1 Reply Latest reply on May 11, 2018 3:03 AM by rubensk

    Remote Control only as Administrator of target Win10 machines after Windows Security Baseline Active

    rubensk

      Hi,

       

       

      we've enabled Microsoft's Security Baseline via GPO to our Windows 10 computers. If we now like to use dameware 12 to  remote control a computer the authentication is not working through.

      No matter which protocol from the dropdown list (Windows NT Challange / Response, Encrypted Windows Logon, ...)  is used it all fails.

       

      Somebody meet this situation and knows what to do? Is there a configuration in dameware that can be changed to work with the basline or did u change a setting on the baselines?

       

      Windows Security Baselines | Microsoft Docs

       

      I have checked the application log of the remote machine and found these events:

       

      Event Id
      Event TypeEvent SourceEvent Message
      103Informationdwmrcs

      Information:

      DameWare Mini Remote Control

      System Error: 0

      System Error: 0

      System Message: The operation completed successfully.

      Authentication failed: Socket API recv Failed. (AcceptSecurityContext).

      (srv 64 bit)

      110Errordwmrcs

      Error:

      DameWare Mini Remote Control

      System Error: 5

      System Error: 5

      System Message: Access is denied.

      Authentication failed.

      (srv 64 bit)

      110Errordwmrcs

      Error: Authentication Failed Using Windows NT Challenge/Response.

       

       

       

      Date: Mon, 7 May 2018 9:41:38

      Computer Name: C0110320

      User ID: JackP

      Logon As ID:

      Domain:

      Desktop User ID: Domain\Admin_Jack

      Desktop Name:

      Connect via Proxy: No

      Desktop State: User is logged on

      Permission Required: Yes

      Access Approved By: N/A

      Access Declined By: N/A

      Access Request Timeout: N/A

      Access Request Disconnected: N/A

      OS Product ID: 00378-20000-00003-AA087

      OS Registered Owner: ABC

      OS Registered Organization: ABC Inc

      Host Name from Peer: C0110320

      IP Address(es) from Peer: 172.19.20.103

      Peer Host Name:

      Peer IP Address: 172.19.20.103

      Protocol Version - DWRCC.EXE: 13.000000-0.000000

      Protocol Version - DWRCS.EXE: 13.000000-0.000000

      Product Version - DWRCS.EXE: 12.0.4.5007

      Product Version - DWRCC.EXE: 12.0.4.5007

      Authentication Type: NT Challenge/Response

      Last Error Code: 5

      Last Error Code (WSA): 0

      Host Port Number: 6129

      Host IP Address: 172.19.50.36

      Host Name: C0110310

      Absolute timeout setting: 0 minutes

      Connect/Logon timeout setting: 90000 milliseconds

      Access Check:

      Registered: Yes

      WTS Session: No

      Used Diffie-Hellman Key Exchange.

      Used Shared Secret: No

      Registration: 82A9-E2CC-5300-4CAC-8B18-B0AB-168E-6314

      (srv 64 bit)

       

      I know that NTLM version 1 is deactivated via Security Basline, but I assume Damware is using Version 2?

       

      Thanks in advance

       

       

      Ruben