DialogBoxIndirectParamAorW+0x56
00000098`9f23b5e0 000007fe`b53a7c91 : 00000000`00000000 00000000`00000000 00000098`9f3a6cd0 00000098`9f3a6cd0 : user32!DialogBoxIndirectParamW+0x1b
00000098`9f23b620 000007fe`b539d0d0 : 00000098`a1d29350 00000000`00000000 00000098`9f3ec310 000007fe`b7d77987 : authui!CCredDialog::Dialog+0x151
00000098`9f23b670 000007fe`b7d6d268 : 10458c33`00000029 00000098`9f23b800 00000098`9f3ebac0 000007fe`b7d6d370 : authui!CCredUI::CredUIPromptForWindowsCredentialsW+0x1dc
00000098`9f23b700 000007fe`b7d6d503 : 00000098`00000003 00000000`00000000 00000098`9f23ba10 00000098`9f3ebac0 : credui!CredUIPromptForWindowsCredentialsWorker+0x310
00000098`9f23b850 000007fe`ac10c4fd : 00000098`9f3ebac0 00000098`9f23baa0 00000098`9f23ba10 00000098`9f23ba28 : credui!CredUIPromptForWindowsCredentialsW+0x17b
00000098`9f23b8f0 000007fe`ac0a0a85 : 00000000`00000000 00000098`00000000 00000000`00000000 00000000`00000000 : mstscax!CTscCredentialsQueryUi::PromptForCredentialsNew+0x159
00000098`9f23b9c0 000007fe`ac09e8e8 : 00000098`9f362f38 00000000`00000000 00000000`00000000 00000098`a0fed860 : mstscax!CTscCredsAssistant::PromptForTsCredentials+0x4e5
00000098`9f23d050 000007fe`ac0a13f7 : 00000098`9f351050 00000000`00000000 00000000`00000000 00000098`a0f24d50 : mstscax!CTscCredsAssistant::AcquireTsCredentials+0x8f4
00000098`9f23d770 000007fe`ac0716fb : 00000098`a0f24d50 00000098`a0f24d50 00000000`00000000 00000000`00000000 : mstscax!CTscCredsAssistant::OnSecurityLayerNegotiationComplete+0x1af
00000098`9f23e000 000007fe`ac179428 : 00000098`00000002 00000098`a0f5fee0 00000098`a0f5fee0 00000000`00000001 : mstscax!CUI::OnSecurityLayerNegotiationComplete+0x11f
00000098`9f23e060 000007fe`ac179594 : 00000098`a0f1c540 00000000`00000000 00000000`00000000 00000000`00000000 : mstscax!CTSThread::RunQueueEvent+0x104
00000098`9f23e0b0 000007fe`ac17baf2 : 00000098`a0f1c540 000007fe`c8691742 00000098`a0f1bf30 00000000`00000000 : mstscax!CTSThread::RunAllQueueEvents+0xcc
00000098`9f23e110 000007fe`ac17bb28 : 00000098`a0f1bf30 00000000`00000000 00000000`00000000 00000000`00000000 : mstscax!CTSThread::OnNotifyThreadEventQueue+0xa6
00000098`9f23e150 000007fe`abefb451 : 00000000`00000000 00000000`00000000 000061f5`6df98991 ffffffff`ffffffff : mstscax!CTSThread::OnNotifyThreadMessage+0x20
00000098`9f23e180 000007fe`c869171e : 000007fe`c8691742 00000000`00000000 00000000`00035090 00000098`9f919f70 : mstscax!PAL_System_Win32_ThreadWndProc+0x19
00000098`9f23e1b0 000007fe`c86914d7 : 00000098`9f94fb70 00000098`9f23e320 000007f7`f30de800 000007fe`abefb438 : user32!UserCallWinProcCheckWow+0x13a
00000098`9f23e270 000007fe`c86bc6c4 : 00000098`9f950eb0 00000098`9f950eb0 00000000`00000001 00000000`0000c000 : user32!DispatchMessageWorker+0x1a7
00000098`9f23e2f0 000007fe`c86bb8a3 : 00000000`00000000 00000000`000909fc 000007f7`f331d518 000007fe`c81931b2 : user32!DialogBox2+0x219
00000098`9f23e380 000007fe`c86bb936 : 000007f7`f32c0000 00000000`000909fc 000007f7`f331d518 00000000`000909fc : user32!InternalDialogBox+0x113
00000098`9f23e3e0 000007fe`c86bbbe9 : 000007f7`f32c0000 00000098`9f23e4e0 00000000`000909fc 00000000`00000000 : user32!DialogBoxIndirectParamAorW+0x56
00000098`9f23e420 000007f7`f331d788 : 00000000`000909fc 00000098`9f23e570 00000098`9f23e4e0 ffffffff`ffffffff : user32!DialogBoxParamW+0x69
00000098`9f23e460 000007f7`f331ce9e : 00000098`a0efedc0 000007f7`f32c7ab0 000007f7`f333b420 00000000`00000000 : mstsc!CDlgBase::CreateModalDialog+0x168
00000098`9f23e500 000007f7`f32e2604 : 00000098`a0efedc0 00000098`9f23ead0 000007f7`f32c7ab0 00000000`00000000 : mstsc!CDlgBase::DoModal+0x12
00000098`9f23e540 000007f7`f32dbd6b : 00000098`9f4ec3e0 00000098`9f4ec3e0 000007f7`f32c7ab0 000007f7`f333b420 : mstsc!CDefaultContWndExt::OnConnectionIssued+0xec
00000098`9f23e9d0 000007f7`f3302bd9 : 000007f7`f32cbb00 000007f7`f32cbb00 00000000`00000000 00000098`a0f1f350 : mstsc!CContainerWnd::StartConnection+0x4d7
00000098`9f23ee70 000007f7`f3301feb : 00000000`000909fc 00000000`00000111 00000000`000c09be 00000000`00000001 : mstsc!CMainDlg::DialogBoxProc+0xbb9
00000098`9f23f1b0 000007fe`c86ab3b9 : 00000000`00000001 00000098`9f23f331 00000000`00000111 00000000`00000000 : mstsc!CMainDlg::StaticDialogBoxProc+0x63
00000098`9f23f1f0 000007fe`c86ab108 : 00000098`9f919f70 00000000`00000000 00000000`00000111 00000000`00000001 : user32!UserCallDlgProcCheckWow+0x135
00000098`9f23f2c0 000007fe`c86ab02e : 00000000`000c09be 00000098`9f23f500 00000000`00000111 000007fe`cae31b95 : user32!DefDlgProcWorker+0xb8
00000098`9f23f390 000007fe`c869171e : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`c8be1535 : user32!DefDlgProcW+0x56
00000098`9f23f3d0 000007fe`c86d22f9 : 00000000`000c09be 00000000`00000111 00000000`80000000 00000000`00000000 : user32!UserCallWinProcCheckWow+0x13a
00000098`9f23f490 000007fe`c869487a : 00000000`00000000 00000000`00000000 00000000`00000001 00000098`9f919f70 : user32!SendMessageWorker+0xa72
00000098`9f23f540 000007fe`c86bbdd3 : 00000000`00090a12 00000098`9f919f70 00000000`000909fc 00000000`000909fc : user32!SendMessageW+0x10a
00000098`9f23f5a0 000007f7`f3312409 : 00000098`a0ef0080 00000098`a0ef0080 00000000`00000000 00000000`03260475 : user32!IsDialogMessageW+0x40b
00000098`9f23f630 000007f7`f3312a07 : 000007f7`f32c0000 00000098`9f312374 000007f7`f333b420 000007f7`00000000 : mstsc!TSCMain+0x695
00000098`9f23f6e0 000007f7`f33319c9 : 00000098`9f313100 00000000`00000000 00000000`00000000 00000000`00000000 : mstsc!WinMain+0x42f
00000098`9f23f750 000007fe`c8fe167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : mstsc!ATL::AtlWinModuleTerm+0x375
00000098`9f23f810 000007fe`cae53501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x1a
00000098`9f23f840 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
STACK_COMMAND: ~0s; .ecxr ; kb
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: dui70!DirectUI::Element::_SetValue+e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dui70
IMAGE_NAME: dui70.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 50108e6a
FAILURE_BUCKET_ID: NULL_POINTER_READ_c0000005_dui70.dll!DirectUI::Element::_SetValue
BUCKET_ID: X64_APPLICATION_FAULT_NULL_POINTER_READ_dui70!DirectUI::Element::_SetValue+e
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/mstsc_exe/6_2_9200_16384/50108ae1/dui70_dll/6_2_9200_16384/50108e6a/c0000005/000027ee.htm?Retriage=1
Followup: MachineOwner
Any ideas what could be the problem and how to resolve this?

