RDP Access and domain login on AWS

vidhyutv · July 3, 2022, 4:36pm

HI,

Good Morning.
I am working on making two separate AWS Windows 2022 Servers. I will be using one as my Domain Controller and second one will be used as Workstation.

I created new user, joined domain with my second workstation and all this.
AWS using Remote desktop connection. Now the issue is when I joine second AWS workstation it gets connected using Administrator account only. If I try to logout and try to connect using my domain user then it gives me an error saying “The Logon attempt failed”.

How can I resolve this issue? What am I doing wrong here?

Thank You.

vidhyutv · July 3, 2022, 5:01pm

Issue Update:
My AD is “ad.domainname.com”

I logged on secodn workstation as “Local Admin”, installed “AnyDesk” and then connected to it with AnyDesk. After that, I switched user to domain user. I noticed one thing though if I try username “AD/username” then it gives me an error. But if I try “username@ad.domainname.com” then it lets me connect. Why is that?

And also after this, I tried to do RDP with username “username@ad.domainname.com” and password. Now it tries to connect but gives an error about “No Permission”. So I think that has to do with Group Policy and local computer remote access permission. CORRECT?
And how can I resolve the RDP issue? How to assign remote access security group and/or policy?

Thank You

ricardo.p · July 4, 2022, 2:41pm

Hi @vidhyutv

Check the following AWS KB to allow users to RDP.

How do I allow domain users RDP access to an EC2 Windows instance using group policy in AWS Managed Microsoft AD or Simple AD?

Also, check the Security Groups that are attached to each EC2 instance.

With the logon formats. both are valid User Principal Name ( with the @) and Down-Level Login Name (with the ). Maybe the backslash is not right and is not working since it is a forward slash from the example you typed.

You can check an explanation on the following Microsoft doc.
User Name Formats

Ricardo

vidhyutv · July 4, 2022, 3:43pm

@ricardo.p ,

I had tried the steps mentioned in the link you sent and still it did not work.
Here is the screenshot of the Group Policy I created.

Also, both the Instances have same Security Group attached on AWS.

Thank You

ricardo.p · July 5, 2022, 2:08pm

Is the domain user part of any group? It seems more like a Windows thing than AWS if it is not. Try adding it to the Remote Desktop Users group to test.

Ricardo

vidhyutv · July 6, 2022, 1:53pm

@ricardo.p,

It worked after some troubleshooting.
Steps I performed:

Go to Second Workstation via AnyDesk.
Login with AD/Administrator account.
Go to Edit Local Users and Groups > Groups
Here I found policy group “Remote Desktop Users” and added my “AD” user.
→ After this I was able to successfully connect using Windows RDP.

Screenshot_PolicyEdit

Thank You

vidhyutv · July 6, 2022, 1:55pm

I had already added my domain user in Remote Desktop Users group from my AD DC even after that I had to follow the troubleshooting steps mentioned above.

Can you please explain why?

Thank You

ricardo.p · July 6, 2022, 2:53pm

Hi @vidhyutv

I see, if it is not working, it is because the second workstation is a windows server. Regular users are not able to RDP to windows servers. Try adding it as part of the domain admins and try again. If it works, the connection to the server is ok, and you want to modify the Allow logon locally and/or the Allow log on through Remote Desktop Services User Rights Assignment accordingly, either through the Local Security Policy or through Group Policy to allow a regular user connect to a windows server.

Ricardo

vidhyutv · July 9, 2022, 4:21pm

@ricardo.p ,

As I mentioned in my troubleshooting steps, by simply adding ad/username to the local computer group policy resolved the issue.

Thank You