Windows login failures
Sympton / Windows Error | Solutions |
---|---|
Both certificate and password authentication fail. |
|
Password works but certificate authentication fails |
|
Certificate authentication fails for all users, and:
|
|
Login is successful in the Windows Event log but this error is shown to the user: The requested session access is denied. | Add Remote Desktop Users with user/user’s group to Restricted Groups group policy: https://support.microsoft.com/en-us/help/954369/error-message-when-you-use-remote-desktop-connection-to-connect-to-a-w |
Error shown to the user: The security database on the server does not have a computer account for this workstation trust relationship. | Remove any old trust relationships left on the other domain, and add a new one-way trust relationship between the domains with valid domain administrator accounts. |
Error shown to the user: Logon failure. The user has not been granted the requested logon type at this machine. | Ensure login attempt is to a domain account and not local account. If user is a domain user, ensure the user has logon locally access right and the UPN is correct. |
Error shown to the user: Signing in with a smart card isn’t supported for your account. | Domain controller may have several existing KDC certificates and the one used most likely has only client and server authentication key usage that doesn't satisfy RDP user certificate authentication. To view KDC certificates of the DC(s): The Domain Controller must identify itself with a valid KDC Certificate with proper Extended Key Usage OIDs enrolled from the Enterprise CA, e.g. an updated Kerberos Authentication template that has:
|
Updated almost 2 years ago