Further proof it's something with credentials/authentication. I found a valid workaround, but I think this one's on Microsoft to actually fix.
I opened up Remote Desktop Connection, put in my username and clicked the Save Credentials box. Then I edited all the other settings. Saved the RDP connection to my desktop. Then I edited it with notepad, and added the password value. I found a blog that
provides a program that'll hash the password for you. I used it so I can say its safe:
http://www.remkoweijnen.nl/blog/2007/10/18/how-rdp-passwords-are-encrypted/
I put the hashed password in, saved the file. Then used it to connect and it worked. So by bypassing RDP having to ask for credentials, it didn't crash since it doesn't ask. Kind of inconvenient if you have many computers you have to connect in to. But for
those in a bind this will work for you.
This one worked for me, no update or installation of software before it broke, but had a "wife-poweroutage" (cable taken out) I'm just not in the mood to reinstall for this. But the above fixed it for me. Thank you!

Event ID: 1280 Server 2012 RDS - web app fail on second session host

Hello there
Topography
SBS 2011 (domain controller)
Two VM’s:
VM1 – All RDS rolls: RD Gateway , Connection broker, Licensing and RD access installed and acting as a session host with an active collection for RD web apps. A CA trusted certificate is installed.
VM2 – Session host with a second collection for RD web apps
Problem
I have a single app installed on both session hosts (the apps require their own servers). Both appear on the RDWeb site available for use. I can run the app hosted on VM1 no problem, but when I try to open the second app hosted on VM2 I get
two issues:
An error is returned
“Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address and the certificate subject name do not match. Contact your network administrator for assistance".
When viewing the certificate, it actually shows the CA cert installed on the
SBS server for RWW, not the cert on VM1. This has me puzzled
Secondly on VM 2, I get
Event ID: 1280 Warning Microsoft Windows TerminalServcies-session broker client
Remote Desktop Services failed to join the Connection Broker on server sever-vm1.local.
Error: Current async message was dropped by async dispatcher, because there is a new message which will override the current one.
When I run the app internally it seems to load but then disappears.
Some further config info if it is relevant:
I have port 4043 (443 used) as the only port directed to the gateway
Am I missing something simple? DNS? Port forwarding issue on the router? Its my first deployment of this nature with RDS 2012
Regards
MIS5000

Hi,
Thank you for posting in Windows Server Forum.
Firstly please check the RDP version you are using. I suggest you to update to RDP 8.1 for better feature and functionality. Now other thing verify that you have the RD Gateway certificate name matches the external FQDN of the RD Gateway Server. Also please
check that certificate is added under local computer\personal store and must be signed by trusted root authority.
Please check below article for more detail.
TS Gateway Certificates Part III: Connection Time Issues related to TS Gateway Certificates
http://blogs.msdn.com/b/rds/archive/2008/12/18/ts-gateway-certificates-part-iii-connection-time-issues-related-to-ts-gateway-certificates.aspx
In regards to resolve other issue (Event ID 1280), identify and fix any connectivity problems between the RD Session Host server and the RD Connection Broker by doing the following:
• Check network connectivity to the RD Connection Broker.
• Start the Remote Desktop Connection Broker service.
• Add the RD Session Host server to the Session Broker Computers group.
More information.
Event ID 1280 — RD Connection Broker Communication
http://technet.microsoft.com/en-us/library/ee890889(v=ws.10).aspx
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support

When accessing a windows program thru remote desktop will it have functionality

When accessing a remote desktop on a mac to use a windows program is this functional and will it slow the mac down or create other vulnerabilities or will it run smoothly?

