Recently converted a client’s Windows Standard 2012 R2 terminal server into a Remote Desktop Protocol (RDP) Gateway server so that remote users could connect to their workstations inside the corporate network. (The details of how to do this properly will follow soon in another post.) Once the setup was completed it was time to test the connectivity as follows:
Testing RDP Connectivity
- Log into a remote workstation
- Open Microsoft Terminal Services Client (MSTSC)
- Type in the Computer name and User name into the General tab:
- Click on the Advanced tab and then on the Settings… button.
- Choose Use these RD Gateway server settings then type in the external URL of the RDP Gateway
- Choose Bypass RD Gateway server for local addresses
- Choose Use my RD Gateway credentials for the remote computer then click OK
- Should then be able to click Connect to tunnel into that workstation
Issues with NULL SID as follows:
- Getting errors during login process about inability to connect, noticed that it allowed for credentials at RDP Gateway but then failed when trying to login to local worksations.
- Attempted to connect from machines without the KB2592687 and KB2830477 installed, but same errors occured.
- Checked the event logs for the local workstation and found Event ID #4625 NULL SID errors. Which should have pointed to issues with authentication.
- Tested NTLMv2 login issues via changing the following registry entry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] – LMCompatibilityLevel set above 3
- Did the same thing via Group Policy using the following setting:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options – “Network security: LAN Manager authentication level” set to Send NTLMv2 response only
- Finally narrowed it down to NTP settings on the router not being set and mismatch of time.