Remote Desktop Login events

I am trying to capture through SCOM events when specific accounts RDP into servers. I know it is logon type 3 but the workstation name the session is initiated from is blank. Is there a specific configuration required to log this information?
Thanks
Paul
Paul Glickenhaus

IP addresses or workstations are not captured when Remote Desktop are enabled without Network level Authentication.
Run sysdm.cpl to open system properties, select Remote -> Remote Desktop -> Allow Remote Desktop -> Allow connections only from computers running Remote desktop with Network Level Authentication.
Also you can use
this c# project to log authentication events in sql server

Similar Messages

Remote Desktop Gateway - Event 304/Error "23005"

Hi,
I am tearing my hair out. I have a RD Gateway server that is pointing towards a RD Farm. I cannot connect to it using the Gateway. I keep getting the the following error in the TerminalServices-Gateway Operational log:
Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
Source: Microsoft-Windows-TerminalServices-Gateway
Date: 10/7/2014 10:56:02 AM
Event ID: 304
Task Category: (3)
Level: Warning
Keywords: (16777216)
User: NETWORK SERVICE
Computer: XXXXXXXXXXX.wbc.local
Description:
The user "XXXXXX", on client computer "XXX.XXX.XXX.XXX", met connection authorization policy and resource authorization policy requirements, but could not connect to resource "SyteLine.wbc.local". The following error occurred:
"23005".
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" />
<EventID>304</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>3</Task>
<Opcode>44</Opcode>
<Keywords>0x4000000001000000</Keywords>
<TimeCreated SystemTime="2014-10-07T15:56:02.952172000Z" />
<EventRecordID>183</EventRecordID>
<Correlation />
<Execution ProcessID="2428" ThreadID="3140" />
<Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel>
<Computer>WBC-SLGW-01.wbc.local</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<EventInfo xmlns="aag">
<Username>XXXXXXXXXXXXX</Username>
<IpAddress>XXX.XXX.XXX.XXX</IpAddress>
<AuthType>
</AuthType>
<Resource>SyteLine.wbc.local</Resource>
<ErrorCode>23005</ErrorCode>
</EventInfo>
</UserData>
</Event>
Any ideas? Lots of googling has not helped
Thanks

Hi,
Thank you for posting in Windows Server Forum.
To resolve this issue, ensure that Remote Desktop is enabled and that the user is a member of the Remote Desktop Users group on the target computer.
Please check that you have properly configured RD CAP and RD RAP policy for RD Gateway server. For remote clients to successfully connect to internal network resources (computers) through a Remote Desktop Gateway (RD Gateway) server, clients must meet the conditions
specified in at least one Remote Desktop connection authorization policy (RD CAP) and Remote Desktop resource authorization policy (RD RAP).
More information.
Event ID 304 — RD Gateway Server Connections
http://technet.microsoft.com/en-us/library/ee891047(v=ws.10).aspx
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support

Remote desktop login

hello any one plz guide me ....i want to implement desktop to remote login like in windows ,
plz help..what are the API s i should refer
i think that i have to use rmi.....
but what about the screen.....? because when logged in another end desktop is shown in this side and he can access the files how to implement this?
thanking u in advance ..........

Read this and try again.
Good luck.