It will be as smooth as your connection is fast, and it won't affect the Mac adversely

ITunes 7.7.1 CRASH when connecting to computer with Windows Remote Desktop

I upgraded to 7.7.1.11 and now when I connect to my computer with Remote Desktop iTunes crashes. Is this a known problem? If so, where can I download a previous version of iTunes that doesn't have this bug?
Contents of Error:
iTunes has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft about this problem. We have created an error report that you can send us. We will treat this report as confidential and anonymous. To see what data this error report contains, click here.
Error signature
appname: itunes.exe appver: 7.7.1.11 modname: quicktime.qts modver: 7.50.61.0 Offset: 00188860
Exception Information
Code: 0xc0000005 Flags: 0x0000000
Record: 0x0000000000000
address 0x000000000066988860
System Information
Windows NT 5.1 Build 2600
CPU Vendor Code: 68747541 - 69746e65 - 444d4163
CPU version: 00000681 CPU Feature Code: 0383fbff
CPU AMD Feature code: c1cbfbff
Erin: Module 1
itunes.exe
Image Base: 0x00400000 Image Sice: 0x00000000
Checksum: 0x0135124f Time Stamp: 0x4890a5ee

are you still at iTunes 7.1.0.59? to check, go "help > about iTunes", and wait for the version number to scroll up from the bottom of the screen.
if you've got a 7.1.0.59, try upgrading to 7.1.1.5:
iTunes 7.1.1.5 installer
do you still get the crash when playing music with that in place?

