Internal Windows AD domain test environment which has Windows Server 2019 domain hosts (including one domain controller) running and providing RDP for clients to connect.
The network connection between the Windows RDP server and clients use VPN.
Using Windows 10 clients (which are under the management of another AD domain) to connect the test environment hosts using RDP to do works.
Everything was fine until a dozen of GPO settings applied to the domain controller of this test environment that caused my Windows 10 computers (which are under the management of another AD domain) failed to logon any of the hosts of the test environment via RDP.
note that:
- the test environment domain account name and password never change, and the key-in is correct while trying to logon.
- the test environment's domain administrator account is affected too, which the RDP logon failed.
- the RDP connections have response (indicating network is OK) using the original Windows 10 computers to connect RDP but the logon always fail.
The strange thing is, no matter how I try with the same domain account credential of this test environment:
- when using brand new Windows computers or even using smartphone to connect the RDP, the logon succeed.
- only when using original Windows 10 clients (which are under the management of a different AD domain) the RDP logon failed and the target test environment hosts showed event ID 4625.
- regardless of which way I try logon the RDP, there's always event ID 4673 and 4674 appear on the target test environment hosts.
A clue I have to troubleshoot the GPO settings that has been applied (before the issue happened) to the domain controller of the test environment.
I speculate there may be inconsistent privileges between the original Windows 10 clients and RDP servers.
Does anyone know which GPO setting may be the root cause of the failed RDP logon when using correct username and password?
