RDP to computer using local admin account wont authenticate

Question

RDP to computer using local admin account wont authenticate

Sergio Renes 0

Hello, I've never had this issue before, but I have a user (user A) that is trying to RDP to another user's (user B) computer using user B's credentials, which has local admin rights. User a has done this a bunch of times with no issues until recently. User A puts in the password and it comes back with login failed. I then take over user A's computer and try to RDP to user B's computer using my Domain Admins credentials and get the same error. I'm able to RDP to user B's computer from my own computer just fine. So something is going on with user A's computer specifically. As a workaround I had user A RDP to conference computer then RDP to user B's computer from there and it worked. I told user A that I would troubleshoot some more over the weekend. I tried login in to user A's computer using my DA credentials then RDP to user B's computer again and got the same error, Login failed. When checking the Audit logs it shows where a Failure but it doesn't show which credntial was used. Just the IP address of user A's computer. All the computers have the same GPOs. Any ideas why user A's computer can't authenticate any of the tried credentials?

2 answers

Your answer

Answer 1

Henry Mai 7,010 Independent Advisor

Hi Sergio Renes, I'm Henry.

Based on my research, the issue might be related to cached credentials or Network Level Authentication (NLA). According to Event 4625 – An account failed to log on, Windows may use outdated cached credentials, causing RDP failures even if the same credentials work elsewhere. Also, make sure NLA is properly configured and the account has the right permissions — see Enable Remote Desktop on your PC.

Also review Credential Guard or LSA Protection settings, as they can block RDP. Microsoft’s guide is here.

Even with shared GPOs, a single device might apply conflicting policies—use gpresult /r or rsop.msc to verify — see gpresult | Microsoft Learn.

Try clearing saved credentials, confirming NLA settings, and comparing policies with a working system. You can also test by temporarily disabling Credential Guard.

Hope this helps! If so, please click “Accept Answer” so others can benefit too.

Sergio Renes 0 Reputation points

2025-11-03T02:06:21.9966667+00:00

Henry, there doesn't appear to be any saved Windows credntials in credential manager. NLA is enabled on both and required on all machines. I did try to disable NLA on both users machines but still no luck. We don't have credential guard or LSA protection set up in our Org. The GPO policies match.
Henry Mai 7,010 Reputation points Independent Advisor

2025-11-03T09:08:10.7033333+00:00

Since network, NLA, and policies are consistent across all devices, it seems the issue is specific to User A’s machine, likely related to the user profile or account itself.

You can try creating a new local admin account on User A’s PC and attempt the RDP connection with that account. If it connects successfully and you want User A to keep their old account while creating a fresh profile, you could rename the old profile folder under C:\Users (for example, add .old at the end) before logging in again — Windows will automatically create a new clean profile.

Important note: On Windows 10 or later, renaming the profile folder may cause issues with certain features like winget, so proceed with caution. Renaming user account doesn't change profile path - Windows Client | Microsoft Learn

If even the new account cannot connect, please open Event Viewer → Windows Logs → Security on the target PC, look for Event ID 4625, and share the Status and SubStatus codes. These codes indicate exactly what is blocking the sign-in. You can refer to Microsoft’s documentation here: 4625(F) An account failed to log on. - Windows 10 | Microsoft Learn

Once we have those codes, we can determine the next steps more precisely.
Sergio Renes 0 Reputation points

2025-11-03T17:39:29.26+00:00
Yes, I logged in as my DA account in to user A's computer and tried RDP to user B's computer and got the same error.

An account failed to log on.

Subject:

Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:

Security ID: NULL SID Account Name: Account Domain: -

Failure Information:

Failure Reason: An Error occured during Logon. Status: 0xC000006D Sub Status: 0xC000006D

Process Information:

Caller Process ID: 0x0 Caller Process Name: -

Network Information:

Workstation Name: - Source Network Address: 10.0.1.121 Source Port: 0

Detailed Authentication Information:

Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Answer 2

Sergio Renes 0

I think this is it.

https://cyberpress.org/microsoft-confirms-recent-updates-causing-login/

I'm seeing these mismatch errors on user B's computer. We have Beelink computers and I'm pretty sure they are all cloned by them. I ran to a similar issue with them not showing up in the WSUS console and found out I needed to reset their SUSClientID in order for them to show up.

So I either need to uninstall the windows update or run a sid changer tool.

Share via

RDP to computer using local admin account wont authenticate

2 answers

Your answer