10.5.4 problem, Apple remote desktop - login window

Since the update to 10.5.4 I noticed two problems (probably not related):
1. in system.log, many lines about ARD
Jul 1 14:28:49 ekPB com.apple.launchd[376] (com.apple.RemoteDesktop.agent[1859]): Did not die after sending SIGKILL 2910 seconds ago...
etc. every 5 seconds
Finally ends with
Jul 1 14:30:08 ekPB ReportCrash[2050]: Formulating crash report for process ARDAgent[915]
Jul 1 14:30:09 ekPB com.apple.launchd[376] (com.apple.RemoteDesktop.agent[1859]): Exited abnormally: Bus error
Jul 1 14:30:09 ekPB com.apple.launchd[265] (com.apple.RemoteDesktop.agent[915]): Exited abnormally: Bus error
Jul 1 14:30:09 ekPB ARDAgent [2051]: ******ARDAgent Launched******
Jul 1 14:30:09 ekPB ReportCrash[2050]: Saved crashreport to /Library/Logs/CrashReporter/ARDAgent2008-07-01-143004ekPB.crash using uid: 0 gid: 0, euid: 0 egid: 0
Never had this before 10.5.4
ARD is of course activated...
2. The machine normally operating under my administrator account (and connected to a FireWire disk used by Time Machine), at two different moments, coming back, I find my machine showing the LOGIN window ...
in System.log:
Jul 1 11:16:12 ekPB loginwindow[407]: DEAD_PROCESS: 0 console
Jul 1 11:16:13 ekPB /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow[1362]: Login Window Application Started
Jul 1 11:16:17 ekPB loginwindow[1362]: Login Window Started Security Agent
and
Jul 1 13:39:58 ekPB loginwindow[1362]: DEAD_PROCESS: 0 console
Jul 1 13:39:58 ekPB /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow[1856]: Login Window Application Started
Jul 1 13:39:59 ekPB loginwindow[1856]: Login Window Started Security Agent
New login is normal and I don't find any reason to justify the end of the sessions of the connected user.
Any Ideas ? Thanks !
MacBook Pro core 2 Duo 2,33 GHZ 3 GB, 160 MB disk, Leopard 10.5.4 connected to ADSL by modem and Airport Extreme (last update 5.3.2 done)

Greetings...
Haven't found a similar thread yet, but if there is, my apologies. I have the same problem with the login, and I can't seem to fix it with a reboot. I have ran disk utilities as well as trying to get in through a remote computer. Any ideas/fixes besides reinstalling to 10.5.3 would be of a huge assistance.
~nathaniel

Solaris Remote Desktop Login to Red Hat 5 Server

We have a number of Sun boxes running Solaris 8 and 9 and we need them to login to a Server running Red Hat 5. Have edited the /etc/hosts file to include the Red Hat hostname and ip address and when I enter the hostname it acts as if it is connecting to it, but then the cursor turns into a watch face and then kicks back to the login screen. Am I missing something minor or major??? Should also state that I can connect no problem to the server using hummingbird from PCs...

We are running SCOM 2012 server and have deployed the agent successfully to a number of Red Hat Linux servers. I am having an issue on about a quarter of the hosts, in that they appear as HEALTHY but are Grayed out and not green. When I look at the /var/opt/microsoft/scx/log/omiserver.log
file I see:
WARNING: wsman: authentication failed for user scom2012
I have verified that the system account is setup with the correct password and the runas account is setup with the correct password (i am able to deploy the agent from the SCOM server using it, so the passwords DO match).
Any ideas?
I've seen this on a few systems here when the agent has been upgraded but the old agent process does not die off. Just to rule it out, pick a node, make sure there are no instances of scxcimserver or scxcimprovagt and then start the agent and
see if the issue goes away. I've also seen wsman authentication failures related to the libssl issue that was fixed in yesterday's release.

Remote Desktop Error Event ID: 36870

I have received a new Windows 8.1 PC and laptop that I cannot RDP into. I am getting the following error in the System Event Viewer:
Log Name:      System
Source:        Schannel
Date:          5/8/2014 11:47:43 AM
Event ID:      36870
Task Category: None
Level:         Error
Keywords:
User:          SYSTEM
Computer:      XXXXXXXXXXXX.bhof.org
Description:
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
    <EventID>36870</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2014-05-08T15:47:43.491270800Z" />
    <EventRecordID>8427</EventRecordID>
    <Correlation />
    <Execution ProcessID="844" ThreadID="1256" />
    <Channel>System</Channel>
    <Computer>XXXXXXXXXXXX.bhof.org</Computer>
    <Security UserID="S-1-5-18" />
</System>
<EventData>
    <Data Name="Type">server</Data>
    <Data Name="ErrorCode">0x8009030d</Data>
    <Data Name="ErrorStatus">10001</Data>
</EventData>
</Event>
I can RDP into my current Windows 8.1 pc. Any help on getting this working for my new pc and laptop would be greatly appreciated. Thanks.
John

Hi,
What is the internet environment? domain\workgroup\homegroup?
The primary reason for the above error is the problem in accessing the “Private Key” of the certificate due to a broken keyset.
Please refer to scenarios listed in the following link and try relsted solutiuons
http://blogs.msdn.com/b/kaushal/archive/2012/10/07/error-hresult-0x80070520-when-adding-ssl-binding-in-iis.aspx
Yolanda Zhu
TechNet Community Support

Remote desktop connection caused host to lose a monitor and other settings

Hello
After a successful remote desktop login, on the host I can now no longer detect the 2nd monitor. Screen resolution on remaining monitor is off, it's gone over to use Microsoft Basic Display Adapter even though it was using the correct adapter previously.
Both previously working display adapters now show Code 12 error: "this device cannot find enough free resources that it can use". The system has also become very slow, when I right-click the desktop, it takes up to 30 sec for the menu to appear.
Anyone had a problem like this? I have restarted the computer several times, reverted system to a working state last week, done another successful remote desktop login/logout from my laptop to this computer.
Windows 8.1 Pro
Displays: Dell U2412M
Intel R HD Graphics 4600
Thank you in advance for any help/tips to help solve this problem!

This error message can also appear if the BIOS did not allocate enough resources to the device, I want to know how much RAM do you have on your computer, because the Display Adapter calls for extra RAM to run the monitor.
If you don’t have enough RAM to allocate, the monitor won’t start, that’s why the computer becomes very slow.
Here I suggest a possible solution:
Adjust the amount of memory dedicated to video/graphics. You can change that in BIOS. there might be an option in your PC's BIOS that lets you change the amount of system memory used for video/graphics.
You'll just need to find it in the BIOS, the BIOS options in the Advanced settings,
the option varies depends on the BIOS version
you can set the maximum memory that it can take to a lowest value.
Regards
Wade Liu
TechNet Community Support

Why is Remote Desktop running when I have it disabled?

I am running Windows 7 Professional. Looking at the Event Viewer today, I examined Microsoft/Windows/Terminal Services/Local Session Manager/Operational. There are 1,959 events recorded, dating back to 7/30/2014. A typical entry--one from today, reads in
the details: Remote Desktop Services: Session Logon Successful. User: PC\UserName Session ID:2. Source Network Address: LOCAL. The subsequent entry reads: Remote Desktop Services: Shell Start Notification Received. User: PC\UserName. Session ID:2. Source Network
Address: LOCAL. There are also entries for Session Logoff Succeeded, Session Has Been Discontinued, and Session Has Been Reconnected. It appears that these entries have been recorded each time we log on, log off, and switch user. My question is: Why are these
events being recorded under Terminal Services and Remote Desktop Services events? Under Services, I have disabled Remote Desktop Configuration, Remote Desktop Services, and Remote Desktop Services User Mode Port Redirector. In Control Panel/System, I have
unchecked the box for "Allow Remote Assistance invitations to be sent from this computer."
About a month ago, I discovered a strange new hardware installation of a PS/2 mouse and i8042 port in the Event Viewer. Consequently, under Hidden Devices in Device Manager, I did see the PS/2 mouse that I never installed.
Yesterday, I ran netstat -anobv and it showed two ports listening on the network for which it said, "Cannot obtain ownership information." One was port 445, for which I have blocked incoming activity on the firewall. The other was port 5357,
which according to Microsoft has some security vulnerabilities related to Function Discovery Provider Host and Function Discovery Resource Publication. Since this is a standalone PC with no network attached devices, I disabled both of these services. As of
this morning, the PS/2 mouse has disappeared from Device Manager.
A new process has popped up using netstat -anobv, on port 8883. It's IANA registered to MQTT. Should I be concerned about the Remote Desktop Services shown in Event Viewer? I thought it was a cause for concern, especially due to the appearance of the PS/2
mouse and the i8042 port which I did not install. Thank you for your help with this issue.

Hi Tergivesada,
You may upload the log files into OneDrive and paste the shared link here, we will help to check it out.
For other considerations, some application might also take use of remote services to cause Windows record the logon events, which should be considered a normal behavior. Reference:
Remote Desktop Services.
For the security consideration, you may take use of Windows Security Essentials to help protect your machine:
http://windows.microsoft.com/en-HK/windows/security-essentials-download
And further questions, please feel free to post back.
Best regards
Michael Shao
TechNet Community Support

The RPC server is unavailable while trying to take Remote Desktop of 2003 Server.

Dear All
Recently I am facing remote desktop login problem in on Windows 2003 Server.
While I am enter user name and password server give me logon error.
"The system cannot log you on due to the following error:
The RPC server is unavailable.
Please try again or consult your system administrator.
Kindly help me.........

I just started spontaneously having this problem yesterday. I am not aware of anything having changed that would prompt it, though I did do a Windows Update on all servers AFTER the problem manifested to see if that might fix it. (No such luck) For reasons
unexplained, the system HAS let me in a few times, though it hasn't been consistent, and now it seems to have locked me out entirely (except through the VSphere back door, explained below). I am running Windows 7 on my laptop, and I have received a report
of the same problem from another employee trying to log in from their computer, which I believe is also running Win7.
I am running two VMWare instances of Server 2003 R2, one Domain Controller and another production environment. I can RDP just fine to the DC, but not the production. Also, using the VSphere VMware management client on a separate machine, I CAN log in to
the production environment without a problem.
I have tried the fixes around restarting stopped services, but nothing has helped yet. I've also tried disabling my anti-virus temporarily, with no effect. I tried pinging the various IP addresses, and received timeouts on the 2 images, as well as their
host server. Again, though, I CAN log into the DC without issue.
Could someone please elaborate on how to create this registry key? On which image would I add this key? (I am a novice user, so using regedit is somewhat unfamiliar to me)
Any other thoughts about potential solutions?
Thanks!
Update Dec 15 2011: Just tried restarting the Production image, via VSphere, and then successfully logged in and out 3 times in quick succession by regular RDP. The symptoms have been temporarily soothed, though I wonder if the underlying problem remains?
Still no answer to why this happened in the first place, so I'd appreciate input.
Update Dec 16 2011: The problem came back this morning, and remained all day. I can still access by VSphere, but have other users who need to access by regular RDP. I'd rather not have to reboot the system constantly just to allow access... Any help is much
appreciated!

Remote Desktop Management service not starting. service-specific error: %%2284126209 - Event ID: 7024

