Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] MS Remote Desktop issue related to Samba 4 ?
551 views
Skip to first unread message
Andreas Oster
May 13, 2014, 11:00:02 AM5/13/14
to
Hi all,
I am currently struggling with an odd MS Remote Desktop issue which
might be related to our Samba4 AD (version: 4.2.0pre1-GIT-d7c22d5
domain/forest-level 2008_R2) setup.
We are unable to connect to Win7 machines (all available latest patches
installed) via RDP after they have been joined to the domain. We have
made sure, that RDP is enabled and the firewall exceptions are in place.
We actually tried with firewall turned off, also. When trying to connect
with an AD account we get to the welcome screen but not further. The
physical screen of the machine does not get locked. When doing the same,
using a local admin account we can successfully log in via RDP.
Does anybody have an idea what could be the cause of this issue ?
I tested the same at home in my small samba4 domain, without any
modified GPOs, and face the same issue.
Thank you very much for your kind help
best regards
Andreas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I am currently struggling with an odd MS Remote Desktop issue which
might be related to our Samba4 AD (version: 4.2.0pre1-GIT-d7c22d5
domain/forest-level 2008_R2) setup.
We are unable to connect to Win7 machines (all available latest patches
installed) via RDP after they have been joined to the domain. We have
made sure, that RDP is enabled and the firewall exceptions are in place.
We actually tried with firewall turned off, also. When trying to connect
with an AD account we get to the welcome screen but not further. The
physical screen of the machine does not get locked. When doing the same,
using a local admin account we can successfully log in via RDP.
Does anybody have an idea what could be the cause of this issue ?
I tested the same at home in my small samba4 domain, without any
modified GPOs, and face the same issue.
Thank you very much for your kind help
best regards
Andreas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Marc Muehlfeld
May 13, 2014, 11:30:02 AM5/13/14
to
Hello Andreas,
Am 13.05.2014 15:55, schrieb Andreas Oster:
> I am currently struggling with an odd MS Remote Desktop issue which
> might be related to our Samba4 AD (version: 4.2.0pre1-GIT-d7c22d5
> domain/forest-level 2008_R2) setup.
>
> We are unable to connect to Win7 machines (all available latest patches
> installed) via RDP after they have been joined to the domain. We have
> made sure, that RDP is enabled and the firewall exceptions are in place.
> We actually tried with firewall turned off, also. When trying to connect
> with an AD account we get to the welcome screen but not further. The
> physical screen of the machine does not get locked. When doing the same,
> using a local admin account we can successfully log in via RDP.
>
> Does anybody have an idea what could be the cause of this issue ?
>
> I tested the same at home in my small samba4 domain, without any
> modified GPOs, and face the same issue.
My first guess was that, a GPO or a local policy could cause that. But
if you have already checked this, it might something else.
Anything interesting in the Windows Eventlog / Samba Logfiles?
I only can say, that at work I have a Samba 4.1.7 AD, and it's no
problem to RDP to machines joined to the domain with domain accounts.
Regards,
Marc
Am 13.05.2014 15:55, schrieb Andreas Oster:
> I am currently struggling with an odd MS Remote Desktop issue which
> might be related to our Samba4 AD (version: 4.2.0pre1-GIT-d7c22d5
> domain/forest-level 2008_R2) setup.
>
> We are unable to connect to Win7 machines (all available latest patches
> installed) via RDP after they have been joined to the domain. We have
> made sure, that RDP is enabled and the firewall exceptions are in place.
> We actually tried with firewall turned off, also. When trying to connect
> with an AD account we get to the welcome screen but not further. The
> physical screen of the machine does not get locked. When doing the same,
> using a local admin account we can successfully log in via RDP.
>
> Does anybody have an idea what could be the cause of this issue ?
>
> I tested the same at home in my small samba4 domain, without any
> modified GPOs, and face the same issue.
if you have already checked this, it might something else.
Anything interesting in the Windows Eventlog / Samba Logfiles?
I only can say, that at work I have a Samba 4.1.7 AD, and it's no
problem to RDP to machines joined to the domain with domain accounts.
Regards,
Marc
Andreas Oster
May 13, 2014, 11:40:02 AM5/13/14
to
Hi Marc,
I have checked the Logs but could not find any errors but will check again.
