I'm dealing with a weird issue in my Active Directory setup. There's one laptop that simply cannot connect via RDP to a specific Windows desktop, regardless of who's trying to log in. Other computers can access the desktop just fine, and users can also log in on other machines without problems. I even reinstalled Windows 11 on the laptop, but that didn't fix anything.
When attempting to connect from this particular laptop, I get the "Your credentials didn't work" message. The Event Viewer on the target desktop logs show a '4625' event with error codes that suggest something is off, particularly indicating a NULL SID. I've verified connectivity with success on network tests and ping, but the RDP failure persists only between this one laptop and that one desktop. Can anyone suggest what might be going wrong?
9 Answers
You might want to check if the laptop and target desktop share identical SIDs. If they do, you’ll need to change them using a third-party tool or wipe and reload the laptop properly without using the same image. There’s info on duplicate SIDs [here](https://support.microsoft.com/en-us/topic/kerberos-and-ntlm-authentication-failures-due-to-duplicate-sids-76f7394d-c460-4882-9ed1-d27e0960f949).
Yeah, it really feels like a duplicate SID issue here.
Sometimes these issues end up being DNS-related. Check the hosts file on that laptop; it might have a conflicting entry that's causing this problem. Compare it with other working devices when using DNS/FQDN.
Have you tried connecting the laptop to any other device? It sounds like an authentication issue, but since you reinstalled it, make sure all drivers are up to date. Also, are any firewall rules blocking RDP traffic for that laptop?
The laptop connects to other devices seamlessly. The rebuild was with a fresh ISO, and all drivers are current. No firewall or outbound block issues either.
I faced a similar situation for a whole month! In the end, I just rebuilt the machine from scratch, and all issues disappeared. Not exactly helpful for the root cause, but I sympathize with your struggle.
Maybe throwing the laptop out is an option? Have you tried connecting via IP instead of FQDN to see if there's any difference?
No, there’s no difference when connecting by IP versus FQDN.
Is there a logonTo restriction that might be affecting access for that laptop?
If all else fails, just re-image the laptop. Sometimes a fresh start is all you need!
It sounds like the laptop might be trying to use NTLMv1 authentication when the server only accepts NTLMv2. Check your NTLM settings on both devices and make sure they're aligned. You can find instructions [here](https://learn.microsoft.com/en-us/troubleshoot/windows-client/windows-security/enable-ntlm-2-authentication).
I checked the NTLM settings on both machines and sadly it didn’t help.
I've had similar weird issues that turned out to be caused by DNS server problems too.
Sounds likely — those that do work are on older builds, so maybe this update is what's causing the issue.