Hi Forum members,
We have a client that has intermittent issues with RDS on a 2012 R2 server.
As an overview of the environment, the client has a single VMWare host support 2 x Windows 2012 R2 VMs one is the File/Print/Email server and the 2nd is the RDS server used to allow the client to run MYOB Enterprise. Both servers have the AD DS role and
DNS roles amongst others.
The 1st issue is that the RD Connection Broker shows the error: "The server pool does not match the RD Connection Brokers that are in it. and then "1. Cannot connect to any of the specified RD Connection Broker servers".
The above issue seems to be caused by the RDMS service not starting. When you attempt to start it, the service stops and the error in the title is logged in the "System" event log. Full transcript below:
Log Name:      System
Source:        Service Control Manager
Date:          21/01/2015 4:50:32 PM
Event ID:      7024
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      intentionally removed.local
Description:
The Remote Desktop Management service terminated with the following service-specific error: %%2284126209
Event Xml:
<Event xmlns="
<System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7024</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-21T05:50:32.129949400Z" />
    <EventRecordID>53721</EventRecordID>
    <Correlation />
    <Execution ProcessID="568" ThreadID="12436" />
    <Channel>System</Channel>
    <Computer> intentionally removed.local</Computer>
    <Security />
</System>
<EventData>
    <Data Name="param1">Remote Desktop Management</Data>
    <Data Name="param2">%%2284126209</Data>
    <Binary>520044004D0053000000</Binary>
</EventData>
</Event>
In addition in the "Application" event log, the following error is logged:
Log Name:      Application
Source:        MSSQL$MICROSOFT##WID
Date:          21/01/2015 5:24:47 PM
Event ID:      18456
Task Category: Logon
Level:         Information
Keywords:      Classic,Audit Failure
User:          NETWORK SERVICE
Computer:      intentionally removed.local
Description:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Could not find a login matching the name provided. [CLIENT: <named pipe>]
Event Xml:
<Event xmlns="
<System>
    <Provider Name="MSSQL$MICROSOFT##WID" />
    <EventID Qualifiers="49152">18456</EventID>
    <Level>0</Level>
    <Task>4</Task>
    <Keywords>0x90000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-21T06:24:47.000000000Z" />
    <EventRecordID>4228336</EventRecordID>
    <Channel>Application</Channel>
    <Computer>intentionally removed.local</Computer>
    <Security UserID="S-1-5-20" />
</System>
<EventData>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data> Reason: Could not find a login matching the name provided.</Data>
    <Data> [CLIENT: <named pipe>]</Data>
    <Binary>184800000E0000001F00000055004E0047004500520045005200410055005300530056005200300033005C004D004900430052004F0053004F0046005400230023005700490044000000070000006D00610073007400650072000000</Binary>
</EventData>
</Event>
I have been attempting to resolve these errors for some time, without success. I have read the many KBs and forum entries related to the above and applied a number of the suggested fixes, including the one which suggests to add the NT SERVICE\ALL SERVICES
to the "Logon as a Service" in the "User Rights Assignment" of the "Default Domain Policy" which is linked to the domain level, that both servers are objects of.
My question to the forum is, can anyone come up with a solution to resolve the above issues and all the RDMS service to start which will then hopefully resolve the broker error?
Regards,
David West.

Hi David,
If virtual machines on the server are Windows Server 2012, then it is not supported to install Remote Desktop Connection Broker on a Domain Controller.
More information for you:
Remote Desktop Services role cannot co-exist with AD DS role on Windows Server 2012
http://support.microsoft.com/kb/2799605/de
Guidelines for installing the Remote Desktop Session Host role service on a computer running Windows Server 2012 without the Remote Desktop Connection Broker role service
http://support.microsoft.com/kb/2833839
If the VMs are Windows Server 2012 R2, I suggest you install RDS on a separate machine to see if the issue persists.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Can Aussie GP's use a Mac remote desktop to login to works Medical Director

My wife is a GP. Her practice runs Medical Director. The other doctors are able to log in from home over the net from their home windows computers. I rang Medical Director to ask if there was anything stopping her using the remote desktop from our home mac:
http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac/download/ MISC/RDC2.0Public_Betadownload.xml
They gave me a very abrupt no, and said we need to buy a windows machine (something I am loath to do).
Are there any GP's out there using their macs at home to login over the net using a program like this..... or do we really have to do what the Medical Director people say - and use a Windows Machine?
Thanks for your help.

Chances are the director is full of it, and doesn't know what he/she is talking about. Find out what software the other doctors are using from home and perhaps we can find you a Mac version of it.

NULL SID Security Log Event ID 4625 when attempting logon to 2008 R2 Remote Desktop Session Host

This is a new deployment of Server 2008 R2 in a newly created 08 R2 active directory on a newlyt installed 08 R2 RDSH server.
A new generic user is created in AD. That user can log on to the terminal server on the console just fine. But that user cannot logon via RDP. Furthermore, the domain admin credentials also cannot logon via RDP.
When either set of credentials is used, the logon attempt registered in the Windows Security Even Log as a denied attempt with Event ID 4625 reporting a NULL SID.
Troubleshooting: The RDSH has already been disjoined and rejoined to the domain. Also, curious note, there are three ways to save the user account on the RDSH server as a valid user account which has permissions to logon. The one Microsoft recommends is to open computer management and edit the remote desktop users group. When I the accounts here and click apply, they immediately dissapear. Secondly, I can open the computer properties and go to the remote tab. There I find the user accounts added using the previous method are enumerated but not displaying correctly. They show up with the RDSH server name and a question mark. The last way, is to open the Remote Desktop Session Configuration tool and edit the properties of the rdp connection and go to the security tab. This was the only place I could get a user to ‘stick’ but the logon attempts still show a NULL SID and access is denied.
I have scoured every bit of RDS documenation I can find with no luck.
Thanks,
Chris