Thanks
Best regards
Andreas
I have checked the Logs but could not find any errors but will check again.
Thanks
Best regards
Andreas
Linda W
May 13, 2014, 12:40:02 PM5/13/14
to
Andreas Oster wrote:
> We are unable to connect to Win7 machines (all available latest patches
> installed) via RDP after they have been joined to the domain. We have
> made sure, that RDP is enabled and the firewall exceptions are in place.
> We actually tried with firewall turned off, also. When trying to connect
> with an AD account we get to the welcome screen but not further.
---
> We are unable to connect to Win7 machines (all available latest patches
> installed) via RDP after they have been joined to the domain. We have
> made sure, that RDP is enabled and the firewall exceptions are in place.
> We actually tried with firewall turned off, also. When trying to connect
> with an AD account we get to the welcome screen but not further.
What do you mean by you "get to the "welcome screen but not further"?
The only welcome message I see is when it is in the final stages
(I've been
authenticated) and then it goes on to show me the desktop.
I would think it is checking permissions then. Does it just hang? or
is there any message?
Are you sure the login you are using to RDP is permitted on the client
to login remotely? I.e. if you go to the system properties page
(controlpanel->system, "advanced system settings", then select the 'Remote'
tab -- bottom section shows where you can select which users are allowed.
Might check the event logs on the target system to see if it says
anything about any attempts to login via remote-desktop...
Andy Durant
May 13, 2014, 12:50:03 PM5/13/14
to
Getting stuck on the welcome screen is almost related to a DNS issue
with RDP.
Have you checked and double checked your dns settings?
Andy
with RDP.
Have you checked and double checked your dns settings?
Andy
Andreas Oster
May 13, 2014, 1:40:03 PM5/13/14
to
Am 13/05/14 18:41, schrieb Andy Durant:
Hello Andy,
I have done some packet capturing and have seen that in addition to the
TCP connection on port 3389 to the client there are DNS requests
following. Can you explain what might go wrong DNSwise ? I get the same
result when using the clients IP.
Thanks
best regards
Andreas
I have done some packet capturing and have seen that in addition to the
TCP connection on port 3389 to the client there are DNS requests
following. Can you explain what might go wrong DNSwise ? I get the same
result when using the clients IP.
Thanks
best regards
Andreas
Andreas Oster
May 13, 2014, 1:40:03 PM5/13/14
to
Am 13/05/14 18:38, schrieb Linda W:
in my RDP client I can see the Welcome screen with the clircle spinning
forever. Unfortunately when the client screen was locked before I try to
connect it is afterwards not possible to unlock the desktop anymore and
I have to hard reboot the machine
RDP is enabled and users have been added.
I can however RDP to a machine using a local account without a problem.
I will check the logs again tomorrow.
Thanks
best regards
Andreas
> Andreas Oster wrote:
>> We are unable to connect to Win7 machines (all available latest patches
>> installed) via RDP after they have been joined to the domain. We have
>> made sure, that RDP is enabled and the firewall exceptions are in place.
>> We actually tried with firewall turned off, also. When trying to connect
>> with an AD account we get to the welcome screen but not further.
> ---
> What do you mean by you "get to the "welcome screen but not further"?
>
> The only welcome message I see is when it is in the final stages
> (I've been
> authenticated) and then it goes on to show me the desktop.
>
> I would think it is checking permissions then. Does it just hang? or
> is there any message?
>
> Are you sure the login you are using to RDP is permitted on the client
> to login remotely? I.e. if you go to the system properties page
> (controlpanel->system, "advanced system settings", then select the 'Remote'
> tab -- bottom section shows where you can select which users are allowed.
>
> Might check the event logs on the target system to see if it says
> anything about any attempts to login via remote-desktop...
>
>
>
>
>
>
Hello Linda,
>> We are unable to connect to Win7 machines (all available latest patches
>> installed) via RDP after they have been joined to the domain. We have
>> made sure, that RDP is enabled and the firewall exceptions are in place.
>> We actually tried with firewall turned off, also. When trying to connect
>> with an AD account we get to the welcome screen but not further.
> ---
> What do you mean by you "get to the "welcome screen but not further"?
>
> The only welcome message I see is when it is in the final stages
> (I've been
> authenticated) and then it goes on to show me the desktop.
