Vista to Vista RDC problem, The logon attempt failed.

I have 2 Vista Ultimate machines on a LAN, both with firewall disabled
and UAC enabled. I also have an XP Professional machine on the same
network, also with firewall disabled.

All 3 computers have a local administrator account on them with the
same username/password. All 3 computers are in the same workgroup. None
of the computers are in a domain.

ONE VISTA MACHINE IS UNABLE TO CONNECT TO THE OTHER VISTA MACHINE VIA
RDC OR ADMINISTRATIVE NETWORK SHARE, GETTING ACCESS DENIED WHEN I TRY.

The XP machine has no problems connecting to that Vista machine via
either RDC or network share.

Restarting either of the vista machines does not resolve the issue.

After connecting with RDC from XP, if I look at the event log
(eventvwr) I can see two Logon tasks and a Special Logon task. When I
connect with the Vista machine I see the same set of 3 tasks (all with
Audit Success) but when I view the details of the Logon task from Vista
I see that it is authenticating with Account Name "SYSTEM" and Account
Domain "NT AUTHORITY" while the XP logon is authenticating with the
Account Name that I have setup on all of the machines and Account Domain
as the name of the machine being connected to.

So, the big question is, why is my Vista box connecting as "NT
AUTHORITY\SYSTEM" (which fails) and the XP box connection as
(COMPUTER_NAME\USERNAME) which succeeds?

In case it is relevant, I am able to connect just fine the other
direction between the two vista machines, so it's only one direction
that is problematic.

A few days ago I changed quited a few registry keys and secpol.msc
settings attempting to get another problem with the two Vista machines
working (following advice on various forums around the internet) so it's
likely that this is what triggered this new problem, but I don't know
what changes I made (went through *far* too many to remember) nor do I
remember which I made to which machines.

On a personal note, I'm incredibly frustrated with Vista at this point,
I wish it had an "insecure mode" that I could just enable since I'm on a
completely trusted network (only me and my wife) behind a well managed
router with firewall and secured wireless.


--
Micah71381

Micah71381;925474 Wrote:
> I have 2 Vista Ultimate machines on a LAN, both with firewall disabled
> and UAC enabled. I also have an XP Professional machine on the same
> network, also with firewall disabled.
>
> All 3 computers have a local administrator account on them with the
> same username/password. All 3 computers are in the same workgroup. None
> of the computers are in a domain.
>
> ONE VISTA MACHINE IS UNABLE TO CONNECT TO THE OTHER VISTA MACHINE VIA
> RDC OR ADMINISTRATIVE NETWORK SHARE, GETTING ACCESS DENIED WHEN I TRY.
>
> The XP machine has no problems connecting to that Vista machine via
> either RDC or network share.
>
> Restarting either of the vista machines does not resolve the issue.
>
> After connecting with RDC from XP, if I look at the event log
> (eventvwr) I can see two Logon tasks and a Special Logon task. When I
> connect with the Vista machine I see the same set of 3 tasks (all with
> Audit Success) but when I view the details of the Logon task from Vista
> I see that it is authenticating with Account Name "SYSTEM" and Account
> Domain "NT AUTHORITY" while the XP logon is authenticating with the
> Account Name that I have setup on all of the machines and Account Domain
> as the name of the machine being connected to.
>
> So, the big question is, why is my Vista box connecting as "NT
> AUTHORITY\SYSTEM" (which fails) and the XP box connection as
> (COMPUTER_NAME\USERNAME) which succeeds?
>
> In case it is relevant, I am able to connect just fine the other
> direction between the two vista machines, so it's only one direction
> that is problematic.
>
> A few days ago I changed quited a few registry keys and secpol.msc
> settings attempting to get another problem with the two Vista machines
> working (following advice on various forums around the internet) so it's
> likely that this is what triggered this new problem, but I don't know
> what changes I made (went through *far* too many to remember) nor do I
> remember which I made to which machines.
>
> On a personal note, I'm incredibly frustrated with Vista at this point,
> I wish it had an "insecure mode" that I could just enable since I'm on a
> completely trusted network (only me and my wife) behind a well managed
> router with firewall and secured wireless.

Solution:
Start -> run -> secpol.msc -> Security Settings -> Local Policies ->
Security Options -> Network security: LAN Manager authentication level
-> Send NTLM response only
(was previously Send NTLMv2 response only. Refuse LM & NTLM)

This of course begs the question, how do you make NTLMv2 work seeing as
how XP and Vista both fully support it but I have yet to see it work
(this is not the first time I've had to change that option on a computer
because it totally broke something).


--
Micah71381