I am also experiencing this issue.
2008 servers, 2007 exchange on server 2008.
These are fresh servers, fresh AD. Users can log onto domain normally, RDP not working for admin accounts, generating same errors as posted above.
The bigger issue, is that we have a cisco messaging service account that is generating this error on the DC's and the Exchange server as well. The service basically emails users voicemails to their inbox. The user we've created for the cisco service is unable
to authenticate to the exchange server, in turn generating the same errors posted above as well. We can log on to the domain with this account just fine.
Any ideas on this? We have not tried re-adding the servers to the domain.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/5/2010 9:01:13 AM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: xx.corp
Description:
An account failed to log on.
Subject:
Security ID: NULL SID
   Account Name: -
   Account Domain: -
   Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
   Security ID: NULL SID
   Account Name:
xxxx
   Account Domain:
xxxx
Failure Information:
   Failure Reason: Domain sid inconsistent.
   Status: 0xc000006d
   Sub Status: 0xc000019b
Process Information:
   Caller Process ID: 0x0
   Caller Process Name: -
Network Information:
   Workstation Name: laptop
   Source Network Address: -
   Source Port: -
Detailed Authentication Information:
   Logon Process: NtLmSsp
   Authentication Package: NTLM
   Transited Services: -
   Package Name (NTLM only): -
   Key Length: 0

Novell login not available with remote desktop on windows 7

Installed Novell Client 2 SP3 for Windows Server 2012 on my terminal server. When I log in from Windows XP to that terminal server I am getting an option to login with Novell Client. On Windows 7 however I only can logon to the server. What am I missing here?