Java Errors when using my Java App via Remote Desktop

I have a Java App that runs fine if I invoke it and run it on a windows xp machine "x".
If I remote desktop connect to machine "x" from another windows machine "y"
I get the errors and the Java App is not displayed correctly. It becomes unusable.
While remotely connected if I terminate the Java App and restart it the App
will run just fine and not generate any errors.
Specifically the steps are:
Open a cygwin shell.
invoke the app...java -jar xxx.jar
use the app on the machine, works fine without any exceptions.
Leave the app running and go home...eat dinner...then
VPN into the office
Startup Windows Remote Desktop to the pc running the app.
Start to use the app. Now the exception occur as I click on buttons/enter data into fields.
Then I terminate the App.
Then I restart the app... java -jar xxx.jar
It works fine without exceptions.
This app was developed using NetBeans 6.5
The errors are:
in thread "AWT-EventQueue-0" java.lang.NullPointerException
at com.sun.java.swing.plaf.windows.XPStyle$Skin.getWidth(Unknown Source)
at com.sun.java.swing.plaf.windows.XPStyle$Skin.getWidth(Unknown Source)
at com.sun.java.swing.plaf.windows.WindowsIconFactory$CheckBoxIcon.getIc
onWidth(Unknown Source)
at javax.swing.SwingUtilities.layoutCompoundLabelImpl(Unknown Source)
at javax.swing.SwingUtilities.layoutCompoundLabel(Unknown Source)
at javax.swing.plaf.basic.BasicRadioButtonUI.getPreferredSize(Unknown So
urce)
at com.sun.java.swing.plaf.windows.WindowsRadioButtonUI.getPreferredSize
(Unknown Source)
at javax.swing.plaf.basic.BasicButtonUI.getMinimumSize(Unknown Source)
at javax.swing.JComponent.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout$ComponentSpring.calculateNonlinkedMinimumSize
(Unknown Source)
at javax.swing.GroupLayout$ComponentSpring.calculateMinimumSize(Unknown
Source)
at javax.swing.GroupLayout$Spring.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout$ComponentSpring.calculatePreferredSize(Unknow
n Source)
at javax.swing.GroupLayout$Spring.getPreferredSize(Unknown Source)
at javax.swing.GroupLayout$Group.getSpringSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculatePreferredSize(Unknown Source)
at javax.swing.GroupLayout$Spring.getPreferredSize(Unknown Source)
at javax.swing.GroupLayout$ParallelGroup.calculateMinimumSize(Unknown So
urce)
at javax.swing.GroupLayout$Spring.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout$Group.getSpringSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateMinimumSize(Unknown Source)
at javax.swing.GroupLayout$Spring.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout$Group.getSpringSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateMinimumSize(Unknown Source)
at javax.swing.GroupLayout$ParallelGroup.calculateMinimumSize(Unknown So
urce)
at javax.swing.GroupLayout$Spring.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout$Group.getSpringSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateMinimumSize(Unknown Source)
at javax.swing.GroupLayout$ParallelGroup.calculateMinimumSize(Unknown So
urce)
at javax.swing.GroupLayout$Spring.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout$Group.getSpringSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateMinimumSize(Unknown Source)
at javax.swing.GroupLayout$Spring.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout$Group.getSpringSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateMinimumSize(Unknown Source)
at javax.swing.GroupLayout$ParallelGroup.calculateMinimumSize(Unknown So
urce)
at javax.swing.GroupLayout$Spring.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout$Group.getSpringSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateMinimumSize(Unknown Source)
at javax.swing.GroupLayout$Spring.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout.calculateAutopadding(Unknown Source)
at javax.swing.GroupLayout.prepare(Unknown Source)
at javax.swing.GroupLayout.minimumLayoutSize(Unknown Source)
at java.awt.Container.minimumSize(Unknown Source)
at java.awt.Container.getMinimumSize(Unknown Source)
at javax.swing.JComponent.getMinimumSize(Unknown Source)
at javax.swing.plaf.basic.BasicTabbedPaneUI$TabbedPaneLayout.calculateSi
ze(Unknown Source)
at javax.swing.plaf.basic.BasicTabbedPaneUI$TabbedPaneLayout.minimumLayo
utSize(Unknown Source)
at java.awt.Container.minimumSize(Unknown Source)
at java.awt.Container.getMinimumSize(Unknown Source)
at javax.swing.JComponent.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout$ComponentSpring.calculateNonlinkedMinimumSize
(Unknown Source)
at javax.swing.GroupLayout$ComponentSpring.calculateMinimumSize(Unknown
Source)
at javax.swing.GroupLayout$Spring.getMinimumSize(Unknown Source)
at javax.swing.GroupLayout$ComponentSpring.calculatePreferredSize(Unknow
n Source)
at javax.swing.GroupLayout$Spring.getPreferredSize(Unknown Source)
at javax.swing.GroupLayout$Group.getSpringSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculatePreferredSize(Unknown Source)
at javax.swing.GroupLayout$Spring.getPreferredSize(Unknown Source)
at javax.swing.GroupLayout$Group.getSpringSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculatePreferredSize(Unknown Source)
at javax.swing.GroupLayout$Spring.getPreferredSize(Unknown Source)
at javax.swing.GroupLayout$Group.getSpringSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculateSize(Unknown Source)
at javax.swing.GroupLayout$Group.calculatePreferredSize(Unknown Source)
at javax.swing.GroupLayout$Spring.getPreferredSize(Unknown Source)
at javax.swing.GroupLayout$SequentialGroup.setValidSize(Unknown Source)
at javax.swing.GroupLayout$Group.setSize(Unknown Source)
at javax.swing.GroupLayout.calculateAutopadding(Unknown Source)
at javax.swing.GroupLayout.layoutContainer(Unknown Source)
at java.awt.Container.layout(Unknown Source)
at java.awt.Container.doLayout(Unknown Source)
at java.awt.Container.validateTree(Unknown Source)
at java.awt.Container.validateTree(Unknown Source)
at java.awt.Container.validate(Unknown Source)

