Weird issue after upgrading domain/forest level from 2003 to 2008r2
Weird issue after upgrading domain/forest level from 2003 to 2008r2. Not sure if that has to do with it.
I see this in dns (see picture)
Also one of my remote dcs are getting authentication error has occured code 0x80004005
Any ideas?
I see this in dns (see picture)
Also one of my remote dcs are getting authentication error has occured code 0x80004005
Any ideas?
Iamthecreator
There are no pics or attachments.
ASKER
ASKER
I get this authentication error when I RDP. When I use the ip address it works
ASKER
also this
dns_second2.PNG
dns_second2.PNG
ASKER
Basically I cant rdp into my most recent DC that I promoted. When I use the dns name I get this: (see picture)
I can get in using ip address.
I upgraded the Forest/domains this morning and then I noticed this error.
Any ideas?
rdp.PNG
I can get in using ip address.
I upgraded the Forest/domains this morning and then I noticed this error.
Any ideas?
rdp.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Jeff, that worked. I'm assuming that has to do with not having the credssp updates?
Yeah. That issue has popped its ugly head several times. If you set that before installing the Credssp updates, it blocks access via name. Go figure.
And I can't even point to the KB numbers that cause it. I just know a fully patched workstation needs a fully patched server now.
ASKER
I should finish updating and then it will be fine?
What about those other 2 screenshots, are those normal?
What about those other 2 screenshots, are those normal?
It looks normal to me. The GUID CNAME records look ok but of course, without looking deeper, it would be hard to tell. As long as the data field in the first screenshot shows the FQDN of your DCs and the _tcp folder under the domain in the second one holds SRV records, then I think they are normal.
ASKER
Thank you.
Do you think this was caused by raising dfl and ffl to 2008r2? I was able to get into those newly made DCs before yesterday.
Do you think this was caused by raising dfl and ffl to 2008r2? I was able to get into those newly made DCs before yesterday.
I can only go on experience here. I have never seen an issue with RDP access caused by raising Forest or Domain functional levels. The only thing that has ever done in my experience is limit what OS can be a DC (and that is plainly listed by Microsoft). I don't know what OS you are using for desktop or Servers but we started experiencing the issue after an update to Windows last year. Microsoft updated the client Cryptographic security for Windows 7,8 and 10 and until we updated our servers, we could not access any via RDP if they were set to require NLA. We were using NLA at the time and disabling it restored access. Seems the servers needed updating in order to accept the algorithm the Clients were using. (A guess here) After fully updating the servers (we had a few 2008R2s but mostly 2012R2 and 2016) we were able to re-enable NLA.
I would be more inclined to think it was related to an update but I have seen stranger things happen. Perhaps the new DCs were not fully updated?
I would be more inclined to think it was related to an update but I have seen stranger things happen. Perhaps the new DCs were not fully updated?