Score:1

Remote Desktop connection to Azure AD Joined computer

in flag

I'm doing some testing on a standalone (no on-prem AD sync) Azure AD test tenancy, and have set up a user (non-admin) account, installed a base Windows 10 system, and joined it to Azure AD (shows Azure AD Joined) using the user account. It appears to have created that account as a local admin, so I've enabled Remote Desktop and am attempting to log into it using the test user from my normal work computer (local AD joined, Hybrid Azure AD in production tenancy). However, I keep getting "The logon attempt failed":

Screenshot of RDP error "The logon attempt failed"

On the Win10 system (the RDP "server"), in the Event Log under Applications and Services -> Microsoft -> Windows -> RemoteDesktopServices-RdpCoreTS, I can see at the same time two warnings:

Event ID 142, Category RemoteFX module: TCP socket READ operation failed, error 64

Event ID 226, Category RemoteFX module: RDP_TCP: An error was encountered when transitioning from StateUnknown in response to Event_Disconnect (error code 0x80070040).

Using WireShark on the "server" side, I can see my "client" system connecting and negotiating TLSv1.2 with Client Hello, Server Hello, and passing TLS "Application Data" from client to server, then "server" back to "client" (with ACKs sent back for each). At this point, it looks like my "client" sends a TCP RST.

I've tried the username in the following format, all result in the same error and same Wireshark RST:

name@domain
AzureAD\name@domain
.\AzureAD\name@domain

And I've also tried to connect using the the Remote Desktop store app, which gave me:

Error code: 0x9735
Extended error code: 0x0
Activity ID: {af13979d-a3b9-41c5-8205-5bab5ca60000}

I've seen several articles that indicate I need to disable NLS on both sides, but 1) that seems like a bad idea without knowing why that's required, and 2) I tried it anyway and it didn't work.

I'm out of ideas. Anyone smarter than me able to point me in the right direction?

Score:1
br flag

I'm doing some testing on a standalone (no on-prem AD sync) Azure AD test tenancy, and have set up a user (non-admin) account, installed a base Windows 10 system, and joined it to Azure AD (shows Azure AD Joined) using the user account. It appears to have created that account as a local admin, so I've enabled Remote Desktop and am attempting to log into it using the test user from my normal work computer (local AD joined, Hybrid Azure AD in production tenancy).

That will not work, source and destination need to be in the same tenant.

enter image description here

For more info: https://docs.microsoft.com/en-us/windows/client-management/connect-to-remote-aadj-pc#set-up

DarkMoon avatar
in flag
There's the info I needed and the source to back it up; thank you so much. I had a feeling that might be the answer, but I wasn't able to find it. I had seen that they needed to both be AD joined or Hybrid joined, which bother are, just not in the same tenancy, but wasn't able to find whether different tenancies mattered. Guess I might need to try and make a second one, and test that way. Cheers again.
Noor Khaldi avatar
br flag
glad I was able to help @DarkMoon :)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.