Question Unusual RDP issue

[davewolfgang]

I have a very unusual RDP issue for a couple users:

Win 10 Pro workstation RDP into servers:
Server 1 - 2012r2 - OK
Server 2 - 2019 - OK
Server 3 - 2022 - OK
Server 4 - 2022 -OK

Upgraded to Win 11 Pro workstation
Server 1- OK
Server 2- OK
Server 3 - OK
Server 4 - error 0x4

Have checked security, ports, any every other setting I can think of, but the RDP into the one 2022 server won't connect (and with ANY ID, not just that users). User ID still works from another Win 10 machine into that server. At first I though it was just a single workstation, but then a 2nd and 3rd users is having the same issue - so there is some setting on the 2022 server that won't let a Win 11 PC RDP into it - and again, have checked ALL the other RDP settings and the user can still remote in from a Win 10 machine.

 

[Ralston18]

Deeper dive needed.

I suggest using Powershell to discover some difference(s) between Servers 1,2, and 3 (OK) and Server 4 (error).

Start here:

https://learn.microsoft.com/en-us/p...ondesktopassignment?view=windowsserver2016-ps

Then revise the search to filter down to other options and paths more specific to the current environment and problem.

Just use Get cmdlets to discover some difference in the servers. There are many RDP related cmdlets.

You know your servers and will probably spot some difference with respect to Server 4 when compared to the other three servers.

 

[davewolfgang]

Deeper dive needed.

I suggest using Powershell to discover some difference(s) between Servers 1,2, and 3 (OK) and Server 4 (error).

Start here:

https://learn.microsoft.com/en-us/p...ondesktopassignment?view=windowsserver2016-ps

Then revise the search to filter down to other options and paths more specific to the current environment and problem.

Just use Get cmdlets to discover some difference in the servers. There are many RDP related cmdlets.

You know your servers and will probably spot some difference with respect to Server 4 when compared to the other three servers.

Thank you for that info, but we don't use "that type" of remote sessions. This is not a remote desktop "server", just a standard Remote Desktop Connection to "log onto" the server and work on it (rather than walking into the server room to work on it with a server admin user ID).

 

[Ralston18]

Interesting.

What other tools are available that you could use to compare the remote session settings of Servers 1,2, and 3 to Server 4? And perhaps the overall configuration settings of the 4 servers.

Or learn more about that 0x4 error even?

Going out of my comfort zone (full disclosure); however, I would be very surprised if there is not some way of getting the necessary information to make the server comparisons.

Especially via Powershell.

What about PSSession cmdlets?

Reference:

https://learn.microsoft.com/en-us/p...et-pssessionconfiguration?view=powershell-7.3

Example 3 perhaps..... ? The other examples may be more relevant - you are a better judge of that.

Get's are a safe way to take a look at things. And it is generally straight-forward, if necessary, to pipe the results into easily compared lists.

Thinking "out loud" now.....

Just try some relevant (as you see things) Get's to compare Server 4 to the other servers.

Reconcile differences as applicable.

 

[pctech2005]

It may possibly the SMB1 is disabled by default. If enable it might resolve the issue.

 

[davewolfgang]

For those following this - what this turned out to be was found from this article from Microsoft:

Cipher needed for RDP

From the article:

Microsoft RDP includes the following features and capabilities:​

Encryption​

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Administrators can choose to encrypt data by using a 56- or 128-bit key.​

For the 2nd 2022 server, it was our Backup and Test IIS server - and as one of the tests, we had disabled a lot of "older" ciphers - the other 2022 server (live) had those enabled. We were only doing this for the website side of the server because until these new Win 11 machines, there wasn't any other issues.

One of the other things we found was that a Windows 11 21H2 would work, and these new PC's had already been updated to 22H2. No where in any documentation for the 22h2 update I could find that this was a change from Windows 10 and from the 21H2 level of Win 11.