Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Unable to RDP

Posted on 2014-11-17
15
Medium Priority
?
72 Views
Last Modified: 2015-02-22
Hey everyone.

Today I started seeing this.  Whenever I try to RDP into one of our file servers by it DNS name, I see the Error1.  Then, it seems that groups permissions are not being applied since only explicit users permissions are being displayed (Error2)

Any ideas to correct this without having to restart this machine during business hours?

Thank you!
Error1.PNG
0
Comment
Question by:IDMA
  • 8
  • 4
15 Comments
 

Author Comment

by:IDMA
ID: 40447981
0
 

Author Comment

by:IDMA
ID: 40447983
0
 
LVL 41

Expert Comment

by:footech
ID: 40448160
Have you investigated what the error message is referring to?  Is the time on your machine and the file server in sync with domain controllers?  Are all DCs in sync?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 6

Expert Comment

by:sAMAccountName
ID: 40448462
The clock on your file server is skewed.  You cant authenticate to active directory from the file server, so you only see the GUIDs in the permissions window instead of the domain accounts/groups (notice you can still see the local ones).  To fix this issue, you will need to set the time on the file server to match the domain.

You should be controlling time for all member servers using group policy.  Start here:  Time configuration in Active Directory (Technet Blog)
0
 

Author Comment

by:IDMA
ID: 40448580
Thanks, sAMAccountName.  But believe me that I have made sure that the time in the file server is the same as the domain.  We do have a GPO for Windows time.
I have scheduled a machine reboot for later tonight and will let you know what happens.
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 40448700
If you log on to the file server as local admin, you should be able to force a sync using:
w32tm /resync /nowait


If that doesnt update time in a minute or so, you can try to restart the time service:
restart-service w32time

A reboot shouldn't be necessary to fix a skewed clock.  Have you checked timezone and DST settings?  You can check how much the system clocks are off using w32tm:
w32tm /monitor /computers:host1,host2,host3
0
 

Author Comment

by:IDMA
ID: 40450105
Thank you all for the input.  A reboot of the server has resolved this.
Even though I tried all of your solutions, this was the most convenient fix.
0
 

Author Comment

by:IDMA
ID: 40458217
I've requested that this question be closed as follows:

Accepted answer: 0 points for IDMA's comment #a40450105

for the following reason:

All of the suggested solutions did not resolved the issue.
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 40450633
Im glad the immediate issue is resolved, but I would caution against considering this fixed.  A reboot may correct behavior but it doesnt fix anything.  Invest some time toward researching why the Time skewed despite the domain time policy.

Just my $.02
0
 

Author Comment

by:IDMA
ID: 40458218
Cancel request.  Issue continues.

sAMAccountName,

You were right.  Issue came back.

I did find the following and the 2 suggestion is to delete the RDC certificate and reboot.
I am not familiar with this certificate.  Would you say it is safe to reboot.  We have 30+ servers and this is the only one presenting this issue.

http://www.chicagotech.net/netforums/viewtopic.php?f=3&t=13346
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 40479687
IDMA,

Sorry for not getting back earlier.  I'm unclear how a certificate would affect the time service.  Can you verify a couple things?

1.  Use:  "gpresult /h <somefilename.html>" and search the output file for the time policy settings, just to make sure the policy is being applied - You will need to run this from an administrator shell
2.  Check the registry key "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\" and make sure all the parameters in the Group Policy are setting the registry values correctly.

You need to determine that 1: the group policy is being scoped/filtered/evaluated properly by the file server and 2: the policy is being applied to the registry

If you could post the settings your policy has and the settings the server has, that would be helpful
0
 

Accepted Solution

by:
IDMA earned 0 total points
ID: 40480984
No worries, sAMAccountName.
I ended up reaching out to Microsoft and found the culprit: Double-Take.  It was clogging-up the system's resources after and update going wrong.
We recently upgraded to its latest version (7.1) and the rest of the targets failed to received it.  I guess that the source server (our troubled one) kept trying to reach out to the others and this overloaded the handles.

Information provided by MS:

Symptom  
One or more processes are using a high number of handles
Description  
A process is allocating a high number of handles and this may cause performance problems.

Information Collected:
Process ID: 1896
Process Name: DoubleTake.exe
Current Handle Count: 49,625
Root Cause  
RC_HighHandleCount
Public Document
http://blogs.technet.com/b/markrussinovich/archive/2009/09/29/3283844.aspx
0
 

Author Closing Comment

by:IDMA
ID: 40624037
After reaching out to Microsoft Support, it was determined that a third-party application was using a very high number of handles on the server.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question