Have you ever found yourself trying to hunt down the source of logon failures in your Remote Desktop Services farm? It’s trickier than you may have realized.
Our very own Andy Milford, Microsoft MVP in Enterprise Mobility / Remote Desktop Services, just wrote a lengthy article on the topic you can read at his RDS MVP outreach site – http://www.purerds.org.
In the article, he talks about how Group Policy authentication settings like Network Level Authentication and the RDP security layer directly affect how Remote Desktop Services logon failures are recorded in the Security log (Event ID 4625). He also shares tips regarding additional events you can use in a little known event log to correlate where logon failures are actually coming from if the Remote Desktop Session Host is running Windows Server 2012 or Windows Server 2016.
We look forward to building some of this hard won knowledge into our Remote Desktop Commander product line soon. In the meantime, please enjoy some of Andy’s detailed research on the subject.