>
> I would think it is checking permissions then. Does it just hang? or
> is there any message?
>
> Are you sure the login you are using to RDP is permitted on the client
> to login remotely? I.e. if you go to the system properties page
> (controlpanel->system, "advanced system settings", then select the 'Remote'
> tab -- bottom section shows where you can select which users are allowed.
>
> Might check the event logs on the target system to see if it says
> anything about any attempts to login via remote-desktop...
>
>
>
>
>
>
in my RDP client I can see the Welcome screen with the clircle spinning
forever. Unfortunately when the client screen was locked before I try to
connect it is afterwards not possible to unlock the desktop anymore and
I have to hard reboot the machine
RDP is enabled and users have been added.
I can however RDP to a machine using a local account without a problem.
I will check the logs again tomorrow.
Thanks
best regards
Andreas
Linda W
May 13, 2014, 1:50:01 PM5/13/14
to
Andy Durant wrote:
> This again points to a DNS issue. If you check your event logs on the
> client, you should be able to pull more info.
Um... do you have roaming profiles enabled by any chance?
> This again points to a DNS issue. If you check your event logs on the
> client, you should be able to pull more info.
>>
>> Hello Linda,
>>
>> in my RDP client I can see the Welcome screen with the clircle
>> spinning forever. Unfortunately when the client screen was locked
>> before I try to connect it is afterwards not possible to unlock the
>> desktop anymore and I have to hard reboot the machine
----
>> Hello Linda,
>>
>> in my RDP client I can see the Welcome screen with the clircle
>> spinning forever. Unfortunately when the client screen was locked
>> before I try to connect it is afterwards not possible to unlock the
>> desktop anymore and I have to hard reboot the machine
Um... do you have roaming profiles enabled by any chance?
Andy Durant
May 13, 2014, 1:50:01 PM5/13/14
to
This again points to a DNS issue. If you check your event logs on the
client, you should be able to pull more info.
Double and triple check your DNS setup, both on the clients and servers
client, you should be able to pull more info.
and make sure you can resolve all the DCS from the client. Its a fairly
common problem with active directory and DNS.
I suspect if you left it long enough, you would find that it eventually
logs in, and you can successfully login. I've ran into this many times
and occasionally I've waited 20 minutes for everything to fail and
timeout before the desktop appeared.
Andy
<snip>
Andreas Oster
May 14, 2014, 1:40:01 AM5/14/14
to
Am 13.05.2014 19:41, schrieb Andy Durant:
> This again points to a DNS issue. If you check your event logs on the
> client, you should be able to pull more info.
>
> Double and triple check your DNS setup, both on the clients and servers
> and make sure you can resolve all the DCS from the client. Its a fairly
> common problem with active directory and DNS.
>
> I suspect if you left it long enough, you would find that it eventually
> logs in, and you can successfully login. I've ran into this many times
> and occasionally I've waited 20 minutes for everything to fail and
> timeout before the desktop appeared.
>
> Andy
>
> <snip>
>> >
>> Hello Linda,
>>
>> in my RDP client I can see the Welcome screen with the clircle
>> spinning forever. Unfortunately when the client screen was locked
>> before I try to connect it is afterwards not possible to unlock the
>> desktop anymore and I have to hard reboot the machine
>>
>> RDP is enabled and users have been added.
>>
>> I can however RDP to a machine using a local account without a problem.
>>
>> I will check the logs again tomorrow.
>>
>> Thanks
>>
>> best regards
>>
>> Andreas
Hello Andy,
> This again points to a DNS issue. If you check your event logs on the
> client, you should be able to pull more info.
>
> Double and triple check your DNS setup, both on the clients and servers
> and make sure you can resolve all the DCS from the client. Its a fairly
> common problem with active directory and DNS.
>
> I suspect if you left it long enough, you would find that it eventually
> logs in, and you can successfully login. I've ran into this many times
> and occasionally I've waited 20 minutes for everything to fail and
> timeout before the desktop appeared.
>
> Andy
>
> <snip>
>> >
>> Hello Linda,
>>
>> in my RDP client I can see the Welcome screen with the clircle
>> spinning forever. Unfortunately when the client screen was locked
>> before I try to connect it is afterwards not possible to unlock the
>> desktop anymore and I have to hard reboot the machine
>>
>> RDP is enabled and users have been added.
