networkingremote desktopwindows 7
I enabled Remote Desktop Connection, forwarded the ports, the services are running, but I can't connect.
On the 'host' computer, running the client program for IP address 127.0.0.1 is successful. I enter my admin username and password, and I log in successfully.
On the actual computer I want to act like a client, connecting to my host's public IP address gives me a logon prompt. I enter the same username and password, but I get "The logon attempt failed".
How do I fix this?
i found the solution. It was at the same time both subtle, and obvious.
As mentioned in the question, when i was modifying the following Remote Desktop Connection Client Group Policy settings:
i was checking them on the server:
i thought it would be the server that dictates what the client is allowed to do. Turns out that is completely wrong. It was @mpy's answer (while incorrect), which led me to the solution. i shouldn't be looking at the RDP client policy on the RDP server, i need to look at the RDP client policy on my RDP client machine:
On my client Windows 7 machine, the policy was:
i do not know when these options were enabled (i did not enable them in recent memory). The confusing part is that even though
Do not allow passwords to be saved
is Enabled, the RDP client would still save password; but only for servers below Windows Server 2008.
The truth table of functioning:
Do not allow saved Prompt for creds Works for 2008+ servers Works for 2003 R2- servers
================== ================ ======================= ==========================
Enabled Enabled No Yes
Enabled Not Configured No No
Not Configured Enabled Yes Yes
Not Configured Not Configured Yes Yes
So there is the trick. The group policy settings under:
Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Remote Desktop Connection Client
on the client machine need to be configured with:
The other source of confusion is that while
Which again leads to a truth table:
Domain Policy Local Policy Effective Policy
============== ============== ==============================
Not Configured Not Configured Not configured (i.e. disabled)
Not Configured Disabled Disabled
Not Configured Enabled Enabled
Disabled Not Configured Disabled
Disabled Disabled Disabled
Disabled Enabled Disabled (client wins)
Enabled Not Configured Enabled
Enabled Disabled Enabled (domain wins)
Enabled Enabled Enabled
In order for the described scenario to work, the Guest machine must listen for remote desktop connections on a different port than the host does, unless you use bridged networking. To set the RDP server to listen to 3390, set the following registery key to "3390":
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
Then restart the Remote Desktop service, or reboot the machine.
Best Answer
When you enter the login info, you need to enter the domain or machine the account is registered on. So if your remote host is "foo" and your client is "bar" and both have "administrator" accounts with different passwords, then specify "foo\administrator" (and then its PW) on the client connect side. The syntax is "<machine name> <back slash> <user name>".