I created an AD DS and domain called NEWDOM. Then I added a Win2012 machine "newPC" with a local account called "userA" and joined it to the NEWDOM domain.
If I use my personal PC on home network, I can RDP to the machine without issue by providing "userA" or "newPC\userA" as username.
But if I use my company provided laptop, joined to COMPANYDOM but still connected to my home network, it refuses the credentials. Audit logs on newPC show that it's attempting to use COMPANYDOM instead of newPC. The XML says "TargetDomainName" is COMPANYDOM. I've tried userA, newPC\userA, and userA@newPC and all give the same credentials error.
If I don't join newPC to the NEWDOM domain, it connects to RDP, even if on my company's network. If I drop the machine from the NEWDOM domain, the issue persists. Leads me to believe it's a GPO setting on the NEWDOM DC that's causing that but I'm not positive.
Is there a policy setting on my company laptop that is causing this or a setting on the NEWDOM domain controller?
Edit: If I use a NEWDOM domain admin account, RDP works. Only local accounts seem to have problems. For reasons that I don't need to get into, I need the ability to RDP as local user accounts.
Thank you!
Best Answer
Issue appears to be that the work PC has the following key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LmCompatibilityLevel=1 which restricts NTLM to version 1, which Windows Server 2012 does not support.