Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, March 21, 2013 2:37 PM
I am unable for some reason to remote into a machine that I've been able to before. This occurred after it installed automatic updates. At the moment I can connect to services and the event log from another machine with the same credentials, but I can't log onto the machine itself. Is there any way to reset this info or such. This machine is a part of a domain and can read credentials from the domain controller. I also do know that remote desktop is enabled.
The following error occurs in the even log on the affected machine.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2013-03-21 10:28:23 AM
Event ID: 5061
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: ****
Description:
Cryptographic operation.
Subject:
Security ID: SYSTEM
Account Name: ****$
Account Domain: *******
Logon ID: 0x3e7
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: TSSecKeySet1
Key Type: Machine key.
Cryptographic Operation:
Operation: Decrypt.
Return Code: 0xc000000d
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5061</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2013-03-21T14:28:23.339874500Z" />
<EventRecordID>937125</EventRecordID>
<Correlation />
<Execution ProcessID="500" ThreadID="548" />
<Channel>Security</Channel>
<Computer>**********</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">*******$</Data>
<Data Name="SubjectDomainName">********</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">RSA</Data>
<Data Name="KeyName">TSSecKeySet1</Data>
<Data Name="KeyType">%%2499</Data>
<Data Name="Operation">%%2484</Data>
<Data Name="ReturnCode">0xc000000d</Data>
</EventData>
</Event>
All replies (7)
Friday, March 22, 2013 6:42 AM âś…Answered
Hi,
The following methods could be used to resolve some of the most common problems.
Potential issues that may be seen:
1.) Remote Desktop endpoint is missing
Each virtual machine that is created should have a remote desktop endpoint for the VM at port 3389. If this endpoint is deleted then a new endpoint must be created. The public port can be any available port number. The private port (the port on the VM) must be 3389.
2.) RDP fails with error: "The specified user name does not exist. Verify the username and try logging in again. If the problem continues, contact your system administrator or technical support."
RDP connection may fail when there are cached credentials. Please see the following article to resolve this problem: http://www.c-sharpcorner.com/uploadfile/ae35ca/windows-azure-fixing-reconnect-remote-desktop-error-the-specified-user-name-does-not-exist-verif/
3.) Failure to connect to uploaded VHD
When a VHD is uploaded to Windows Azure you must make sure that Remote Desktop is enabled on the VHD and an apporopriate firewall rule is enabled on the VM to open port 3389 (Remote Desktop port).
Hope this helps!
Regards.
Vivian Wang
TechNet Community Support
Wednesday, March 27, 2013 11:17 AM
I've already done and verrified the above. Att the settings are correct. Still no connection.
Wednesday, May 15, 2013 3:17 PM
I've already done and verrified the above. Att the settings are correct. Still no connection.
I'm having the exact same error with a WES7 HP 5740e Thin Client in our network. Could use help with this one. We have our firewalls disabled for this test.
Wednesday, May 15, 2013 5:25 PM
A Middles and JWeinberg,
Was the RDS role installed on the problem VM (the one you can't RDP into)?
Can you verify the RDP endpoint port is reachable and listening with Psping?
So look at the Configure tab of the VM in the portal to verify the public port of the RemoteDesktop endpoint (because by default it will be randomly assigned, not 3389). And you can test with both the DNS name and external IP (VIP) both which show up under Quick Glance on the VM's dashboard.
psping 168.62.167.168:59464
Can you resize the VM, which will generally end up moving it to a different host server? On the VM's Configure tab in the portal, change Virtual Machine Size up or down, then after it restarts try connecting again.
Thanks,
Craig
Wednesday, May 15, 2013 5:53 PM
Craig:
I probably shouldn't have posted here. I'm not using any VM's for this or in an Azure environment.
All settings looks right for RDP on the client that I'm trying to control.
Everything pings fine with PSping.
I was led here due to the exact match for the error codes and content of the event pasted by A Middles.
Tuesday, February 24, 2015 3:59 PM
I faced similar problem. The same log entry in Security Log is only source of information. It looks like Remote Desktop Services' private key was corrupted.
In my case, deleting all values inside HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations (make backup before screwing with registry) and restarting Remote Desktop Services helped.
Tuesday, May 31, 2016 1:32 PM
No RDP, but all other tests ran OK (telnet to RDP port was OK for example) but crypto error in event logs and "certutil -key" giving error indicated a certificate issue. Deleting reg keys and restarting service fixed it for me too. Thanks.