I know this is a Win2008 forum, but I found a problem with Windows Server 2003 SP2 which might still be in Win2008, and I wanted others to avoid the same problem.
The problem: domain-member Windows Server 2003 SP2 machines prevent cilents from connecting via Remote Desktop unless the server can contact the domain-- even if the server has cached credentials available for the domain account the client is trying to use. This domain-disconnected case is probably common in Home Office scenarios, where machines occasionally connect to the domain (via RAS) but generally log in via cached credentials.
Windows XP doesn't have the same problem, nor did (I'm nearly certain) Windows Server RTM. Somewhere along the way of patches and service packs, I believe my server lost the ability to use cached domain credentials for authenticating a Remote Desktop session.
The error I get in the Remote Desktop client is this:
The system cannot log you on due to the following error:
The specified domain either does not exist or cannot be contacted
On the server's event log, I get two errors: one in the Application Log and one in the System Log. Below are the contents of those events (I removed domain & acocunt names for privacy)
- #1: NETLOGON event ID = 5719 in the System Log:
This computer was not able to set up a secure session with a domain controller in domain [DOMAIN] due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.
- #2: NETLOGON event ID = 1219 in the Application Log:
Logon rejected for [DOMAIN\ACCOUNT]. Unable to obtain Terminal Server User Configuration. Error: The specified domain either does not exist or could not be contacted.
Anyway, I'm going to post the answer in a follow-up post so I can mark it as the answer. :-)