question

AndreaT-5716 avatar image
0 Votes"
AndreaT-5716 asked KarlieWeng-MSFT commented

Window 10 - after joining domain administrator account cannot logon via RDP

Hello,
we are creating our new Active Directory Domain (DC are Windows Server 2016 and domain functional level is 2016).
We're trying to join a W10 20H2 VM to this domain.
Before joining domain we could log on this VM via RDP using Local Admin Account.
After joining domain we can log on this VM via RDP using standard Domain User but not using Domain Admin accounts or Domain User that are member of the local Administrators group of the VM.

In event viewer we can find these events
Event ID: 21 Remote Desktop Services: Session logon succeeded

Event ID: 22 Remote Desktop Services: Shell start notification received

Event ID: 40 Session <X> has been disconnected, reason code 1

Reason 1 means that the disconnection was initiated by an administrative tool on the server in another session, so i move the computer object in another OU where Block Inheritance setting is enabled, but this not solve the issue.

With Server OS (like Windows Server 2016) we don't have this issue.

Any Idea?

Thanks


UPDATE_20210412: this issue occurs only on Windows 10 20H2 Virtual Machine. I tried a Windows 10 20H2 installed on a physical PC and everything works fine.
Are there any issue related to VMWare Windows 10 VM?

windows-10-generalremote-desktop-serviceswindows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered AndreaT-5716 edited

joining domain we could log on this VM via RDP using Local Admin Account.

What operating system is the VM?

Also do whoami /groups and check that the domain admin is a member of local administrator's group on the VM

--please don't forget to Accept as answer if the reply is helpful--










· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your answer.
The VM is a Windows 10 20H2 and I checked and unfortunately the user is already a member of the local administrator's group.


0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered AndreaT-5716 commented

What happens when you try? Also try by ip address in case of DNS issues.





· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

First time I try to connect via RDP, after login, the client disconnects.
Next attempt I can no longer connect via RDP until I reboot the machine.

After first attempt i can see in Event Viewer of the W10 VM

Event ID: 21 Remote Desktop Services: Session logon succeeded
Event ID: 22 Remote Desktop Services: Shell start notification received
Event ID: 40 Session <X> has been disconnected, reason code 1

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered AndreaT-5716 commented

Also try by ip address in case of DNS issues.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks again for your answer but I already use IP address instead of DNS

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered AndreaT-5716 commented

I'd try creating new domain admin account, logon and try with new account.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks again but also this test failed

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered AndreaT-5716 commented

Also try;

  1. from a different source

  2. to a new target same OS



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I I already tried to a new target same OS with no results.
Il will try from a different source. Thanks

0 Votes 0 ·
KarlieWeng-MSFT avatar image
0 Votes"
KarlieWeng-MSFT answered AndreaT-5716 commented

Hello @AndreaT-5716

I hope this is related,.
after I log on to my win10 using domain admin account, I find:
86121-image.png

86122-image.png


Best Regards
Karlie


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (44.6 KiB)
image.png (72.5 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @KarlieWeng-MSFT, thanks for your answer.
This matches my configuration, but local admin account and domain admin account can't logon via RDP.
Because Reason 1 means that "an admin tool in another session disconnect the RDP session" how can i discover which policy or restriction is involved?
thanks

0 Votes 0 ·
KarlieWeng-MSFT avatar image
0 Votes"
KarlieWeng-MSFT answered KarlieWeng-MSFT commented

Hi
I found from here reason 1 means "An application initiated the disconnection" , Is there any app may interfere the connection?


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @AndreaT-5716 Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

0 Votes 0 ·