I am facing a problem remoting into a machine using a Domain account.
Problem Facts :
- The Host VM's are hosted by Company A (read Domain A). The VM's have a local administrator as well Domain 'A' based User accounts who are on "Administrators" on the VM's.
- I belong to a Company B (Domain B).
- I use a VPN provided by Company A to have access to their network.
- I was previously able to use mstsc from Computer on Domain B to remote into any of VM's on Domain A.
- Recently Company A migrated their Domain A into Domain Z.
- Now I am not able to remote from a computer on Domain B into a VM on Domain Z using my Domain 'Z' user account, however, I am able to login using the local user account. The error for Domain Account is generic credentials not valid.
- My domain 'Z' accounts are working when I remote access another VM (say VM1) using my domain account after logging into a VM2 as local admin. (VM 1 & 2 are on the Domain Z)
- The problem in step 6 & 7 only SEEM to occur in environment at Domain Based environment. (Domain B where my local machine is located on and Domain C where another company user is facing the same issue as me).
- When trying from a local machine with windows freshly installed (no domain, no AV, default OS options) over Company A provided VPN, everything works fine i.e can remote into VM using Domain Accounts.
- Windows 7 Enterprise as Guest. Windows 7 , 2008 R2 , 8.1 as guest VMs. 11. On guest machine, tried deactivating firewall, stopping Forefront security app and removing machine from Domain and connecting to internet directly, but still it was not connecting. (maybe some group policy is causing the issue and removing from domain does not deactivate the policy. The surprising factor was people from Company C were also facing the same issue).
How Can I troubleshoot this issue ?
Best Answer
Remote Desktop requires several things to function. You mentioned some, but there are others.
Based on your description, I would guess that #3 is the culprit. Your new Domain Z account lacks the "Logon Remotely" right. This can be assigned via GPO or local policy. See here for more information.