Unable to RDP

Hey everyone.

Today I started seeing this.  Whenever I try to RDP into one of our file servers by it DNS name, I see the Error1.  Then, it seems that groups permissions are not being applied since only explicit users permissions are being displayed (Error2)

Any ideas to correct this without having to restart this machine during business hours?

Thank you!
Error1.PNG
IDMAAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IDMAAuthor Commented:
0
IDMAAuthor Commented:
0
footechCommented:
Have you investigated what the error message is referring to?  Is the time on your machine and the file server in sync with domain controllers?  Are all DCs in sync?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

sAMAccountNameSr. Systems EngineerCommented:
The clock on your file server is skewed.  You cant authenticate to active directory from the file server, so you only see the GUIDs in the permissions window instead of the domain accounts/groups (notice you can still see the local ones).  To fix this issue, you will need to set the time on the file server to match the domain.

You should be controlling time for all member servers using group policy.  Start here:  Time configuration in Active Directory (Technet Blog)
0
IDMAAuthor Commented:
Thanks, sAMAccountName.  But believe me that I have made sure that the time in the file server is the same as the domain.  We do have a GPO for Windows time.
I have scheduled a machine reboot for later tonight and will let you know what happens.
0
sAMAccountNameSr. Systems EngineerCommented:
If you log on to the file server as local admin, you should be able to force a sync using:
w32tm /resync /nowait


If that doesnt update time in a minute or so, you can try to restart the time service:
restart-service w32time

A reboot shouldn't be necessary to fix a skewed clock.  Have you checked timezone and DST settings?  You can check how much the system clocks are off using w32tm:
w32tm /monitor /computers:host1,host2,host3
0
IDMAAuthor Commented:
Thank you all for the input.  A reboot of the server has resolved this.
Even though I tried all of your solutions, this was the most convenient fix.
0
IDMAAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for IDMA's comment #a40450105

for the following reason:

All of the suggested solutions did not resolved the issue.
0
sAMAccountNameSr. Systems EngineerCommented:
Im glad the immediate issue is resolved, but I would caution against considering this fixed.  A reboot may correct behavior but it doesnt fix anything.  Invest some time toward researching why the Time skewed despite the domain time policy.

Just my $.02
0
IDMAAuthor Commented:
Cancel request.  Issue continues.

sAMAccountName,

You were right.  Issue came back.

I did find the following and the 2 suggestion is to delete the RDC certificate and reboot.
I am not familiar with this certificate.  Would you say it is safe to reboot.  We have 30+ servers and this is the only one presenting this issue.

http://www.chicagotech.net/netforums/viewtopic.php?f=3&t=13346
0
sAMAccountNameSr. Systems EngineerCommented:
IDMA,

Sorry for not getting back earlier.  I'm unclear how a certificate would affect the time service.  Can you verify a couple things?

1.  Use:  "gpresult /h <somefilename.html>" and search the output file for the time policy settings, just to make sure the policy is being applied - You will need to run this from an administrator shell
2.  Check the registry key "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\" and make sure all the parameters in the Group Policy are setting the registry values correctly.

You need to determine that 1: the group policy is being scoped/filtered/evaluated properly by the file server and 2: the policy is being applied to the registry

If you could post the settings your policy has and the settings the server has, that would be helpful
0
IDMAAuthor Commented:
No worries, sAMAccountName.
I ended up reaching out to Microsoft and found the culprit: Double-Take.  It was clogging-up the system's resources after and update going wrong.
We recently upgraded to its latest version (7.1) and the rest of the targets failed to received it.  I guess that the source server (our troubled one) kept trying to reach out to the others and this overloaded the handles.

Information provided by MS:

Symptom  
One or more processes are using a high number of handles
Description  
A process is allocating a high number of handles and this may cause performance problems.

Information Collected:
Process ID: 1896
Process Name: DoubleTake.exe
Current Handle Count: 49,625
Root Cause  
RC_HighHandleCount
Public Document
http://blogs.technet.com/b/markrussinovich/archive/2009/09/29/3283844.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IDMAAuthor Commented:
After reaching out to Microsoft Support, it was determined that a third-party application was using a very high number of handles on the server.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.