[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 779
  • Last Modified:

Windows 7 machine can't rdp into 2008 Server.

This is happening on just one machine, when I try to RDP into our server by name or FQDN I get this error message, "The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name."  

Now I can access it by name, so what happened that it can't resolve by name now?  I can ping the server by both name and IP, and I've flushed the DNS cache.  I saw another site give two possible solutions of the time on the server, which I confirmed is the same, or a problem with the certfiicate, but I'm not sure how to fix that.  Any ideas?
0
Go-GBS
Asked:
Go-GBS
  • 11
  • 3
  • 3
  • +1
1 Solution
 
Gary ColtharpSr. Systems EngineerCommented:
Need more details...

Is the certificate a 3rd party or is it self signed?

by FQDN, do you mean its internet identity or its local name...a FQDN can be xyz.foo.com or xyz.foo.local

If you run NSLOOKUP, does it resolve correctly?
0
 
Go-GBSAuthor Commented:
The cert would be self signed, and by FQDN I mean local identity, and NSLOOKUP resolves it correctly.
0
 
pcfreakerCommented:
Hi,

I have two theories: Sounds like the problem lies somewhere in the DNS.
1.Check normal name lookup through DNS.
 2.Check reverse DNS lookup on the IP address of the Windows 2008 R2 machine.
3.Examine the DNS records created for the servers / windows 7 machines on the DNS server.
 4.Try disabling IP6 on both machines.
 
Reference this

Time and again we see the IPv6 stack operating under the hood, having a silent affect on applications. One area we have seen this is in DNS calls for application servers. Depending on the application and specific stack in use, the client may make DNS calls over IPv4 requesting the IPv6 address of application servers

And this option is quite certan that a security option is set: http://support.microsoft.com/kb/2493594
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
Go-GBSAuthor Commented:
I can lookup the IP of the server by name and IP, and everything looks fine in DNS, I also disabled IPv6 on the client machine and it was already disabled on the server, and that did not fix the problem.

As for the link provided, this server isn't R2, and I can't find Remote Desktop Services to make these changes, which I'm assuming is b/c it's an R2 feature.  Also, RDP works from other machines, so I really think it's something on the client end.
0
 
MorrisBettesCommented:
has the server been re-installed? the name would be the same and yet a different install creates a different identity of the same name. if the client is in the domain try disconnect or unjoin the domain and re-join domain. make sure the server cert is installed on the client.
0
 
Go-GBSAuthor Commented:
No the server has not been reinstalled.  How do you reinstall the server cert on the client machine?
0
 
Go-GBSAuthor Commented:
Guess I need to change my stance that it's only happening on one client.  Now it's happening on two others as well, so it could be something on the server.
0
 
pcfreakerCommented:
I'm sorry but double check the DNS on the client side, as it should be pointing to internal DNS servers, since it sounds a lot as a DNS issue rather than client issues... Of course it will cause a client issue that the DNS is not set up correctly. Also,check the server's DNS adress on the local network, since sometimes it gets changed to 127.0.0.1...

Anyway, I'm looking in to this error throughfully.
0
 
pcfreakerCommented:
Other thing you could check is that in the DNS server, he may have more than one IP address set up or just two interfaces, which may create two A records regarding the Servername, you could rather disable that IP interface if not in use and/or delete the A record to an ip different from the internal ip address.
0
 
MorrisBettesCommented:
i support SBS 2008 and the cert install package is located in the public\downloads folder. mine is a self signed cert as well. take the distribution package and run the included install on the client machine.
what OS are the client systems?
0
 
Go-GBSAuthor Commented:
Well I don't have an explanation just yet, but it started working.  Remoted into one of the machines today to do some testing and throughly check DNS and it worked right away.  I confirmed it by remoting into another of the problem machines and it worked as well.  I'll leave this open for a few days to see if the issue pops up again.
0
 
Gary ColtharpSr. Systems EngineerCommented:
Did the server reboot? If the certificate had expired, it renews itself when the service restarts.
0
 
Go-GBSAuthor Commented:
Actually after talking to an associate of mine, he did reboot the server yesterday.  Now I thought people were still having problems after the time he told me the server was rebooted, but I don't know that for sure.  So it is possible the cert was the issue all along.  I guess my question is, why didn't it effect all machines, and what could I have done from the client machines to fix this?  I will note, when I successfully connected this morning, I never got prompted by the security warning you typically get when first remoting into a server.  If the server did assign itself a new cert, wouldn't I get prompted again?
0
 
Gary ColtharpSr. Systems EngineerCommented:
Not sure on why the other clients were unaffected ... but it was likely the certificate all along. Not anything you really can fix from the client side.

If the client doesnt see anything wrong with the certificate, you will see nothing. It will just work.
0
 
Go-GBSAuthor Commented:
Ok, I may do a little more digging before accepting an answer on this.
0
 
Go-GBSAuthor Commented:
Well, problem popped up again over the weekend.  Had a user connect using Sonicwall Global VPN Client to our Sonicwall firewall, but when he tried to make an RDP connection to his PC he got the message above.  I was able to remote into his PC by name w/o any problems this morning, so I'm not sure what exactly is causing this problem.
0
 
Go-GBSAuthor Commented:
Actually, may have found it, I'm seeing another PC in DNS with the same IP.  Looks like the people pointing to DNS were right, I'm going to do a little more research to figure out why this is happening.
0
 
Go-GBSAuthor Commented:
There was an old A record pointing to the same IP as the client machine.
0
 
Go-GBSAuthor Commented:
Didn't notice this when I originally posted the question, but another user got the same error and as I started looking I noticed an old record that had the same IP.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 11
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now