Solved

Windows XP on domain not allowing domain admins to RDP in

Posted on 2016-11-22
10
70 Views
Last Modified: 2016-12-21
Our company is still supporting Windows XP. They are part of a Active Directory based domain. Until Feb 2016 they were all accessible via RDP from the few trusted Domain Admins. Now about 4 - 6 sites out of 300 of them are failing to logon. When you first reboot them they can be accessed. After about a day they can't. The following was done so far.

Monitored perfmon for memory leaks. Could find any. (Remember it is only a handful of sites)

Updated the DNS addresses (Company wide changes were not implemented on some PC's thanks to group policy updates being killed by Microsoft with he AD DS migration from Windows Server 2003 to 2012.

Removed NetBIOS and made sure SMB was used instead. (That helped all clients)

Verified all patches were up to date. (most were and the rest were immediately updated manaually)

Verified no viruses were in effect

New features were added over time and the page swap file was out of range. Fixed that and made it static on another drive.  (All clients showed improvements).

Other minor fixes include defrag and cleanup.
0
Comment
Question by:hatcherb1234
  • 5
  • 5
10 Comments
 
LVL 6

Expert Comment

by:jmac44
ID: 41897979
I've seen something similar to this in another post and their problem was DHCP wasn't dynamically updating DNS A and PTR records.
See below and disregard red underline that was a screen shot for something else.
dhcp.JPG
Edit:
Also be sure those workstations Advanced TCP/IP settings are registering their their connection's addresses in DNS in the the adapters properties.
0
 
LVL 1

Author Comment

by:hatcherb1234
ID: 41897990
The graphic provided does not look like a Windows XP Pro network properties. I can't relate to your answer.
0
 
LVL 6

Expert Comment

by:jmac44
ID: 41898021
Are you the system administrator for your network?
0
 
LVL 1

Author Comment

by:hatcherb1234
ID: 41898047
Yes. I also built the AD DS and defined all of the group policies,
0
 
LVL 1

Author Comment

by:hatcherb1234
ID: 41898051
One final note. Due to the company policy the DNS is external so the AD DS is forwarded outbound trust. But that has not been a problem.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 6

Expert Comment

by:jmac44
ID: 41898122
Ok. The graphic is of DHCP Properties. If your not familiar with it, it's because it's probably being  administered somewhere within the Forest of your domain by another administrator who is also the admin of DNS. I'm assuming that you did install DNS manager and it is being propagated by the a Domain Controller in your forest that contains the FSMO roles.

There's a couple things you can try, flush and register the dns on the workstations and/or un-join them from the domain and then re-join to re-establish trust. But I'm not confident that will work. You need to find out how often DHCP is leasing IP addresses and if they are dynamically updating the A and PTR records from the DHCP Properties dialog box in the graphic of the previous post.

It sounds like the DHCP lease is on a short timer and it's not getting updated to the target machine fast enough and so when someone remotes in the DHCP DC has a different IP than what the target machine has.
0
 
LVL 1

Author Comment

by:hatcherb1234
ID: 41898194
Ok. All that makes sense. However the clients in the field use a load shared tier zero DNS which handles the whole United States for our company. The AD DS uses the building's DNS that house the AD DS also.  The building's DNS is rooted back to the same tier zero DNS  arrangement. If all of the clients were acting up I would agree in general. The only reason I brought about the DNS is all of the clients were originally pointed towards old and now outdated DNS. We updated all clients since then 2 years ago and they all became more reliable in general such as working with WSUS. All were working until the 6 clients started acting up around February 2016. Systeminfo shows the same results as the working system. Gpresult shows the same results as the working systems. If we reboot the client they work fine for a day then stop working. I initially supected a memory leak of some sorts. Please reread what I originally wrote. :-)
0
 
LVL 6

Accepted Solution

by:
jmac44 earned 500 total points
ID: 41898220
...and the reason why it works (when rebooted) is because the DNS if flushed and registered again with the DC that handles DHCP and gets the IP address that was assigned but not previously updated by the target machine. That is my theory - please reread my post. One final comment Windows XP have been EOL since 4-8-14 it's quite possible these machines are compromised. Good luck.
0
 
LVL 1

Author Closing Comment

by:hatcherb1234
ID: 41899127
Excellant support. Thank You
0
 
LVL 6

Expert Comment

by:jmac44
ID: 41899557
Thanks, glad to help!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now