Solved

Unable to RDP

Posted on 2014-11-17
15
65 Views
Last Modified: 2015-02-22
Hey everyone.

Today I started seeing this.  Whenever I try to RDP into one of our file servers by it DNS name, I see the Error1.  Then, it seems that groups permissions are not being applied since only explicit users permissions are being displayed (Error2)

Any ideas to correct this without having to restart this machine during business hours?

Thank you!
Error1.PNG
0
Comment
Question by:IDMA
  • 8
  • 4
15 Comments
 

Author Comment

by:IDMA
ID: 40447981
0
 

Author Comment

by:IDMA
ID: 40447983
0
 
LVL 40

Expert Comment

by:footech
ID: 40448160
Have you investigated what the error message is referring to?  Is the time on your machine and the file server in sync with domain controllers?  Are all DCs in sync?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 6

Expert Comment

by:sAMAccountName
ID: 40448462
The clock on your file server is skewed.  You cant authenticate to active directory from the file server, so you only see the GUIDs in the permissions window instead of the domain accounts/groups (notice you can still see the local ones).  To fix this issue, you will need to set the time on the file server to match the domain.

You should be controlling time for all member servers using group policy.  Start here:  Time configuration in Active Directory (Technet Blog)
0
 

Author Comment

by:IDMA
ID: 40448580
Thanks, sAMAccountName.  But believe me that I have made sure that the time in the file server is the same as the domain.  We do have a GPO for Windows time.
I have scheduled a machine reboot for later tonight and will let you know what happens.
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 40448700
If you log on to the file server as local admin, you should be able to force a sync using:
w32tm /resync /nowait


If that doesnt update time in a minute or so, you can try to restart the time service:
restart-service w32time

A reboot shouldn't be necessary to fix a skewed clock.  Have you checked timezone and DST settings?  You can check how much the system clocks are off using w32tm:
w32tm /monitor /computers:host1,host2,host3
0
 

Author Comment

by:IDMA
ID: 40450105
Thank you all for the input.  A reboot of the server has resolved this.
Even though I tried all of your solutions, this was the most convenient fix.
0
 

Author Comment

by:IDMA
ID: 40458217
I've requested that this question be closed as follows:

Accepted answer: 0 points for IDMA's comment #a40450105

for the following reason:

All of the suggested solutions did not resolved the issue.
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 40450633
Im glad the immediate issue is resolved, but I would caution against considering this fixed.  A reboot may correct behavior but it doesnt fix anything.  Invest some time toward researching why the Time skewed despite the domain time policy.

Just my $.02
0
 

Author Comment

by:IDMA
ID: 40458218
Cancel request.  Issue continues.

sAMAccountName,

You were right.  Issue came back.

I did find the following and the 2 suggestion is to delete the RDC certificate and reboot.
I am not familiar with this certificate.  Would you say it is safe to reboot.  We have 30+ servers and this is the only one presenting this issue.

http://www.chicagotech.net/netforums/viewtopic.php?f=3&t=13346
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 40479687
IDMA,

Sorry for not getting back earlier.  I'm unclear how a certificate would affect the time service.  Can you verify a couple things?

1.  Use:  "gpresult /h <somefilename.html>" and search the output file for the time policy settings, just to make sure the policy is being applied - You will need to run this from an administrator shell
2.  Check the registry key "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\" and make sure all the parameters in the Group Policy are setting the registry values correctly.

You need to determine that 1: the group policy is being scoped/filtered/evaluated properly by the file server and 2: the policy is being applied to the registry

If you could post the settings your policy has and the settings the server has, that would be helpful
0
 

Accepted Solution

by:
IDMA earned 0 total points
ID: 40480984
No worries, sAMAccountName.
I ended up reaching out to Microsoft and found the culprit: Double-Take.  It was clogging-up the system's resources after and update going wrong.
We recently upgraded to its latest version (7.1) and the rest of the targets failed to received it.  I guess that the source server (our troubled one) kept trying to reach out to the others and this overloaded the handles.

Information provided by MS:

Symptom  
One or more processes are using a high number of handles
Description  
A process is allocating a high number of handles and this may cause performance problems.

Information Collected:
Process ID: 1896
Process Name: DoubleTake.exe
Current Handle Count: 49,625
Root Cause  
RC_HighHandleCount
Public Document
http://blogs.technet.com/b/markrussinovich/archive/2009/09/29/3283844.aspx
0
 

Author Closing Comment

by:IDMA
ID: 40624037
After reaching out to Microsoft Support, it was determined that a third-party application was using a very high number of handles on the server.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question