none
Getting a Authentication error 0x80004005 using RDP on Windows server 2012 servers RRS feed

  • Question

  • Hello Everyone,

    I'm getting a Authentication error on all of my Windows 2012 servers connecting through RDP. The weird thing is, this error only pops up using the DNS name. If I use the IP of the server, I connect with no issues or errors. 

    Does anyone have any ideas?

    Please let me know

    Thank you

    Devon

    Monday, December 29, 2014 9:22 PM

All replies

  • Hi Devon,

    Thank you for posting in Windows Server Forum.

    What’s your client OS and RDP version you are using?

    From your description it occurs that there is issue resolving IP address with Hostname through DNS, so need to check the DNS record to see whether Hostname I mapped with IP address. Initially you can also try to clear DNS cache and try to flush with below command.
    Ipconfig /flushdns

    Then you can check using “nslookup” command whether you can resolve IP address from Hostname. You can check following articles for DNS troubleshooting.
    - Cannot Connect to Remote Systems Using Host Name
    - Troubleshooting DNS Servers

    Hope it helps!

    Thanks.

    Dharmesh Solanki

    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, December 30, 2014 9:01 AM
    Moderator
  • Thank you for the reply...

    DNS seems to be fine, nslookup and ping work fine.. Its just weird this is only happening with windows server 2012.

    I'm using Windows 8 as a client.

    Devon

    Tuesday, December 30, 2014 5:15 PM
  • sounds like a permissions issue.   Check out the Event logs on your server.  Is the user a remember of the local admin group or remote desktop?

    more info

    https://social.technet.microsoft.com/Forums/en-US/ee4353f6-1977-47b4-a521-60a26986b361/authentication-error-has-occurred-code-0x80004005

    Tuesday, December 30, 2014 6:46 PM
  • The user is in the Remote desktop group... It works fine using IP, just not DNS name.

    Devon

    Tuesday, December 30, 2014 7:55 PM
  • Hi,

    Thanks for your comment.

    Think that you are connecting from a machine in the same network and both are Windows. When you are pinging with server name (abc) what IP you are getting, is it same server IP?
    Does it give a different computer name? 

    If so then your DNS server is not updated with resource records of Server (abc). From abc, try ipconfig /registerdns. It will take few minutes to register that computers resource records with DNS.

    Also suggest you to try access machine with FQDN if you have not tried it yet. Sometime it happens trying just giving computer name will not connect, but giving the Full-Qualified name will connect.

    If the above fails, try using nslookup for abc and compare the IPs you get. If these are different, then your DNS is definitely not updated. Then try to proper registering with DNS. 

    The name resolution problem might be in your Hosts file and LMHOSTS file, which looks for addresses sequentially from the top down. If more than one address is listed for the same host name, TCP/IP returns the first value it encounters, whether that value is accurate or not.
    You can find the Host file and LMHOSTS file in \% SystemRoot %\System32\Drivers\Etc. Note that this file does not exist by default; a sample file named hosts & LMHOSTS.SAM exists. Please rename the original file before you change anything and then used changed file.

    Apart if still facing issue after checking above steps, you can capture network related logs with NetMon (Network Monitir) and see the RDP port with destination address that what’s the error cause this to happen.

    Hope it helps!

    Thanks.

    Dharmesh Solanki

    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, January 2, 2015 3:01 AM
    Moderator
  • Hi,

    Dharmesh Solanki provided very good explanation on the potential DNS issue with the server you reported, you may like to check the name resolution to start with, use basic tools like ping with FQDN, nslookup check the dns zone entries make sure they are not static etc, keep us posted what you found out with the tests above.


    Inderjit

    Friday, January 2, 2015 10:36 AM
  • Thank you Dharmesh for your information..

    DNS is working just fine, all of my other servers are working as well... Its just Windows 2012 servers that are having this issue. The FQDN name also resulted in the same error.

    Keep in mind, I have a mixed AD environment, Domain Level 2003. I do not have a Windows 2012 server, only 2003 and 2008. I have however, upgraded the schema to 2012. I think this might be a certificate issue.

    Monday, January 5, 2015 7:06 PM
  • Any other ideas?

    Devon

    Friday, January 9, 2015 9:02 PM
  • Hi Devon,

    Still suggest you to check below steps for further troubleshooting.
    - Ensure that at least one correct DNS record is registered on each domain controller. 
    - To ensure that a correct DNS record is registered on each domain controller, find this server's Active Directory replication partners that run DNS. 
    - Open DNSManager and connect in turn to each of these replication partners. 
    - Find the host (A) resource record registration for this server on each of the other replication partner domain controllers. 
    - Delete those host (A) records that do not have IP addresses corresponding to any of this server's IP addresses. 
    - If a domain controller has no host (A) records for this server, add at least one that corresponds to an IP address on this server. (If there are multiple IP addresses for this server, add at least one that is on the same network as the domain controller you are updating.)  

