This document describes the possible causes of Windows instance login failures and their troubleshooting methods.
Common login failure reasons:
Tencent Cloud provides a self-diagnosis tool to help you determine whether the failure is caused by common problems with the bandwidth, firewall, and security group configurations. 70% of faults can be located with this tool. You can locate the faults that may result in the login failure based on the detected causes.
If you cannot troubleshoot with the diagnosis tool, we recommend you log in to the CVM instance via VNC and follow the instructions.
If you cannot log in to a Windows instance through RDP or remote access software, you can log in through VNC for troubleshooting.
If you forgot the password for the instance, you can reset it in the console. For more information, see Resetting Instance Password.
Problem: The login attempt failed because you forgot the password, entered an incorrect password, or failed to reset your password.
Solution: Reset the password for this instance in the CVM console and restart the instance. For more information, see Resetting Instance Password.
Problem: The self-diagnosis tool shows that bandwidth utilization is too high.
Problem: The self-diagnosis tool or Cloud Monitor shows that server CPU workload is too high, and the system is unable to perform remote connection or access is slow.
Possible cause: Viruses, trojans, third-party antivirus software, application exceptions, driver exceptions, and automatic updates of software on the backend may lead to high CPU utilization.
Problem: Failed to access the instance remotely, the remote access port is not the default port or has been modified, or port 3389 is not open.
Diagnosis: Ping the public IP address of the instance to check network connectivity and run telnet to check whether the port is open.
Procedure: See Remote Login Failure Due to Port Issues for the detailed procedure.
Problems: Security group rule configuration is improper, leading to login failures.
Procedure: Troubleshoot with the Port Verification feature on the VPC console.
If the problem is caused by a port issue of the security group, you can use the **Open all ports** feature to open all ports.Note
Open 3389 must be open for remote login.
Problem: The login attempt failed due to the CVM firewall or security software.
Diagnosis: Log in to a Windows instance through VNC to check whether the login is blocked by the firewall policies or security software installed on the server.
This operation involves shutting down the CVM firewall. To perform it, check whether you have the corresponding permission.
Procedure: Shut down the firewall or the installed security software, and then try to access remotely again. For example, you can shut down the firewall of Windows Server 2016 as follows:
Problem: When you tried to log in to a Windows instance through the remote desktop, the prompt stating "Authentication error. Invalid flag is provided to the function." or "Authentication error. The required function is not supported." appears.
Possible cause: Microsoft released a security update in March 2018. This update fixes a remote code execution vulnerability in the Credential Security Supporting Program (CredSSP) by correcting how CredSSP validates requests during the authentication process. Both the client and server need to be updated or the preceding error may occur.
Procedure: Install the security update (recommended). For details, see An Authentication Error Occurred when You Tried to Log In to a Windows Instance Remotely.
If you still cannot connect to the Windows instance, and submit a ticket for assistance.