I would suggest ensuring that the internet on both ends have sufficient speed. Double check the vpn connection and if everything is looking good on that front. Ensure that ms remote desktop connection version 1.2.2130 is installed on both machines.
The relevant status code was 0x2740. For more information, see Help and Support Center at. To resolve the problem, make sure that the correct network adapter is bound to RDP-TCP connection. To do it, follow these steps: On the server, sign in to the server locally (not using Remote Desktop/Terminal Client). The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
-->This article provides a solution to an error that occurs when you try to connect to the Terminal service running on one of the affected products.
Applies to: Windows Server 2003
Original KB number: 555382
Symptoms
When you try to connect to the Terminal service running on one of the affected products, you receive the following error message:
Remote Desktop Disconnected
The client could not connect to the remote computer.
Remote connections might not be enabled or the computer might be too busy to accept new connections.
It is also possible that network problems are preventing your connection.
Please try connecting again later. If the problem continues to occur, contact your administrator.
OK Help
Additionally, when you view System Event log on the affected server you see the following event:
Resolution
To resolve the problem, make sure that the correct network adapter is bound to RDP-TCP connection. To do it, follow these steps:
Microsoft Remote Desktop Error Code 0x300005f
- On the server, sign in to the server locally (not using Remote Desktop/Terminal Client).
- Select Start, Run, type tscc.msc /s (without quotation marks and select OK).
- In the Terminal Services Configuration snap-in, double-click Connections, then RDP-Tcp in the right pane.
- Select the Network Adapter tab, select the correct network adapter, and select OK.
- Make sure that you can establish an RDP connection to the server.
Alternative resolution steps.Use these steps only if you can't do local sign-in to the affected server.
Warning
Using Registry Editor incorrectly may cause serious problems that may require you to reinstall your operating system. Use Registry Editor at your own risk and only after making backup of full Registry and the keys you are going to change.
Start Registry Editor (Regedt32.exe).
Select FileConnect network Registry. Enter computer name or IP address and select OK. Firewalls between your computer and the affected server may prevent successful connection. Remote Registry service should be running on the server.
Navigate to the following registry key (path may wrap):
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}
Under this key are one or more keys for the globally unique identifiers (GUIDs) corresponding to the installed LAN connections. Each of these GUID keys has a Connection subkey. Open each of theGUIDConnection keys and look for the Name value. Choose the connection you want Terminal Services to use.
When you have found the GUIDConnection key that contains the Name setting that matches the name of your LAN connection, write down or otherwise note the GUID value.
Then navigate to the following key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Serverlanatable
. Using the GUID you noted in step 5 select subkey. It's LanaId.Navigate to the following value:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-TcpLanAdapter
.
Change it's data to the value you noted in step 6. If you want RDP to listen on all LAN adapters enter value of 0.
Community Solutions Content Disclaimer
Microsoft corporation and/or its respective suppliers make no representations about the suitability, reliability, or accuracy of the information and related graphics contained herein. All such information and related graphics are provided 'as is' without warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information and related graphics, including all implied warranties and conditions of merchantability, fitness for a particular purpose, workmanlike effort, title and non-infringement. You specifically agree that in no event shall Microsoft and/or its suppliers be liable for any direct, indirect, punitive, incidental, special, consequential damages or any damages whatsoever including, without limitation, damages for loss of use, data or profits, arising out of or in any way connected with the use of or inability to use the information and related graphics contained herein, whether based on contract, tort, negligence, strict liability or otherwise, even if Microsoft or any of its suppliers has been advised of the possibility of damages.
-->This article provides a solution to an error that occurs when Domain Controller does not allow interactive logon.
Applies to: Windows Server 2012 R2, Windows 10 - all editions
Original KB number: 2015518
Symptoms
After rebooting, a Windows Server 2012 R2 DC cannot be logged on to anymore. You see this with both a console logon or terminal services/remote desktop. The error shown is:
Microsoft Remote Desktop Error Code 0x516
The security database on the server does not have a computer account for this workstation trust relationship
If you restart the computer in Directory Services Restore Mode (DSRM) and examine the System event log, you see:
Log Name: System
Source: NETLOGON
Date: <DateTime>
Event ID: 5721
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: <ComputerName>
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller 2008r2spn-01.northwindtraders.com
for the domain NWTRADERS failed because the Domain Controller did not have an account 2008R2SPN-02$ needed to set up the session by this computer 2008R2SPN-02.
ADDITIONAL DATA
If this computer is a member of or a Domain Controller in the specified domain, the aforementioned account is a computer account for this computer in the specified domain. Otherwise, the account is an interdomain trust account with the specified domain.
And
Log Name: System
Source: Microsoft-Windows-Security-Kerberos
Date: <DateTime>
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: <ComputerName>
Description:
A Kerberos Error Message was received:
on logon session
Client Time:Server Time: 18:35:19.0000 1/27/2010 ZError Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWNExtended Error: 0xc0000035 KLIN(0)Client Realm:Client Name:Server Realm: NORTHWINDTRADERS.COM
Server Name: host/2008r2spn-02.northwindtraders.comTarget Name: host/2008r2spn-02.northwindtraders.com@NORTHWINDTRADERS.COMError Text:File: 9Line: efbError Data is in record data.
At every attempted logon, the Security event log will show:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: <DateTime>
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: <ComputerName>
Description:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: 2008SPN-02$
Account Domain: ADATUM
Logon ID: 0x3e7
Logon Type: 2
Microsoft Remote Desktop Error Code 0x204
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Administrator
Account Domain: ADATUM
Failure Information:
Failure Reason: An Error occurred during Logon.
Status: 0xc000018b
Sub Status: 0x0
Process Information:
Caller Process ID: 0x214
Caller Process Name: C:WindowsSystem32winlogon.exe
Network Information:
Workstation Name: 2008SPN-02
Source Network Address: 127.0.0.1
Source Port: 0
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
You may also see a KDC 11 error for a duplicate SPN in the System event log:
Log Name: System
Source: Microsoft-Windows-Kerberos-Key-Distribution-Center
Date: <DateTime>
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: <ComputerName>
Description:
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is host/2008spn-02.adatum.com (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occurring remove the duplicate entries for host/2008spn-02.adatum.com in Active Directory.
Cause
The DCs Service Principle Name (SPN) has been duplicated and now exists as an attribute on both the DC as well as some other user or computer.
Resolution
Locate the duplicate SPN and remove it. This value can be found with SETSPN.EXE or LDIFDE.EXE. In this example, the duplicate name is 2008r2spn-02.
setspn.exe -x
setspn.exe -q 2008r2spn-02*
ldifde.exe -f spn.txt -d -l serviceprincipalname -r '(serviceprincipalname=*2008r2spn-02*)' -p subtree
More information
This behavior differs from Windows Server 2003 or Windows 2000. Those operating systems don't get the same errors and can still be logged into with duplicate DC SPNs. Starting in Windows Vista, failback to NTLM is disallowed with interactive logons - this is a security feature to prevent an attacker from somehow damaging Kerberos, thereby forcing a less secure protocol to be used.
In order to update an SPN on a user or computer, a user must be a member of Administrators, Domain Admins, Enterprise Admins, or have been granted permissions to modify the servicePrincipalName attribute on a user or computer. No standard user can modify SPN's - not even on themselves or computers they added to the domain. Only high privilege users can create this outage scenario.