>>
>> I can however RDP to a machine using a local account without a problem.
>>
>> I will check the logs again tomorrow.
>>
>> Thanks
>>
>> best regards
>>
>> Andreas
can you please describe how you have checked/tested your DNS setup ?
I tested with nslookup from the machine I want to connect to and could
successfully resolve the client and the DCs by their names and IPs.
Anything else I need to verify regarding DNS ?
Andreas Oster
May 14, 2014, 3:10:01 AM5/14/14
to
I get the following error messages in log.samba with log level 3:
[2014/05/14 08:57:10.819598, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ testuser@SAMDOM from ipv4:10.2.1.80:60451 for
krbtgt/SAMDOM@SAMDOM
[2014/05/14 08:57:10.832282, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: 128
[2014/05/14 08:57:10.834478, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- testuser@SAMDOM
[2014/05/14 08:57:10.835805, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- testuser@SAMDOM
[2014/05/14 08:57:10.837196, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- testuser@SAMDOM
[2014/05/14 08:57:10.847356, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2014/05/14 08:57:10.850914, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2014/05/14 08:57:10.853423, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ testuser@SAMDOM from ipv4:10.2.1.80:60452 for
krbtgt/SAMDOM@SAMDOM
[2014/05/14 08:57:10.863694, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 128
[2014/05/14 08:57:10.865276, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- testuser@SAMDOM
[2014/05/14 08:57:10.866585, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- testuser@SAMDOM
[2014/05/14 08:57:10.867957, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: ENC-TS Pre-authentication succeeded -- testuser@SAMDOM using
arcfour-hmac-md5
[2014/05/14 08:57:10.895223, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ authtime: 2014-05-14T08:57:10 starttime: unset
endtime: 2014-05-14T18:57:10 renew till: 2014-05-21T08:57:10
[2014/05/14 08:57:10.896842, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, des-cbc-md5, using
arcfour-hmac-md5/aes256-cts-hmac-sha1-96
[2014/05/14 08:57:10.898042, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
forwardable
[2014/05/14 08:57:10.901065, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2014/05/14 08:57:10.902744, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2014/05/14 08:57:10.907818, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ test...@SAMDOMNETWORK.LOC from ipv4:10.2.1.80:60453
for TERMSRV/SAMDO...@SAMDOMNETWORK.LOC [canonicalize, renewable,
forwardable]
[2014/05/14 08:57:10.911137, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Searching referral for SAMDOMws01
[2014/05/14 08:57:10.912879, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Server not found in database:
TERMSRV/SAMDO...@SAMDOMNETWORK.LOC: No such entry in the database
[2014/05/14 08:57:10.914183, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed building TGS-REP to ipv4:10.2.1.80:60453
[2014/05/14 08:57:10.918462, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2014/05/14 08:57:10.925388, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2014/05/14 08:57:13.630864, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ testuser@SAMDOM from ipv4:10.2.1.80:60455 for
krbtgt/SAMDOM@SAMDOM
[2014/05/14 08:57:13.640691, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: 128
[2014/05/14 08:57:13.641264, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- testuser@SAMDOM
[2014/05/14 08:57:13.642531, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- testuser@SAMDOM
[2014/05/14 08:57:13.643066, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- testuser@SAMDOM
[2014/05/14 08:57:13.644782, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2014/05/14 08:57:13.645892, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2014/05/14 08:57:13.648746, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ testuser@SAMDOM from ipv4:10.2.1.80:60456 for
krbtgt/SAMDOM@SAMDOM
[2014/05/14 08:57:13.658425, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 128
[2014/05/14 08:57:13.659371, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- testuser@SAMDOM
[2014/05/14 08:57:13.660064, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- testuser@SAMDOM
[2014/05/14 08:57:13.661464, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: ENC-TS Pre-authentication succeeded -- testuser@SAMDOM using
arcfour-hmac-md5
[2014/05/14 08:57:13.684422, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ authtime: 2014-05-14T08:57:13 starttime: unset
endtime: 2014-05-14T18:57:13 renew till: 2014-05-21T08:57:13
[2014/05/14 08:57:13.686132, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, des-cbc-md5, using
arcfour-hmac-md5/aes256-cts-hmac-sha1-96
[2014/05/14 08:57:13.687011, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
forwardable
[2014/05/14 08:57:13.689839, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2014/05/14 08:57:13.690662, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2014/05/14 08:57:20.753481, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'wbsrv: wbsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2014/05/14 08:57:20.754339, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[wbsrv: wbsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2014/05/14 08:57:24.898127, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'ntp_signd_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2014/05/14 08:57:24.899229, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[ntp_signd_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
Unfortunately I have no clue what this means. Do you have an idea what
could be the cause ?
