RDP help
Posted by Jayroug@reddit | sysadmin | View on Reddit | 10 comments
Gi all, its been a while since had to anything related to RDP and im a bit stuck.
Was asked to give temp access to and ex employee for a client, got a Sophos connect VPN configured and set up the on site PC they want them to use, to accept RDP Connections.
I'm getting an error after entering credentials
"An authentication error occurred - the token supplied to the function is invalid"
What's strange is, the time stamp on the error is an hour behind the time on my PC and the remote PC and thinking this maybe the issue? Ive also checked the routers on both ends and their time is correct like the two PCs.
We have a weird relationship with a subset of clients who are all in the same industry where we don't manage the domain, but the domain owners don't offer the client support, or very little. NLA is enabled via Group Policy which I can't turn off, I've seen someone mention turning this off fixes it
The remote PC has its time server set to the on site DC and the time is correct there so baffled where the error pop up that occurred on my PC is getting a timestamp from.
Any idea where this timestamp on the error is coming from?
countsachot@reddit
What's the time on the hardware running the VPN/concentrator?
Jayroug@reddit (OP)
Thanks for replying, yeah time is thebsamenas the pcs on the XGS.
We have no control over the policies applied under the domain logins.
countsachot@reddit
Oh I meant the vpn policy. The time thing could be a time zone difference, or a log that ignores tz, if it's exactly one hour off, it's usually that or daylight savings.
Jayroug@reddit (OP)
Thanks, Ill have a look at that tomorrow, can't get access today I'm pretty sure there's no timezone related setting in the VPN policy.
Thanks
countsachot@reddit
The time isn't in the policy. I meant, without seeing the policies used, it's difficult to impossible to troubleshoot. We don't even know what protocols are being used.
alpentrekr@reddit
I would definitely investigate the time stamp further. I have seen token acceptance issues when time stamps are not aligned. And yes to the time zone comment mentioned here. See if any component of the connection is on incorrect time zone.
Jayroug@reddit (OP)
Thanks, yeah, this really all i have to go off at the moment.
St0nywall@reddit
If it's an ex-employee, they may still have an old credential stored on their computer from the time their account was last active.
Have them clear out any relevant cached credentials and try again.
Jayroug@reddit (OP)
I did look in credential manager and there was nothing in there but I'm now wondering if I did this under the local admin rather than the domain user account. Ill check tomorrow. Thanks
St0nywall@reddit
Easy way to fix it on the RDP server is to delete the old user profile.