Re: Vista to Vista RDC problem, The logon attempt failed.
> I have 2 Vista Ultimate machines on a LAN, both with firewall disabled
> and UAC enabled. I also have an XP Professional machine on the same
> network, also with firewall disabled.
> All 3 computers have a local administrator account on them with the
> same username/password. All 3 computers are in the same workgroup. None
> of the computers are in a domain.
> ONE VISTA MACHINE IS UNABLE TO CONNECT TO THE OTHER VISTA MACHINE VIA
> RDC OR ADMINISTRATIVE NETWORK SHARE, GETTING ACCESS DENIED WHEN I TRY.
> The XP machine has no problems connecting to that Vista machine via
> either RDC or network share.
> Restarting either of the vista machines does not resolve the issue.
> After connecting with RDC from XP, if I look at the event log
> (eventvwr) I can see two Logon tasks and a Special Logon task. When I
> connect with the Vista machine I see the same set of 3 tasks (all with
> Audit Success) but when I view the details of the Logon task from Vista
> I see that it is authenticating with Account Name "SYSTEM" and Account
> Domain "NT AUTHORITY" while the XP logon is authenticating with the
> Account Name that I have setup on all of the machines and Account Domain
> as the name of the machine being connected to.
> So, the big question is, why is my Vista box connecting as "NT
> AUTHORITY\SYSTEM" (which fails) and the XP box connection as
> (COMPUTER_NAME\USERNAME) which succeeds?
> In case it is relevant, I am able to connect just fine the other
> direction between the two vista machines, so it's only one direction
> that is problematic.
> A few days ago I changed quited a few registry keys and secpol.msc
> settings attempting to get another problem with the two Vista machines
> working (following advice on various forums around the internet) so it's
> likely that this is what triggered this new problem, but I don't know
> what changes I made (went through *far* too many to remember) nor do I
> remember which I made to which machines.
> On a personal note, I'm incredibly frustrated with Vista at this point,
> I wish it had an "insecure mode" that I could just enable since I'm on a
> completely trusted network (only me and my wife) behind a well managed
> router with firewall and secured wireless.
Start -> run -> secpol.msc -> Security Settings -> Local Policies ->
Security Options -> Network security: LAN Manager authentication level
-> Send NTLM response only
(was previously Send NTLMv2 response only. Refuse LM & NTLM)
This of course begs the question, how do you make NTLMv2 work seeing as
how XP and Vista both fully support it but I have yet to see it work
(this is not the first time I've had to change that option on a computer
because it totally broke something).