djaquays <[email protected]> wrote:
> Mostly, that MS RDP for Mac ignores the authentication level:i:0 option
> in an RDP file and there's no GUI equivalent to force legacy
> authentication.
Microsoft's Network Level Authentication (NLA) feature is supported in
Windows Server 2008 and later terminal servers, and supported by
Remote Desktop Connection (MSTSC) 6.x and later terminal clients.
Windows XP did not ship with a MSTSC 6.x terminal client, but it is
available optionally through Windows Update.
The NLA authentication is essentially requiring that valid Windows
user account credentials for the Windows Server machine must be
provided /before/ the RDP-level terminal session connection is even
attempted or permitted. If the Windows user credentials you're logged
in with on the client workstation do not already satisfy this
requirement, the NLA-aware MSTSC clients will prompt you for valid NLA
credentials before even attempting to open the terminal session.
In other words, NLA doesn't directly have anything to do with whom you
will become authenticated as within the terminal session, or whether
you'll reconnect to some other already-running terminal session; it's
a new default mechanism which requires Windows credentials for
authorizing you to create an RDP connection to the Windows Server
machine "at all."
Unfortunately Windows Server 2008 and later don't permit you to turn
NLA completely off. You can configure the Windows Server to always
require NLA, which means pre-MSTSC 6.x terminal clients will be unable
to connect. Or you can configure the Windows Server to "not require
NLA" ("Allow connections from computers running any version or Remote
Desktop"), but this still means Windows Server will use NLA if the
workstation's MSTSC client supports NLA.
The only option which has been available to "disable NLA" even when a
Windows Server 2008 or later terminal server and a MSTSC 6.x or later
terminal client are involved is to configure the
"enablecredsspsupport:i:0" setting in the MSTSC client's .RDP file
(e.g. default.rdp in the My Documents folder), in addition to
configuring the terminal server to "not require NLA."
Once you have "Allow connections from computers running any version or
Remote Desktop" set on the Windows Server, and
"enablecredsspsupport:i:0" set in the MSTSC client, now you're back to
the Windows XP & Windows Server 2003 behavior where an RDP terminal
connection can be established without first having to supply NLA
credentials, and the first thing the MSTSC client user will experience
is the full normal credential provider-based login experience just
like you see at the physical console of the terminal server.
Note that if you do leave NLA enabled and supply NLA credentials
during the MSTSC connection attempt, after successfully using those
credentials to authorize creation of the RDP connection, the MSTSC
client will /also/ default to using the NLA credentials as default
credentials to attempt logging on with within the terminal session
itself. In other words, if you successfully supply NLA credentials,
by default you also become logged in on the terminal session and go
straight to the desktop of the Windows user account specified in the
NLA credentials. So even though "NLA credentials" and "whom I will
logon as within the terminal session" are two separate things, by
default the MSTSC client tries to use the same credentials for both.
But it's not that the NLA credentials "must" be used for logging in on
the terminal session; that's simply the default behavior. If you
leave NLA enabled on the Server 2008 or later terminal server, after
NLA credentials are successfully used to authorize creation of an RDP
connection, if you wanted to instead be prompted within the terminal
session with the normal credential provider login experience, enable
the "Always prompt for password" on the Windows Server 2008 or later
terminal server.
(On the Server 2008 or later machine, under "Administrative Tools"
find the "Remote Desktop Services" group and launch the "Remote
Desktop Session Host Configuration" console. Highlight/select the
"RDP-Tcp" connection, right-click and select "Properties". On the "Log
On Settings" tab elect "Always prompt for password".)
That sounds like probably the scenario which fits best for the "I have
a Macintosh-based client which doesn't allow enablecredsspsupport:i:0
/ authentication level:i:0." You would leave NLA enabled on the
Server 2012 machine, but enable "Always prompt for password" in the
RPC-Tcp connection properties on the Server 2012 machine. Such that
after NLA authentication was performed and Windows allowed creation of
the terminal session, instead of immediately also attempting to login
within the terminal session as the Windows account specified in the
NLA credentials, Windows will instead present the normal interactive
credential provider login experience to allow the user to specify whom
they want to login as.
Finally, note that everything described above applies even to a
Windows Server and Windows client workstation that do /not/ have the
Novell Client for Windows installed. The same mechanisms remain in
effect even once the Novell Client is installed; the presence of the
Novell Client just changes what credential providers would be used or
presented within the terminal session once the terminal session was
allowed to be created. The fact that NLA is required by default and
requires valid Windows credentials in order to authorize an RDP
connection is still the same, regardless of whether the Novell Client
is present or not.
Alan Adams
Novell Client CPR Group
[email protected]
Novell
Making IT Work As One
www.novell.com
Upgrade to OES Community
http://www.novell.com/communities/co.../upgradetooes/

Possible to login into Win7 machine via Remote Desktop?

hey guys, i've been trying to find a solution to be able to write to NTFS drives. i've read that using exFAT is a good way to go. the other thing i wanted to try was to login to a Windows machine that's connected to the NTFS drive and write to it that way. how can i do this?
thanks

If you want to write to the NTFS drive via the Windows system, then you want to have Windows share the drive, so that you can use Mac OS X:
Finder -> Go -> Connect to Server -> smb://windows.machine.address/share_name
This would mount the shared NTFS file system on your Mac OS X system and allow you to read and write to it.
If you need to access the Windows Desktop, then use the above mentioned Microsoft RDC software, or download CoRD from MacUpdate.com. Both good Windows Remote Desktop Clients.

Remote Desktop Connection can't login to restarted PC

I can access my XP Pro PC using Remote Desktop Connection after I have logged in locally but if I attempt to access it after a restart, or after a startup from shutdown, I get a error message:
The client could not connect to the remote computer.
And then a list of reasons why it may not be working (non of which - as usual - apply).
I can access the PC with it's local keyboard and mouse and login in locally, then connect using Remote Desktop Connection on my mac just fine, but if I shut the PC down, restart it and try logging in from the Mac I get that error message.
BTW I tried finding info about this on the msft site but it's really useless.

Basically you can't login as the PC is not connected to the network.
Use the XP PowerToys to automate the login process.
http://www.microsoft.com/windowsxp/downloads/powertoys/default.mspx

Remote Desktop Login events

Similar Messages

Maybe you are looking for