I'm setting up a new VPN in Azure that is connecting to a on-premise lab environment that is planned to replace the old VPN connection. While connected to the new IP range on the new VPN we are receiving this error while RDPing using elevated accounts that are part of the Protected Users group:
NTLM authentication failed because the account was a member of the Protected User group.
Error Code: 0xC000006E
Noticed some alerts about certificates as well. NTLM and Kerberos aren't my specialty, so was looking for some help with this, is there somewhere we need to whitelist the new VPN IP range for NTLM / Kerberos to work correctly?
RDP works fine without error on the current VPN, but not the new one we are trying to implement.