Windows 7 machine can't rdp into 2008 Server.

Need more details...

Is the certificate a 3rd party or is it self signed?

by FQDN, do you mean its internet identity or its local name...a FQDN can be xyz.foo.com or xyz.foo.local

If you run NSLOOKUP, does it resolve correctly?

The cert would be self signed, and by FQDN I mean local identity, and NSLOOKUP resolves it correctly.

Hi,

I have two theories: Sounds like the problem lies somewhere in the DNS.
1.Check normal name lookup through DNS.
 2.Check reverse DNS lookup on the IP address of the Windows 2008 R2 machine.
3.Examine the DNS records created for the servers / windows 7 machines on the DNS server.
 4.Try disabling IP6 on both machines.
 
Reference this

Time and again we see the IPv6 stack operating under the hood, having a silent affect on applications. One area we have seen this is in DNS calls for application servers. Depending on the application and specific stack in use, the client may make DNS calls over IPv4 requesting the IPv6 address of application servers

And this option is quite certan that a security option is set: http://support.microsoft.com/kb/2493594

I can lookup the IP of the server by name and IP, and everything looks fine in DNS, I also disabled IPv6 on the client machine and it was already disabled on the server, and that did not fix the problem.

As for the link provided, this server isn't R2, and I can't find Remote Desktop Services to make these changes, which I'm assuming is b/c it's an R2 feature.  Also, RDP works from other machines, so I really think it's something on the client end.

has the server been re-installed? the name would be the same and yet a different install creates a different identity of the same name. if the client is in the domain try disconnect or unjoin the domain and re-join domain. make sure the server cert is installed on the client.

No the server has not been reinstalled.  How do you reinstall the server cert on the client machine?

Guess I need to change my stance that it's only happening on one client.  Now it's happening on two others as well, so it could be something on the server.

Other thing you could check is that in the DNS server, he may have more than one IP address set up or just two interfaces, which may create two A records regarding the Servername, you could rather disable that IP interface if not in use and/or delete the A record to an ip different from the internal ip address.

i support SBS 2008 and the cert install package is located in the public\downloads folder. mine is a self signed cert as well. take the distribution package and run the included install on the client machine.
what OS are the client systems?

Well I don't have an explanation just yet, but it started working.  Remoted into one of the machines today to do some testing and throughly check DNS and it worked right away.  I confirmed it by remoting into another of the problem machines and it worked as well.  I'll leave this open for a few days to see if the issue pops up again.

Did the server reboot? If the certificate had expired, it renews itself when the service restarts.

Actually after talking to an associate of mine, he did reboot the server yesterday.  Now I thought people were still having problems after the time he told me the server was rebooted, but I don't know that for sure.  So it is possible the cert was the issue all along.  I guess my question is, why didn't it effect all machines, and what could I have done from the client machines to fix this?  I will note, when I successfully connected this morning, I never got prompted by the security warning you typically get when first remoting into a server.  If the server did assign itself a new cert, wouldn't I get prompted again?

Not sure on why the other clients were unaffected ... but it was likely the certificate all along. Not anything you really can fix from the client side.

If the client doesnt see anything wrong with the certificate, you will see nothing. It will just work.

Ok, I may do a little more digging before accepting an answer on this.

Well, problem popped up again over the weekend.  Had a user connect using Sonicwall Global VPN Client to our Sonicwall firewall, but when he tried to make an RDP connection to his PC he got the message above.  I was able to remote into his PC by name w/o any problems this morning, so I'm not sure what exactly is causing this problem.

Actually, may have found it, I'm seeing another PC in DNS with the same IP.  Looks like the people pointing to DNS were right, I'm going to do a little more research to figure out why this is happening.

There was an old A record pointing to the same IP as the client machine.

Didn't notice this when I originally posted the question, but another user got the same error and as I started looking I noticed an old record that had the same IP.