Crossposted
[http://forums.sun.com/thread.jspa?threadID=5421349&messageID=10892967#10892967]

Remote Desktop Management service not starting. service-specific error: %%2284126209 - Event ID: 7024

Hi Forum members,
We have a client that has intermittent issues with RDS on a 2012 R2 server.
As an overview of the environment, the client has a single VMWare host support 2 x Windows 2012 R2 VMs one is the File/Print/Email server and the 2nd is the RDS server used to allow the client to run MYOB Enterprise. Both servers have the AD DS role and
DNS roles amongst others.
The 1st issue is that the RD Connection Broker shows the error: "The server pool does not match the RD Connection Brokers that are in it. and then "1. Cannot connect to any of the specified RD Connection Broker servers".
The above issue seems to be caused by the RDMS service not starting. When you attempt to start it, the service stops and the error in the title is logged in the "System" event log. Full transcript below:
Log Name:      System
Source:        Service Control Manager
Date:          21/01/2015 4:50:32 PM
Event ID:      7024
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      intentionally removed.local
Description:
The Remote Desktop Management service terminated with the following service-specific error: %%2284126209
Event Xml:
<Event xmlns="
<System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7024</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-21T05:50:32.129949400Z" />
    <EventRecordID>53721</EventRecordID>
    <Correlation />
    <Execution ProcessID="568" ThreadID="12436" />
    <Channel>System</Channel>
    <Computer> intentionally removed.local</Computer>
    <Security />
</System>
<EventData>
    <Data Name="param1">Remote Desktop Management</Data>
    <Data Name="param2">%%2284126209</Data>
    <Binary>520044004D0053000000</Binary>
</EventData>
</Event>
In addition in the "Application" event log, the following error is logged:
Log Name:      Application
Source:        MSSQL$MICROSOFT##WID
Date:          21/01/2015 5:24:47 PM
Event ID:      18456
Task Category: Logon
Level:         Information
Keywords:      Classic,Audit Failure
User:          NETWORK SERVICE
Computer:      intentionally removed.local
Description:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Could not find a login matching the name provided. [CLIENT: <named pipe>]
Event Xml:
<Event xmlns="
<System>
    <Provider Name="MSSQL$MICROSOFT##WID" />
    <EventID Qualifiers="49152">18456</EventID>
    <Level>0</Level>
    <Task>4</Task>
    <Keywords>0x90000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-21T06:24:47.000000000Z" />
    <EventRecordID>4228336</EventRecordID>
    <Channel>Application</Channel>
    <Computer>intentionally removed.local</Computer>
    <Security UserID="S-1-5-20" />
</System>
<EventData>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data> Reason: Could not find a login matching the name provided.</Data>
    <Data> [CLIENT: <named pipe>]</Data>
    <Binary>184800000E0000001F00000055004E0047004500520045005200410055005300530056005200300033005C004D004900430052004F0053004F0046005400230023005700490044000000070000006D00610073007400650072000000</Binary>
</EventData>
</Event>
I have been attempting to resolve these errors for some time, without success. I have read the many KBs and forum entries related to the above and applied a number of the suggested fixes, including the one which suggests to add the NT SERVICE\ALL SERVICES
to the "Logon as a Service" in the "User Rights Assignment" of the "Default Domain Policy" which is linked to the domain level, that both servers are objects of.
My question to the forum is, can anyone come up with a solution to resolve the above issues and all the RDMS service to start which will then hopefully resolve the broker error?
Regards,
David West.

