0

We are planning to switch our company's machines from Win7 to Win10 in the near future. We have 2 available domains, lets call them domain1 and domain2. We use domain2 for our current enviroment and everything works fine. Domain1 has been created and never used, it was "just there" for experimental purposes which came to use some days ago.

So I've setup a Win10 VM, installed a Domain Controller and configured everything ensuring the domains can communicate with each other. Everything works fine, I can share files in-between i.e my machine and the Win10 VM. Now comes the problem.. we have many VMs where many Resins/Tomcats are running for several web applications.

We use the RDP provided by Microsoft to connect to the VMS, everything works fine. Also, I am able to connect from the Win10 VM to another Win7 machine, but not vice versa. The application just doesnt connect to the Win10 VM. As soon as I use a local user, it works perfectly, so it must be something with the GPOs or some options in the AD of the Win10 VM?

I must add that we havent used AD to setup our domains. We've always used SAMBA, so I must admit that the Microsoft solutions/tools are pretty new to me and maybe I oversee something.

What I tried to do so far (after hours of research):

- Disabling the Win10 firewall to ensure nothing is blocked

- activated the RDP options on the Win10 VM and adding the relevant users to the trusted users list 

- edited the local computer policy and added the domain users to the list of "trusted users who can connect to this machine using RDP"

- added the relevant users in the AD to ensure they are allowed to connect via RDP

Nothing works. Somehow I assume that I miss one or two clicks which allow the domain users to log in via RDP. When I try to login with lets say domain1\administrator:pw, it wont let me. When I use 192.168.0.XXX\administrator:pw, it instantly works. So it must be something with the AD/GPO settings which I cannot figure out.

You guys have an idea? <3

kaisa
  • 21
  • 5
  • security updates most possibly. Do you have any Windows updates available on the W7 machine? – Strepsils Mar 14 '19 at 08:42
  • This was one of my first thoughts, but my machine is up to date! I always install the windows updates as soon as they are released. – kaisa Mar 14 '19 at 08:43
  • What if you disable [this security setting](https://www.howtogeek.com/wp-content/uploads/2013/11/x4-systemproperties.jpg.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.TJUeSc09jg.jpg) in W10? – Lenniey Mar 14 '19 at 08:46
  • Juast tried it, doesnt work. Same error.. – kaisa Mar 14 '19 at 08:48
  • Try to add domain account as local admin to this W10 VM and try to login. – Strepsils Mar 14 '19 at 08:54
  • Please post the shown error and corresponding errors in your event logs, are you sure you are using the right credentials? – Lenniey Mar 14 '19 at 09:02
  • Is RDP whitelisted on win-10 firewall? – mightyteja Mar 14 '19 at 09:20
  • @mightyteja I turned off the Win10 Firewall for experimental purposes to avoid such conflicts. But yes, even without turning off, I allowed traffic for the relevant ports. – kaisa Mar 14 '19 at 09:27
  • @Strepsils I've already done this, unfortunately no change. – kaisa Mar 14 '19 at 09:30
  • @Lenniey Yes, the credentials are 100% right. But your idea with the event logs might yield something. I'll post a screenshot, apparently it might have something to do with the system time! – kaisa Mar 14 '19 at 09:31
  • https://imgur.com/a/X4MyQY4 The german text says that it couldnt be verified whether the new GPOs for this user could be forced because the system time of the Win10 VM does not match with the Domain Controller's one. Can this be an issue? To be honest, I didnt even recognized that the system time was wrong. – kaisa Mar 14 '19 at 09:37
  • Well the first question would be if your time is synced? Don't you have errors when connecting? Also check your security event log. – Lenniey Mar 14 '19 at 10:10
  • @Lenniey The time showed very strange behaviour. The service was started, but no synchronization whatsoever. I fixed the problem and now the time shows correctly. Rebooted the VM and tried again to connect via RDP, but still no success. I'll check the security event log (again) to see if anything interesting shows up. Thank you all so far!! – kaisa Mar 14 '19 at 10:29

1 Answers1

0

Ok guys, found the solution!

After checking the event logs I stumbled accross the relevant error code and did a further research. I had to edit the users in the AD - the relevant column was "account". You can fill the field there with the username, but the important field was the one after user (@domain1.de). This field was blank and after I added the @domain1.de AND fixed the time synchronization issue, everything was fine.

One important (or interesting) fact I found out: When connecting and entering the user/pw, I had to use an unconventional method:

user: administrator@domain1.de

In my whole time working with RDP, I never had to use this type of username (with the @domain1.de) when connecting to a VM. Interesting catch and again I learned something.

Thank you all for your tips and time!

kaisa
  • 21
  • 5