• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 77
  • Last Modified:

Unable to RDP

Hey everyone.

Today I started seeing this.  Whenever I try to RDP into one of our file servers by it DNS name, I see the Error1.  Then, it seems that groups permissions are not being applied since only explicit users permissions are being displayed (Error2)

Any ideas to correct this without having to restart this machine during business hours?

Thank you!
Error1.PNG
0
IDMA
Asked:
IDMA
  • 8
  • 4
1 Solution
 
IDMAAuthor Commented:
0
 
IDMAAuthor Commented:
0
 
footechCommented:
Have you investigated what the error message is referring to?  Is the time on your machine and the file server in sync with domain controllers?  Are all DCs in sync?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
sAMAccountNameSr. Systems EngineerCommented:
The clock on your file server is skewed.  You cant authenticate to active directory from the file server, so you only see the GUIDs in the permissions window instead of the domain accounts/groups (notice you can still see the local ones).  To fix this issue, you will need to set the time on the file server to match the domain.

You should be controlling time for all member servers using group policy.  Start here:  Time configuration in Active Directory (Technet Blog)
0
 
IDMAAuthor Commented:
Thanks, sAMAccountName.  But believe me that I have made sure that the time in the file server is the same as the domain.  We do have a GPO for Windows time.
I have scheduled a machine reboot for later tonight and will let you know what happens.
0
 
sAMAccountNameSr. Systems EngineerCommented:
If you log on to the file server as local admin, you should be able to force a sync using:
w32tm /resync /nowait


If that doesnt update time in a minute or so, you can try to restart the time service:
restart-service w32time

A reboot shouldn't be necessary to fix a skewed clock.  Have you checked timezone and DST settings?  You can check how much the system clocks are off using w32tm:
w32tm /monitor /computers:host1,host2,host3
0
 
IDMAAuthor Commented:
Thank you all for the input.  A reboot of the server has resolved this.
Even though I tried all of your solutions, this was the most convenient fix.
0
 
IDMAAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for IDMA's comment #a40450105

for the following reason:

All of the suggested solutions did not resolved the issue.
0
 
sAMAccountNameSr. Systems EngineerCommented:
Im glad the immediate issue is resolved, but I would caution against considering this fixed.  A reboot may correct behavior but it doesnt fix anything.  Invest some time toward researching why the Time skewed despite the domain time policy.

Just my $.02
0
 
IDMAAuthor Commented:
Cancel request.  Issue continues.

sAMAccountName,

You were right.  Issue came back.

I did find the following and the 2 suggestion is to delete the RDC certificate and reboot.
I am not familiar with this certificate.  Would you say it is safe to reboot.  We have 30+ servers and this is the only one presenting this issue.

http://www.chicagotech.net/netforums/viewtopic.php?f=3&t=13346
0
 
sAMAccountNameSr. Systems EngineerCommented:
IDMA,

Sorry for not getting back earlier.  I'm unclear how a certificate would affect the time service.  Can you verify a couple things?

1.  Use:  "gpresult /h <somefilename.html>" and search the output file for the time policy settings, just to make sure the policy is being applied - You will need to run this from an administrator shell
2.  Check the registry key "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\" and make sure all the parameters in the Group Policy are setting the registry values correctly.

You need to determine that 1: the group policy is being scoped/filtered/evaluated properly by the file server and 2: the policy is being applied to the registry

If you could post the settings your policy has and the settings the server has, that would be helpful
0
 
IDMAAuthor Commented:
No worries, sAMAccountName.
I ended up reaching out to Microsoft and found the culprit: Double-Take.  It was clogging-up the system's resources after and update going wrong.
We recently upgraded to its latest version (7.1) and the rest of the targets failed to received it.  I guess that the source server (our troubled one) kept trying to reach out to the others and this overloaded the handles.

Information provided by MS:

Symptom  
One or more processes are using a high number of handles
Description  
A process is allocating a high number of handles and this may cause performance problems.

Information Collected:
Process ID: 1896
Process Name: DoubleTake.exe
Current Handle Count: 49,625
Root Cause  
RC_HighHandleCount
Public Document
http://blogs.technet.com/b/markrussinovich/archive/2009/09/29/3283844.aspx
0
 
IDMAAuthor Commented:
After reaching out to Microsoft Support, it was determined that a third-party application was using a very high number of handles on the server.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 8
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now