Thank you for your kind help
best regards
Andreas
Andreas Oster
May 14, 2014, 4:50:02 AM5/14/14
to
Am 13.05.2014 18:27, schrieb Marc Muehlfeld:
I have just recognized, that if I shutdown samba4 on the DC, the client
is currently connected to, the login suddenly proceeds from the welcome
screen where it would otherwise have remained forever. I have tested it
with all three DCs and it is always the same result.
Do you have an idea what could be the cause of the problem, or can you
propose how I can troubleshoot in more detail ?
Thank you for your kind help
best regards
Andreas
Marc Muehlfeld
May 14, 2014, 5:10:02 AM5/14/14
to
Am 14.05.2014 09:47, schrieb Andreas Oster:
> I have just recognized, that if I shutdown samba4 on the DC, the client
> is currently connected to, the login suddenly proceeds from the welcome
> screen where it would otherwise have remained forever. I have tested it
> with all three DCs and it is always the same result.
>
> Do you have an idea what could be the cause of the problem, or can you
> propose how I can troubleshoot in more detail ?
Just to make sure, that I've fully understand your situation: You try
> I have just recognized, that if I shutdown samba4 on the DC, the client
> is currently connected to, the login suddenly proceeds from the welcome
> screen where it would otherwise have remained forever. I have tested it
> with all three DCs and it is always the same result.
>
> Do you have an idea what could be the cause of the problem, or can you
> propose how I can troubleshoot in more detail ?
logging into a workstation via RDP using a domain account. The login
process hangs forever until you shutdown the samba process of the DC,
that handles the login? If you shut down Samba, the login continues and
you get successfully logged in with RDP?
Regards,
Marc
Andreas Oster
May 14, 2014, 5:20:01 AM5/14/14
to
Am 14.05.2014 12:03, schrieb Marc Muehlfeld:
> Am 14.05.2014 09:47, schrieb Andreas Oster:
>> I have just recognized, that if I shutdown samba4 on the DC, the client
>> is currently connected to, the login suddenly proceeds from the welcome
>> screen where it would otherwise have remained forever. I have tested it
>> with all three DCs and it is always the same result.
>>
>> Do you have an idea what could be the cause of the problem, or can you
>> propose how I can troubleshoot in more detail ?
>
>
> Just to make sure, that I've fully understand your situation: You try
> logging into a workstation via RDP using a domain account. The login
> process hangs forever until you shutdown the samba process of the DC,
> that handles the login? If you shut down Samba, the login continues
> and you get successfully logged in with RDP?
>
>
>
>
> Regards,
> Marc
yes, exactly. I have three DCs, so if I disable samba4 on the DC the
client is currently using
the login moves forward from the stuck welcome screen and succeeds.
best regards
Andreas
Marc Muehlfeld
May 14, 2014, 5:40:02 AM5/14/14
to
Am 14.05.2014 10:14, schrieb Andreas Oster:
>> Just to make sure, that I've fully understand your situation: You try
>> logging into a workstation via RDP using a domain account. The login
>> process hangs forever until you shutdown the samba process of the DC,
>> that handles the login? If you shut down Samba, the login continues
>> and you get successfully logged in with RDP?
>
>> Just to make sure, that I've fully understand your situation: You try
>> logging into a workstation via RDP using a domain account. The login
>> process hangs forever until you shutdown the samba process of the DC,
>> that handles the login? If you shut down Samba, the login continues
>> and you get successfully logged in with RDP?
>
> yes, exactly. I have three DCs, so if I disable samba4 on the DC the
> client is currently using
> the login moves forward from the stuck welcome screen and succeeds.
I'm still guessing that there is a GPO, logonscript or something like
> client is currently using
> the login moves forward from the stuck welcome screen and succeeds.
that, which causes this. I tried RDP in my test environment, too and see
no problems.