    Name resolution may also fail with the RPC Server is unavailable error if NetBIOS over TCP/IP is disabled on the WINS tab in the advanced section of the TCP/IP properties. The NetBIOS over TCP/IP setting should be either enabled or default (use DHCP).   

    More troubleshooting steps you can find over here.
    Windows Server Troubleshooting: "The RPC server is unavailable"

    In addition, as you have commented verify your certificate is correct and matching the server name properly which can resolve the name form internal external environment.

    Hope it helps!

    Thanks.

    Dharmesh Solanki

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, January 12, 2015 1:40 AM
    Moderator
  • Hi Devon,

    the DNS name you use, is it the FQDN of your 2012 server or an alias ?

    Saturday, April 4, 2015 2:12 PM
  • I've been getting this error, but looking at the Event Log showed: 

    Log Name:      System
    Source:        Microsoft-Windows-Security-Kerberos
    Date:          9/21/2017 1:34:25 PM
    Event ID:      9
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      ZFS-ADMIN.xxx.xxxxx.xxx
    Description:
    The client has failed to validate the domain controller certificate for DC1.xxx.xxxxx.xxx. The following error was returned from the certificate validation process: The revocation function was unable to check revocation because the revocation server was offline.
    .
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" />
        <EventID Qualifiers="49152">9</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2017-09-21T20:34:25.000000000Z" />
        <EventRecordID>63537</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>ZFS-ADMIN.xxx.xxxxx.xxx</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="Name">The revocation function was unable to check revocation because the revocation server was offline.
    </Data>
        <Data Name="Message">DC1.xxx.xxxxx.xxx</Data>
        <Binary>30820514308203FCA003020102020301465B300D06092A864886F70D01010B0500305D310B300906035504061302555331183016060355040A130F552E532E20476F7665726E6D656E74310C300A060355040B1303446F44310C300A060355040B1303504B49311830160603550403130F444F442049442053572043412D3338301E170D3137303230363137303430305A170D3230303230373137303430305A3077310B300906035504061302555331183016060355040A130F552E532E20476F7665726E6D656E74310C300A060355040B1303446F44310C300A060355040B1303504B49310C300A060355040B130355534E312430220603550403131B53414E322E7061632E61642E7370617761722E6E6176792E6D696C30820122300D06092A864886F70D01010105000382010F003082010A0282010100CBBAFA823D66AAC02906F715843309F958B4F13C857604BD7289385DA6EB72142CDC97714D6B3CC2A81D7FC4A97A04808ABFB58F786D93A58CD4FC6ECFA9304FDE39AACA6E458C39504301AFE80625CACE2A58AB8BCE33A64B2C6740AE715A104F8E057228A00EE30F9858B71FA8D2E8120FFA6150C253E081DBA8C6B5A09A6C81D5DA6EF9043EB2BB500599EDA309E67E85E4030FF045B06FBD69C6EACB94D072BFA392A1294F9BBE949CCFE2BD9A55C58EE908BA1B533BAEA66E31FAEE392C4C2C4EEBF1F4BDB401D4C774CBAFFFD2110EBF76A1326E39A5EC33C28A3B6C2DFBAE5301D668C43BF094BB401D0B12706823108BA209B0A3230291373DE271EB0203010001A38201C1308201BD301F0603551D230418301680148EC5B9CCFCCE8E53B42ACEE8112ACF9B296C67CA301D0603551D0E04160414ABCAD53D262A4EEE0650D0490919A5BB7FD72799306706082B06010505070101045B3059303506082B060105050730028629687474703A2F2F63726C2E646973612E6D696C2F7369676E2F444F444944535743415F33382E636572302006082B060105050730018614687474703A2F2F6F6373702E646973612E6D696C300E0603551D0F0101FF0404030205A030350603551D250101FF042B302906082B0601050507030206082B0601050507030106072B060105020305060A2B06010401823714020230470603551D110440303E821B53414E322E7061632E61642E7370617761722E6E6176792E6D696CA01F06092B0601040182371901A01204105276565A029C4F5F9DBC717A04FCE559302F06092B060104018237140204221E200044006F006D00610069006E0043006F006E00740072006F006C006C0065007230390603551D1F04323030302EA02CA02A8628687474703A2F2F63726C2E646973612E6D696C2F63726C2F444F444944535743415F33382E63726C30160603551D20040F300D300B0609608648016502010B27300D06092A864886F70D01010B050003820101009BFD5B2FB49A00A2637A6AB9074E8593963CEC8C18923866B7051341708279FCB2A5B555DF644943A617CBF85D6EE3A9534BD0435B30E9E4CEDE28C4F35413056058713D78FD5126524F5E85F35DB39D437217516B5474B63448A0AB1A7A70BAC8DBFDFEFD69743418C12C4204B4636D4AFA912354053B919067F65BBF25378A4F9B7FB999D689DF1E63FA3982307903F622E7C331782DB1E9250F35284A790F2BD3196D39D715078923C547AC6EEA4982FD97BE6302AA63898B4988F1F20F2943F3028E1ECB8BF2DD43EDA3D645DE6F8B7B064238D427B41A4BED04BAB5852B56EDDB814C3EB13D52B0F3D012677048CEB41AAEB0E2AC699132A74F1CEB8361</Binary>
      </EventData>
    </Event>

    So in my case, it's not a DNS issue, there is a problem with certificate revocation checking between the network that hosts the machine I'm trying to RDP to and the network that hosts the domain controller / server that is performing revocation checking. We are using Smart Card authentication. Logging in using user name and password works fie. 

    I haven't fixed this yet, but it might point you in the right direction, if your problem is the same as mine. 

    Just something else to check.

    Thursday, September 21, 2017 9:04 PM
  • The Fix for this issue is below, 

    Start > Admin Tools > remote Desktop Services > Remote Desktop Session Host Configuration > click on Session Host Configuration: < Server Name > > in the middle under "Connections" right click on "RDP-Tcp Microsoft RDP 7.1" > Under the "General Tab" change the "Security Layer" to "RDP Security Layer > Apply > ok > now you will be able to RDP

    Once I did the above fix I got the below error, this is just informational. 
    ---------------------------
    Terminal Services Configuration
    ---------------------------
    Configuration changes have been made to the system registry; however, the user session now active on the RDP-Tcp connection will not be changed.
    ---------------------------
    OK   
    ---------------------------

    Explanation:
    Terminal Services is designed to maintain user access even though a connection has been changed. All users must log off of the connection before the changes take complete effect.

    Once done I was able to RDP to the server again like normal.
    Thursday, July 26, 2018 9:21 PM
  • Although a lot of people treated this as a DNS issue, they neglected this: NTLM will work with IP address but Kerberos will only work with the hostname. That should provide some clue that the issue is related to Kerberos. Indeed, the event log you found did show that this was a Kerberos specific issue.
    Wednesday, March 20, 2019 6:03 PM
  • Exactly the problem we're having. Had already narrowed it down to an issue with Kerberos, but not sure how to resolve it. It's affecting numerous machines ranging from all Windows OS's (Win 10, Server 2008, 2012, 2016). Has anybody found a cause or resolution for this issue?
    Monday, June 24, 2019 4:38 PM
  • I am having this same issue.  Windows 2019 Remote Desktop Services.  Work fine from some locations but not from others.

    Monday, July 1, 2019 5:37 PM
  • Actually today it just started working for a period of time on one of pcs that it was not working on.  However after reboot it went back to prompting on authentication to internal resource after successful rd gateway authentication.  I am using Duo for two factor as well.

    I am behind sonicwalls.  It seems like I have good luck from other computers not behind Sonicwalls.


    • Edited by 2010 Tuesday, July 2, 2019 1:12 AM
    Tuesday, July 2, 2019 1:11 AM
  • On my issue there are no firewalls between me and the servers I'm trying to RDP to. But we're also having the same intermittent issues. Some days I don't have the issue and some other users will. On other days they don't have the issue but I do. 
    Tuesday, July 2, 2019 4:09 PM
  • I found some articles related to creating an SPN for public facing name to resolve kerberos issues.  I have not tried yet but am researching.

    If anyone knows something about this feel free to chime in.

    Wednesday, July 3, 2019 12:35 AM
  • It seems like it may be related to Kerberos.  Not sure why some locations authenticate differently then others however I did get this error when trying to authenticate to Gateway and Session Host(Same Server).

    Event ID 100

    Security-Kerberos

    The service principal name (SPN) TERMSRV/remote.domain.com@localdomain.local is not registered , whcich caused authentication to fail: 0x7. Use setspn command-line tool to register the SPN.

    I do not know how to do this and also how to reverse it if I need to.

    Wednesday, July 3, 2019 1:57 PM