Remote Desktop: the logon attempt failed

I was unable to save my credentials just for one server. This server was NOT a domain member, domain member servers doesn’t suffer from this issue (in my case). Remote Desktop (mstsc) keeps asking for credentials all the time, with the error message:

Your credentials did not work
Your system administrator does not allow the use of saved credentials to log on to the remote computer <serverName> cause its identity is not fully verified. Please enter new credentials.

the logon attempt failed

RDP - the logon attempt failed

Had this issue a long time, but today was the day to tackle this issue. I found the solution here:

  • Open Group Policy Editor via cmd -> gpedit.msc
  • Navigate to Local Computer Policy\Computer Configuration\Administrative Templates\System\Credentials Delegation\
  • Open Setting Allow Delegating Saved Credentials with NTLM-only Server Authentication, set it to Enabled click on button Show… and in Show Contents window add Value TERMSRV/*
  • run a gpupdate on your workstation

This solution works, but I had to make a new group policy object (GPO) in my Active Directory Server because my Windows 7 is a domain member.

Allow Delegation Saved Credentials witg NTLM-only Server AuthenticationAllow Delegation Saved Credentials witg NTLM-only Server Authentication

Allow Delegation Saved Credentials witg NTLM-only Server Authentication - Value

All credits to: http://itowns.blogspot.com/2009/01/remote-desktop-not-allowed-to-use-saved.html

Runas with password option, and much more

As a sysadmin you often need to run applications or scripts in other privileges. With the runas command there is no password option, you are always prompted for a pwd. Here comes RunassSPC to the rescue!

A stupid but useful example:

I needed to remotely shutdown a windows server 2008 machine. As you need remotely privileges for this action, runas wasn’t able to do this silently.

runasspcadmin

By launching runasspcadmin.exe you are able to create an encrypted file, with credentials and optional paramaters stored in the file.

Now it’s easy to launch this .spc file. Using a batch file or whatever you like:

Runasspc.exe /cryptfile:"filename.spc" /quiet

More info, downloads and a full manual:

http://www.robotronic.de/runasspcEn.html
http://www.robotronic.de/guidance.html