Smart card RDP logon weird behavior 2

UV 6 Reputation points
2020-11-04T10:15:22.077+00:00

Hi!

This spring I first faced strange situation described here: https://social.technet.microsoft.com/Forums/en-US/6e7e86aa-6cec-407c-9a18-dde090fccc0a/smart-card-rdp-logon-weird-behavior?forum=winserverTS

Now I see it again in different environment. Briefly again: We have third party smart cards integrated with users in AD using issuer and serial number fields from certificate as altSecurityIdentities. Client computer is Windows 10 and server version is 2016, both fully patched.

Problem: I can log onto my RDS server with smart card with some users, and suddenly, with next user I get error: your credentials could not be verified. If I take a look at security log on RDS server I see that login failed with error 4625 (Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A, account name is subject name from wrong certificate). Strange part here is, that user credentials listed in this event are not belonging to user who tried to log on!
After RDS server restart I can again log on with any smart card, first logon succeeds always.
Sometimes it can also happen, that I see wrong user data already in RDP client - I mean I use smart card of user A and RDP client shows certificate of user B. In other time client chows correct certificate but RDS server reports wrong.
The problem does not happen with any specific card but appears randomly with different users.
Very confusing!

Any ideas what to check or how to troubleshoot this issue?

Thanks,

UV

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,108 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,233 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Eleven Yu (Shanghai Wicresoft Co,.Ltd.) 10,671 Reputation points Microsoft Vendor
    2020-11-05T03:30:30.783+00:00

    Hi,

    This problem should also be related to AD. You might need to capture some dumps or traces to further investigate the issue, which I suggest to contact Microsoft Customer Support and Services where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.
     
    You may find phone number for your region accordingly from the link below:
    Global Customer Service phone numbers
    https://support.microsoft.com/en-us/help/4051701/global-customer-service-phone-numbers

    Thanks,

    Eleven

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments