none
RDS 2012 (An Authentication error has occurred 0x607) - WINDOWS 8 ONLY RRS feed

  • Question

  • Hi - please help. I've read many posts relating to this error, but none have fixed my issue.

    We have an RDS 2012 setup.  2 Servers.  Both session hosts.  only 1 is the broker.  Cert from official CA.

    My authentication is set to ONLY allow devices with Network Level Authority.  I don't want to remove this.

    Windows XP and Windows 7 can connect both internally, and externally via the RDWeb address perfectly fine, but all Win8 machines get the error "An authentication error has occurred. Code 0x607.

    Can anyone please advise why?

    Many thanks

    Tuesday, April 14, 2015 4:14 PM

All replies

  • I checked the event logs, and these are the entries:

    "The user domain\test on client computer x.x.x.x met resource authorisation policy requirements and was therefore authorised to connect to resource my.domain.com."

    "The user domain\test on client computer x.x.x.x connected to resource my.domain.com.  Connection protocol used is http."

    "Listener RDP-TCP received a connection"

    "The user domain\test on client computer x.x.x.x disconnected form the following network resource: my.domain.com. Before the user disconnected, the client transferred......    Connection duration was 3 seconds.  Connection protocol used: http."

    Why did it immediately disconnect???

    Tuesday, April 14, 2015 4:42 PM
  • Also - it works fine from those Win8 machines if I try logging into RDS with a Domain Admin account..

    Permissions?

    Wednesday, April 15, 2015 12:31 PM
  • Hi,

    I have seen other similar cases got resolved by setting the encryption level to low and security layer to Negotiate.

    Here is a thread below:

    An authentication error has occured (Code: 0x607)

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/94780a11-23ba-4a3c-b11a-734007c2d2fd/an-authentication-error-has-occured-code-0x607?forum=winserverTS

    If it is not an option for you, I suggest you check whether the SSL certificate used by RDWeb access is trusted by the Windows 8 clients. There should be a corresponding root CA certificate installed in the Trusted Certification Authorities store.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 16, 2015 7:41 AM
    Moderator
  • Hi Amy, thanks for the reply.  Ideally, I don't want to drop the encryption level.  If push comes to shove, then I will consider it.

    I checked my Win8 devices and they all have the cert "GlobalSign Root CA" (the issuer of our cert) in the trusted root store.   

    Thanks

    Friday, April 17, 2015 8:39 AM
  • bump..

    any help please...

    Wednesday, April 29, 2015 4:16 PM
  • Hi,

    Sorry that I have no more idea. You may get insights from other forum community members.

    I would suggest you contact Microsoft Customer Support and Services where more in depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.

    You may find phone number for your region accordingly from the link below:

    Global Customer Service phone numbers

    https://support.microsoft.com/en-us/gp/customer-service-phone-numbers/en-au

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 30, 2015 2:30 AM
    Moderator
  • Hi,

    On your broker server, please open an administrator PowerShell prompt and run the following commands:

     
    Import-Module RemoteDesktop
    Set-RDSessionCollectionConfiguration -CollectionName "YourCollectionName" -CustomRdpProperty "use redirection server name:i:0"
     


    Please note that all RDSH servers must have their RDP-Tcp listener configured to use the certificate via WMI and the certificate and its private key needs to be in the local computer\Personal store on each.  I believe you have already done this to support your XP clients.

    If the above does not work you may revert back to default by running the following commands in an administrator PowerShell prompt:

     
    Import-Module RemoteDesktop
    Set-RDSessionCollectionConfiguration -CollectionName "YourCollectionName" -CustomRdpProperty " "
     

    Note there is a space between the quotes above.

    Thanks.

    -TP

    Sunday, June 14, 2015 4:07 PM
    Moderator