Symantec Privileged Access Management

Expand all | Collapse all

Alert when access RDP to a server as ""The logon attempt failed. The credentials that were used to connect to server did not work"

  • 1.  Alert when access RDP to a server as ""The logon attempt failed. The credentials that were used to connect to server did not work"

    Posted 19 days ago
    Hi All,

    We have faced with this multiple times, but we are unable to found the resolution

    When a user is access RDP via CAPAM Tool from a workstation, he is getting below error message, but the credentials are verified in CAPAM and 100% correct credentials. This issue is for only two-three users, others are able to access the RDP to same server with same Target account from different workstations. This error is not permanent to the same user, it is vice versa

    It is Windows Domain server and target account is Active directory account.

    Can anyhelp me on this issue? How to resolve this issue?


  • 2.  RE: Alert when access RDP to a server as ""The logon attempt failed. The credentials that were used to connect to server did not work"

    Posted 15 days ago
    Hello--

    We are on 3.3.3.01, and yes - we are fighting that problem as well.

    What is your password view policy for these accounts?
    .
    We are currently only doing account Check out/in as its the only thing that does not break PAM access :-(

    My theory is RDP sessions are not logging off, the session windows are just killed (user just clicks the X in the top right). This happens either by mistake, or the windows session locks, and the only thing the user can do is kill it.

    It would be beneficial for someone who has session control working (ie automatically logs into Windows with vaulted credentials) with AD accounts to bring some thoughts into the conversation.

    One observation: this problem appears happens less on a domain with one or two domain controllers. A domain with 5 Domain Controllers appears choke with locked accounts consistently.




  • 3.  RE: Alert when access RDP to a server as ""The logon attempt failed. The credentials that were used to connect to server did not work"

    Posted 15 days ago
    I just checked 5 servers - all had a pam user process in "disconnected" state

    You might have a GPO policy that unlocks the account after 15 minutes which makes these hard to catch.

    For the suspect accounts - I'll clicking the "verify account" every 2 minutes - usually after 5 minutes it will show an error.