Hi David,
If virtual machines on the server are Windows Server 2012, then it is not supported to install Remote Desktop Connection Broker on a Domain Controller.
More information for you:
Remote Desktop Services role cannot co-exist with AD DS role on Windows Server 2012
http://support.microsoft.com/kb/2799605/de
Guidelines for installing the Remote Desktop Session Host role service on a computer running Windows Server 2012 without the Remote Desktop Connection Broker role service
http://support.microsoft.com/kb/2833839
If the VMs are Windows Server 2012 R2, I suggest you install RDS on a separate machine to see if the issue persists.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

"remote desktop connection has stopped working" When printing from remote desktop connection

I have been having a issue when using a windows 7 machine. I have Remote Desktop to a session on Windows2008 R2, I am using the local printer resources to redirect the printing. However everytime i try to print it crashes the remote desktop application.
Gives me "remote desktop connection has stopped working." I have 4 other computers connected and printing with no issues what so ever. This only happens when i print. It does print by the way just the application crashes.
-I have also updated the printer drivers to newest possible thru the manufactorer website. The printer is a Brother MFC-8890DW. Windows 2008 R2 is up to date for the RDS server. 3 other machines are able to Remote in and print. The user is able to print using
diffrent machines just not the Windows 7 machine.

Hi,
Happy to hear that you resolved your issue. For another issue which you are facing here trying to provide some suggestion.
As you have commented that you are facing issue with second screen resolution on wide screen. The setting which I am suggesting can only applies when you are using multi-monitor Remote Desktop connections. If you are making Connections using a single
monitor do not use this setting.
So for this you can try to apply “Limit maximum display resolution” setting in group policy, where you can mention the width & height for the screen to display. The setting can be applied on below mentioned
path.
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Meanwhile sharing article with you for more information.
Remote Session Environment
http://technet.microsoft.com/en-us/library/ee791847(v=ws.10).aspx
Hope it helps!
Thanks.

Windows 2008 member server, repeating event 4625 in the security log

Hello,
   I'm having an issue with a member server on our 2008 domain, security log is filling up with event 4625, here are the details:
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/23/2014 2:04:42 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      my.member.server
Description:
An account failed to log on.
Subject:
Security ID:  NULL SID
Account Name:  -
Account Domain:  -
Logon ID:  0x0
Logon Type:   3
Account For Which Logon Failed:
Security ID:  NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason:  Unknown user name or bad password.
Status:   0xc000006d
Sub Status:  0xc000006a
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: -
Source Network Address: 10.0.0.115
Source Port:  51366
Detailed Authentication Information:
Logon Process:  Kerberos
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length:  0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>4625</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2014-04-23T18:04:42.197Z" />
    <EventRecordID>99893119</EventRecordID>
    <Correlation />
    <Execution ProcessID="744" ThreadID="844" />
    <Channel>Security</Channel>
    <Computer>KLINEWEB.kline.local</Computer>
    <Security />
</System>
<EventData>
    <Data Name="SubjectUserSid">S-1-0-0</Data>
    <Data Name="SubjectUserName">-</Data>
    <Data Name="SubjectDomainName">-</Data>
    <Data Name="SubjectLogonId">0x0</Data>
    <Data Name="TargetUserSid">S-1-0-0</Data>
    <Data Name="TargetUserName">
    </Data>
    <Data Name="TargetDomainName">
    </Data>
    <Data Name="Status">0xc000006d</Data>
    <Data Name="FailureReason">%%2313</Data>
    <Data Name="SubStatus">0xc000006a</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">Kerberos</Data>
    <Data Name="AuthenticationPackageName">Kerberos</Data>
    <Data Name="WorkstationName">-</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">-</Data>
    <Data Name="KeyLength">0</Data>
    <Data Name="ProcessId">0x0</Data>
    <Data Name="ProcessName">-</Data>
    <Data Name="IpAddress">10.0.0.115</Data>
    <Data Name="IpPort">51366</Data>
</EventData>
</Event>
The IP address that appears in source network address all belong to VPN clients. And it looks like its only happening with 4-5 IPs, all of which are VPN clients. These clients shouldn't be connecting to anything on this server, which is why its puzzling.
Our DC is Windows 2008 and the VPN server is another member server on the domain. I suspect the issue is at the client PCs since there are many other VPN clients connected that don't generate the event ID.
Can anyone tell what the issue might be?
Thanks.

