Wednesday 4 January 2012

Remote Desktop Access Denied Error

Troubleshooting Issues with Remote Desktop / Terminal Services


This morning I tried remotely accessing my work PC which is always left on from my home laptop.
However after my first attempt I was met with the following error which appears om the login screen on the remote PC.

"the refereced account is currently locked out and cannot be logged on to"


Locked out of PC


I tried pinging the PC and could get a response fine but running the reboot command:


shutdown -m \\mypcname-r -f

I just got an "Access Denied" error.

I could login fine the night before and I hadn't installed anything new. I ran a virus scan which didn't pick anything up.

After connecting to the Virtual Private Network (VPN) I tried running the following command from the RUN prompt.


\\mypcname\c$

But it returned a popup screen with the following message.

"The system detected a possible attempt to compromise security. Please contact the server that authenticated you"

Obviously this was some kind of mistake and from searching the web it seems the problems comes about due to the machine I'm using to access the remote PC which was on a domain and was using different credentials than what I was trying to use to access the resource.

From Microsofts own Knowledge Base article 938457: http://support.microsoft.com/kb/938457


Symptom: When you try to include security settings for a user from a different domain in a local domain folder, you receive the following error message:
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.


Note: This problem may also occur when you try to browse the Active Directory directory service listings for the nonlocal domain.


Cause: This problem occurs because the network firewall filters Kerberos traffic.


Resolution: To resolve this problem, configure the network firewall so that TCP port 88 and UDP port 88 are not blocked for either domain.


My Firewall was not blocking these ports but I had no idea what had happened the other end on the servers at work.

To get access back I tried terminal servicing into a different computer from my laptop which I knew I had access to. I could gain access to this PC.

Once I had remotely accessed another computer on the network I ran the following reboot command which when run from my own laptop gave me an "Access Denied" error.

I ran the reboot command

shutdown -m \\mypcname-r -f

I then tried pinging the PC from my laptop and couldn't access it so I knew it was rebooting.

After a while the PC came back online and I could re-gain access to it.

I checked the event logs on both machines and found the following items of interest.

On the Remote PC (I couldn't access)

The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 10.0.9.121.

That IP relates to our server that manages domains om our network.


From looking at the event log on my own PC I could see the following errors at around the time I tried remotely accessing the work PC.

08:32.01
The server could not bind to the transport \Device\NetBT_Tcpip_{AE7A7B4B-3EED-4D2A-B123-1A4F4AB04698} because another computer on the network has the same name. The server could not start.

08:32.03
CoID={C5816EC8-C2E8-4710-A412-F7ECDBC25C42}: The user me successfully established a connection to OurCompanies VPN using the device VPN3-1.

08:32:08
The time provider NtpClient is currently receiving valid time data from domainserver.domain.company.co.uk (ntp.d|0.0.0.0:123->10.0.7.1:123).

08:32:12
The server could not bind to the transport \Device\NetBT_Tcpip_{AE7A7B4B-3EED-4D2A-B123-1A4F4AB04698} because another computer on the network has the same name. The server could not start.

08:33
The password stored in Credential Manager is invalid. This might be caused by the user changing the password from this computer or a different computer. To resolve this error, open Credential Manager in Control Panel, and reenter the password for the credential DOMAIN.COMPANY.CO.UK\me.

08:33.11
The server could not bind to the transport \Device\NetBT_Tcpip_{AE7A7B4B-3EED-4D2A-B123-1A4F4AB04698} because another computer on the network has the same name. The server could not start.


I have since managed to reboot my work PC and home laptop and connect successfully but I hadn't changed my password so I guess it was an issue at the company on their network that caused the problem and looks like an issue with the domain controller and Kerberos which is a network authentication tool designed to use strong authentication for client/server applications by using secret-key cryptography.

Here are some helpful articles related to the same subject if this method doesn't fix the problem for you.

http://www.bluemoonpcrepair.com/wp/?p=20

http://support.microsoft.com/kb/938457



No comments: