I was trying to remote desktop to a VM that is in different domain. I keep getting this error message:
"Your system administrator Does not allow the use of saved credentials to log on to the remote computer. Because identity is not fully verified. Please enter new credentials"
I tried to type the correct credentials manually on Remote Desktop. I decided to take a look at the server’s security log. This is what I found:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 10/7/2010 12:23:43 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: servername.domain.local
Description:
An account failed to log on.Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: myADaccount
Account Domain: DomainName
Failure Information:
Failure Reason: Domain sid inconsistent.Status: 0xc000006d
Sub Status: 0xc000019b
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: MyClientWorkstationName
Source Network Address: -
Source Port: -Failure Information:
Failure Reason: Domain sid inconsistent.
Status: 0xc000006d
Sub Status: 0xc000019b
Well…Failure reason says “Domain sid inconsistent” and Security ID says NULL SID.
YES, I knew what went wrong right away. My test domain controller and standalone server VM are deployed from same template. so both consists same SID.
Usually duplicate SID is not a problem. But if you domain controller and client machine SID are the same, then it’s a big problem.
I ran (C:\Windows\System32\SysPrep\) SysPrep.exe on my server and re-joined to the domain. Everything magically OK after that.
No comments:
Post a Comment