Maybe an ACL on a GPO, logon script, share, etc. denies access and the
client had to wait for one or more timeouts.
Can you try it with a user account, that doesn't have a logonscript, any
share mappings, etc. Maybe use a completely fresh account, just to make
sure, that nothing like auto-mapping shares exists in the user profile.
And maybe disable all GPOs.
Do you see anything in the _Windows_ Event log?
Regards
Andreas Oster
May 14, 2014, 5:50:03 AM5/14/14
to
Am 14.05.2014 12:36, schrieb Marc Muehlfeld:
> Am 14.05.2014 10:14, schrieb Andreas Oster:
>>> Just to make sure, that I've fully understand your situation: You try
>>> logging into a workstation via RDP using a domain account. The login
>>> process hangs forever until you shutdown the samba process of the DC,
>>> that handles the login? If you shut down Samba, the login continues
>>> and you get successfully logged in with RDP?
>>
>> yes, exactly. I have three DCs, so if I disable samba4 on the DC the
>> client is currently using
>> the login moves forward from the stuck welcome screen and succeeds.
>
>
> I'm still guessing that there is a GPO, logonscript or something like
> that, which causes this. I tried RDP in my test environment, too and
> see no problems.
>
> Maybe an ACL on a GPO, logon script, share, etc. denies access and the
> client had to wait for one or more timeouts.
>
> Can you try it with a user account, that doesn't have a logonscript,
> any share mappings, etc. Maybe use a completely fresh account, just to
> make sure, that nothing like auto-mapping shares exists in the user
> profile. And maybe disable all GPOs.
>
> Do you see anything in the _Windows_ Event log?
>
>
> Regards
> Marc
Hello Marc,
> Am 14.05.2014 10:14, schrieb Andreas Oster:
>>> Just to make sure, that I've fully understand your situation: You try
>>> logging into a workstation via RDP using a domain account. The login
>>> process hangs forever until you shutdown the samba process of the DC,
>>> that handles the login? If you shut down Samba, the login continues
>>> and you get successfully logged in with RDP?
>>
>> yes, exactly. I have three DCs, so if I disable samba4 on the DC the
>> client is currently using
>> the login moves forward from the stuck welcome screen and succeeds.
>
>
> I'm still guessing that there is a GPO, logonscript or something like
> that, which causes this. I tried RDP in my test environment, too and
> see no problems.
>
> Maybe an ACL on a GPO, logon script, share, etc. denies access and the
> client had to wait for one or more timeouts.
>
> Can you try it with a user account, that doesn't have a logonscript,
> any share mappings, etc. Maybe use a completely fresh account, just to
> make sure, that nothing like auto-mapping shares exists in the user
> profile. And maybe disable all GPOs.
>
> Do you see anything in the _Windows_ Event log?
>
>
> Regards
> Marc
I doubt, that it is related to GPOs or scripts. I have the same issue in
my home samba4 domain where I did not configure any scripts or GPOs.
I will create a new user and test if this makes any difference.
Thanks
best regards
Andreas
Andreas Oster
May 14, 2014, 6:00:02 AM5/14/14
to
Am 14.05.2014 12:36, schrieb Marc Muehlfeld:
> Am 14.05.2014 10:14, schrieb Andreas Oster:
>>> Just to make sure, that I've fully understand your situation: You try
>>> logging into a workstation via RDP using a domain account. The login
>>> process hangs forever until you shutdown the samba process of the DC,
>>> that handles the login? If you shut down Samba, the login continues
>>> and you get successfully logged in with RDP?
>>
>> yes, exactly. I have three DCs, so if I disable samba4 on the DC the
>> client is currently using
>> the login moves forward from the stuck welcome screen and succeeds.
>
>
> I'm still guessing that there is a GPO, logonscript or something like
> that, which causes this. I tried RDP in my test environment, too and see
> no problems.
>
> Maybe an ACL on a GPO, logon script, share, etc. denies access and the
> client had to wait for one or more timeouts.
>
> Can you try it with a user account, that doesn't have a logonscript, any
> share mappings, etc. Maybe use a completely fresh account, just to make
> sure, that nothing like auto-mapping shares exists in the user profile.
> And maybe disable all GPOs.
>
> Do you see anything in the _Windows_ Event log?
