The article https://learn.microsoft.com/en-us/windows/client-management/connect-to-remote-aadj-pc shows how to connect to an AAD joined PC from another AAD joined PC. I have followed these instructions.
The LENOVO Thinkcenter Edge machines are both brand new installs of Windows 10 updated to 10.0.19042.928 and registered to AAD with the same user. For testing, both PC are on the same network and have 10.6.2.xx IP's. Wireshark shows that the PC's can connect to each other. Remote Credential Guard has not been enabled. The standard "can't connect" error shows. Remote users now connected to Azure AD cannot work remotely. Can anyone advise?
sysdm.cpl
Remote Desktop
Enable Remote Desktop
Connecting
Failed
To make it working from any, even not AzureAD joint PC, just add
enablecredsspsupport:i:0
authentication level:i:2
at the end of RDP file. You may use any text editor to do it.
Credits to:
https://community.spiceworks.com/topic/2129388-remote-desktop-to-azuread-machine-not-working
To use remote desktop to an AzureAD connected PC, you need to change the Network Profile to Private for the network connection that you are using. This isn't documented and no error shows when you try to turn on Remote Desktop if Public is selected.
I was unable to get NLA working so followed this post to disable it..
Disable NLA
Related
i have active directory, both sql server db01 and db02 are joined in domain and setup default all.
i'm trying to connect another sql server instance db02 from db01 sql server
file->connect
Server Type: Database Engine
Server Name (i tried IP address or FQDN but it's still not working)
Authentication: Windows Authentication
Domain\Administrator
When i click connect button it says
enter image description here
i also tried enabling the sa account and setting password, can't also connect
i tried firewall off on both db01 and 02, still the same issue.
all services for sql is running, and network tcp and pipename are enabled.
remote connection is set to enable/allow
did i miss anything?
I think the error message tells you correctly that the problem is around authentication.
Either you are using a non-Windows application to connect to the the SQL server instances OR you are logged with your normal account BUT you are trying to authenticate as Domain\Administrator. Windows authentication will mostly not let you do that.
A problem with some non-Windows tools is that they let you try to connect using Windows Authentication and typing in a username, but it will never work. Instead, to use windows authentication you have to login to Windows as Domain\Administrator OR run your Application as Domain\Administrator, using e.g. right-click 'Run as other user'
To connect from a non-Windows platform using windows authentication depends entirely on your application and driver having correctly implemented it.
I want connect to a remote computer (windows server 2012 data center) using team-viewer but remote desktop connection should be opened and connected when I want use my team-viewer for connecting to server team-viewer. if not, team viewer in my computer returns this error:
After reconnecting to remote using windows remote desktop connection, I can see the screen again without this error. What should I do to connect team-viewer directly to server without active remote desktop connection?
You also could change some settings so that the user is allowed to stay actively logged in (as was the case in previous windows server versions).
The topic below describes a case where idle users were logged out, it was suggested to disable windows settings so that the user session would remain logged in.
https://superuser.com/questions/558920/disable-windows-server-2012-automatic-log-off
This happens because of the following reasons.
If you RDP (and then you minimize the RDP session, or let go of it)
Log out of the user that has the Teamviewer open
Let the PC idle out.
Solution to override this issue.
INSTALL TEAMVIEWER AS A SERVICE - Turn off your quick-run/quick-support of teamviewer and go to www.teamviewer.com and install the program to launch on boot (that will install it as a service), you will see the option for that during installation. Then that error will never turn up, even if your RDPs. If its already installed, here are the instructions on how to make it run as a service.
I'm facing a huge issue, I cannot work in our AD anymore, because windows cannot find the dsa.msc file.
Usually, I run Active Directory Users and Computers as my admin account. When entering credentials, I have the following:
If I connect my self from an other computer, this is working fine and I can deal with users & groups.
I've change my password, reinstall all that is related to AD managment, but I can't even imagine restaging my machine. I've deleted temp files also.
This is clearly not a account issue. Even my server team could not help.
From which computer are you trying to do this?
Is this a client computer or a server? Generally you cannot open dsa.msc from a client computer if the Remote Server Administration Tools are not installed on it.
Is this a Domain Controller?
I am running Server 2003 and client as Windows 7. I am trying to log-in to a website ( openjet.damanhealth.ae ). If my PC is running as Workgroup, I can log-in to the website and everything works normal. But when I join domain, the same website doesn't allow me to log-in and the error message appears as "User credentials are invalid". It looks like the website is failed in some authentication process. Even after dis-joining the same PC from domain, back to Workgroup, I am still unable to log-in.
Do I need to make some settings in the Group Policies? Right now I am running the Server with all default policies. No extra settings done in GP. What can be the changes Server has made in the client PC to stop working?
I'm trying to configure Team Foundation Reporting but without any success.
The App Tier and the Data Tier are in separate servers.
I guess it's not a port/firewall problem, because I opened port 135, and I can see the established connection by using TCPView (from Sysinternals) whenever I click "Populate URLs" in the Reports tab in TFS Administration Console. I can also telnet servername 135 without any problems.
I also checked if WMI service is started in the Data-Tier. And for SQL Server Reporting Services. Also checked for RPC and RPC Locator in both servers. They're all started and automatic.
I also set tfs app user as admin in sql reporting services. Added all kinds of permissions to the tfs user in the Data-Tier server.
I set all user permissions in dcomcnfg.
Allowed all WMI namespaces permissions to the user. (Computer Management -> WMI Control)
Deactivated Windows Firewall in both servers temporarily.
No luck.
However, in the app-tier, when I click Computer Management -> Connect to another computer, and type the data-tier IP, i can't connect. I get the message "Computer xxx cannot be managed. The network path was not found". How is that ? Tried IP, name, and FQDN. I also tried browsing and selecting the computer. Nothing changed.
I'm lost, what could possibly be happening ?
Thanks in Advance!
i'm betting that you're having the double-hop issue. try having your system admin set an spn for the website on the sql server.
you also need the AD permission 'trust for delegation' on the AD Service Account, right?
do that and SetSpn with the service account, that should help I think that the SPN option was spot on
See this answer:
IIS to SQL Server kerberos auth issues
which links to an old but user-friendly troubleshooting web app called DelegConfig. It can try to run the SetSpn commands for you, at least giving you an idea of what they need to be.
I ran into SPN issues when using an externally-accessible URL (+SSL) everywhere.