Hello everyone, I'm reaching out for some help with a tricky problem I'm facing. Here in Spain, some of my users are intermittently getting an error when trying to connect to our servers using Remote Desktop Protocol (RDP). The message reads, "The credentials did not work." It's a strange situation because this issue happens randomly; it affects different users and machines on different days. Notably, it only occurs when they try to connect using the hostname or the fully qualified domain name (FQDN). When they use the server's IP address for the connection, everything works fine. I've been troubleshooting this for quite a few days and this is the first time I've encountered this kind of behavior. I've set up a few Group Policy Objects (GPOs) to allow delegating default credentials with NTLM, but nothing seems to provide a consistent solution. Any insights or suggestions would be tremendously appreciated!
4 Answers
Hola! I would say that the symptom of "works with IP but not with Hostname" points towards Kerberos or DNS issues. Connecting via IP generally uses NTLM, while using the hostname attempts Kerberos. Make sure there are no duplicate SPNs with 'setspn -X' and also consider that the randomness could be due to UDP protocol issues in RDP. Try enforcing TCP-only connections via GPO to rule out latency or intermittent network drops. Good luck!
We had a similar situation recently after installing a patch on our Domain Controllers that affected service accounts using Kerberos. The fix was as simple as changing the account passwords, which, believe it or not, were 13 years out of date. A password change can even fix these types of Kerberos issues, even if it's to the same password.
This could be a Kerberos-related issue. When you connect using the IP address, you're likely using NTLM for authentication, which is why that works. Check your Domain Controllers for any issues, a good start would be running a 'dcdiag' on each one.
Exactly! In my experience, I've seen this issue crop up when one of our network admins accidentally altered NAT settings for some internal traffic.
Don't overlook time drift as a potential culprit. If the clocks on your systems are out of sync even slightly, it can mess with Kerberos authentication sporadically.
Be cautious though! You may think you've solved the problem, but then your Kerberos tickets might start expiring later on, leading to more headaches.