>
>
> Regards
> Marc
Hello Marc,
>>> Just to make sure, that I've fully understand your situation: You try
>>> logging into a workstation via RDP using a domain account. The login
>>> process hangs forever until you shutdown the samba process of the DC,
>>> that handles the login? If you shut down Samba, the login continues
>>> and you get successfully logged in with RDP?
>>
>> yes, exactly. I have three DCs, so if I disable samba4 on the DC the
>> client is currently using
>> the login moves forward from the stuck welcome screen and succeeds.
>
>
> I'm still guessing that there is a GPO, logonscript or something like
> that, which causes this. I tried RDP in my test environment, too and see
> no problems.
>
> Maybe an ACL on a GPO, logon script, share, etc. denies access and the
> client had to wait for one or more timeouts.
>
> Can you try it with a user account, that doesn't have a logonscript, any
> share mappings, etc. Maybe use a completely fresh account, just to make
> sure, that nothing like auto-mapping shares exists in the user profile.
> And maybe disable all GPOs.
>
> Do you see anything in the _Windows_ Event log?
>
>
> Regards
> Marc
even with a newly created user without any drive mappings and so on, the
RDP login gets stuck at the welcome screen.
Windows Event log does not show any errors or any useful informations.
best regards
Andreas
steve
May 14, 2014, 7:10:02 AM5/14/14
to
On Wed, 2014-05-14 at 11:36 +0100, Marc Muehlfeld wrote:
>
> Maybe an ACL on a GPO,
e.g. is the Desktop folder redirected anywhere?
>
> Maybe an ACL on a GPO,
Andreas Oster
May 14, 2014, 8:00:03 AM5/14/14
to
Am 14.05.2014 13:01, schrieb steve:
> On Wed, 2014-05-14 at 11:36 +0100, Marc Muehlfeld wrote:
>>
>> Maybe an ACL on a GPO,
>
> e.g. is the Desktop folder redirected anywhere?
>
>
Hello Steve,
> On Wed, 2014-05-14 at 11:36 +0100, Marc Muehlfeld wrote:
>>
>> Maybe an ACL on a GPO,
>
> e.g. is the Desktop folder redirected anywhere?
>
>
no, only "My Documents" folder is redirected to network share for
domain users. But I have also tested with a newly created user which
does not have any GPOs except the default domain one.
Thanks
best regards
Andreas
Davor Vusir
May 18, 2014, 3:50:01 AM5/18/14
to
Den 13 maj 2014 16:56 skrev "Andreas Oster" <aos...@novanetwork.de>:
>
> Hi all,
>
> I am currently struggling with an odd MS Remote Desktop issue which
> might be related to our Samba4 AD (version: 4.2.0pre1-GIT-d7c22d5
> domain/forest-level 2008_R2) setup.
>
> We are unable to connect to Win7 machines (all available latest patches
> installed) via RDP after they have been joined to the domain. We have
> made sure, that RDP is enabled and the firewall exceptions are in place.
> We actually tried with firewall turned off, also. When trying to connect
> with an AD account we get to the welcome screen but not further. The
> physical screen of the machine does not get locked. When doing the same,
> using a local admin account we can successfully log in via RDP.
>
> Does anybody have an idea what could be the cause of this issue ?
>
> I tested the same at home in my small samba4 domain, without any
> modified GPOs, and face the same issue.
>
> Thank you very much for your kind help
>
> best regards
>
> Andreas
>
Any malware protection software installed?
>
> Hi all,
>
> I am currently struggling with an odd MS Remote Desktop issue which
> might be related to our Samba4 AD (version: 4.2.0pre1-GIT-d7c22d5
> domain/forest-level 2008_R2) setup.
>
> We are unable to connect to Win7 machines (all available latest patches
> installed) via RDP after they have been joined to the domain. We have
> made sure, that RDP is enabled and the firewall exceptions are in place.
> We actually tried with firewall turned off, also. When trying to connect
> with an AD account we get to the welcome screen but not further. The
> physical screen of the machine does not get locked. When doing the same,
> using a local admin account we can successfully log in via RDP.
>
> Does anybody have an idea what could be the cause of this issue ?
>
> I tested the same at home in my small samba4 domain, without any
> modified GPOs, and face the same issue.
>
> Thank you very much for your kind help
>
> best regards
>
> Andreas
>
Regards
Davor
0 new messages