Hi Rayminette,
There are multiple login sources that could possibly be generating the errors:
FTP logins - check your FTP log to see if login failures are showing up at the same time.
Logins via Basic Authentication over http or https (simple, but possibly dangerous, way to password-protect a web site).
ASP scripts.
This logon type 8 indicates a network logon like logon type 3 but where the password was sent over the network in the clear text. Windows server doesn’t allow connection to shared file or printers with clear text authentication. The only situation
I’m aware of are logons from within an ASP script using the ADVAPI or when a user logs on to IIS using IIS’s basic authentication mode. In both cases the logon process in the event’s description will list advapi. Basic authentication is only dangerous
if it isn’t wrapped inside an SSL session (i.e. https). As far as logons generated by an ASP, script remember that embedding passwords in source code is a bad practice for maintenance purposes as well as the risk that someone malicious will view the source
code and thereby gain the password.
Reference from:
What is the source of thousands of 4625 Logon Failure errors with Logon Type 8 (NetworkCleartext)?
I hope this helps.

Event ID 4625 Logon Failure event

I have a Windows 2012R2 file server that was upgraded from Server 2012. Initially the file server was working and users were able to access their home directories on the single shared folder. A few days ago the server stopped allowing access to the shared
folder and began giving the following event in the security log. I double-checked the local security policies "Allow logon locally" had everyone and "Deny logon locally" had no users or groups. I can login to the server as one of the user
accounts and access that user's homedirectory by mapping to the share\%username%, however, when I try to map from another computer I get the following error: logon failure the user has been granted the requested logon type I disjoined the server from the domain
then rejoined it. I also moved the computer account to the Computers container in AD and rebooted the server (just in case someone had set a group policy). I stopped sharing the shared folder then reshared it with the correct group permissions, which has full
control for share rights and modify for ntfs acls. I've tried adding a test user to the share group with full control then modify ntfs acls. I tried to run sysprep on the server, but it fails with an error that it can't be ran on a machine that has been upgraded
from a previous version of Windows. I ran cacls on the ntfs folders and the permissions are set correctly. Same is true when viewed from the gui. I am out of ideas. Can anyone please assist? ---------------------------------------------------------------------------------
Event ID 4625 on server: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: xxxxxxxx Account Domain: xxxxxxxx Failure
Information: Failure Reason: The user has not been granted the requested logon type at this machine. Status: 0xC000015B Sub Status: 0x0 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: xxxxxxxx Source
Network Address: xxxxxxxx Source Port: 50146 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is
generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields
indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate
which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Problem solved. Local security policy "access this computer from the network" lacked the user's group. Added and now it works remotely from workstations.

WRT600N Security Log

Is anyone else having this prob?
When I view my logs , my security log keeps saying incorect username-password=admin and gives my laptop pc address.
Starnge even though i can lod in with no probs with my password. I am hoping this is just a bug that will be fixed in the next patch.

It's a domain enviroment. Printers are all through a Print Server.
Below is the log of 1 such event.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2014-04-04 03:04:24 PM
Event ID: 4634
Task Category: Logoff
Level: Information
Keywords: Audit Success
User: N/A
Computer: (computer name.domain)
Description:
An account was logged off.
Subject:
Security ID:
S-1-5-21-213254720-224688177-246369
Account Name:
(username)
Account Domain:
(domain)
Logon ID:
0x197EC67
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4634</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12545</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2014-04-04T13:04:24.783747600Z" />
<EventRecordID>108300</EventRecordID>
<Correlation />
<Execution ProcessID="724" ThreadID="756" />
<Channel>Security</Channel>
<Computer>(computer name.domain)</Computer>
<Security />
</System>
<EventData>
<Data Name="TargetUserSid">S-1-5-21-213254720-224688177-246369</Data>
<Data Name="TargetUserName">(username)</Data>
<Data Name="TargetDomainName">(domain)</Data>
<Data Name="TargetLogonId">0x197ec67</Data>
<Data Name="LogonType">3</Data>
</EventData>
</Event>

NULL SID Security Log Event ID 4625 when attempting logon to 2008 R2 Remote Desktop Session Host

Similar Messages

Maybe you are looking for