Windows server 2016 RDS when users logon multiple Error 4625 from Server Computer account RRS feed

  • Question

  • Everytime a user logs unto the server via rdp we get multiple errors like this. The user logs into RDS normally and is able to work and we see no other errors in application og system logsm anyone experienced this or have a solution ?

    Its always the computer name with the domain with workstation name of the server the local IP6 address of the server

    and a Random port. Attempted to see what PID this was coming form with netstat -ano but nothing shows up

    An account failed to log on.

    Security ID: NULL SID
    Account Name: -
    Account Domain: -
    Logon ID: 0x0

    Logon Type: 3

    Account For Which Logon Failed:
    Security ID: NULL SID
    Account Name: Computeraccount_name
    Account Domain: Domain name

    Failure Information:
    Failure Reason: Unknown user name or bad password.
    Status: 0xC000006D
    Sub Status: 0xC0000064

    Process Information:
    Caller Process ID: 0x0
    Caller Process Name: -

    Network Information:
    Workstation Name: Computeraccount_name
    Source Network Address: xxxxxxxxx
    Source Port: xxxxx

    Detailed Authentication Information:
    Logon Process: NtLmSsp 
    Authentication Package: NTLM
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    Friday, December 21, 2018 1:00 PM

All replies

  • I have exactly the same problem.

    I have debugged this by NetLogon and Wireshark and many other tools, but found nothing since now.

    Do you have  ever solved this?

    Monday, February 4, 2019 4:39 PM
  • Hello Jiri.

    Unfortunately No. i have tried running Netlogon and wireshark but not caught anything that explains the error

    The logon attempt is from the server itself which runs remote desktop services and i think this is some 

    component or logon attempt by rds 

    Tuesday, February 5, 2019 8:19 AM
  • Hello Jiri after much work we found the problem. In our case the server was running RDS and the IIS Instance was using a computer certificate for https the cert had run out and the computer had gotten a new one from the PKI root but the RDS was still using the old one. 

    When i switched RDS to user a legit certificate the problem went away.

    Thursday, February 21, 2019 10:28 AM