I Used Vpn on Rdp and Cant Login Again
KB ID 0000845
Problem
This i had me well and truly stumped! The client has two sites and from their remote site they could not open a remote Desktop connection to a server at the main site.
RDP Stuck at Securing remote connection.
At first, because the client had SBS at their main site I assumed this was the problem, but sadly it was not.
Solution
The post-obit process goes through the steps taken to identify and rectify the problem.
1. Firstly, I'm bold you tin can 'ping' the target server both by proper name and IP address, if you tin't do this, then read no further, y'all have a communication trouble, fix that showtime!
2. Cheque that RDP (TCP Port 3389) is open up by attempting to Telnet to that port on the destination server.
You may receive the post-obit error;
Windows – 'Telnet' is not recognized every bit an internal or external control
If yous simply run into a 'cursor' and so the port is open, if not it will give y'all an error. (If that is the instance then you demand to await at comms to make sure TCP Port 3389 is non being blocked, either past a hardware firewall/router, or a software firewall on either of the machines.)
3. Check no 3rd party security software is blocking RDP, by issuing the following control;
This indicates the car I'm on is running, "Tendency Micro'.
4. Endeavor disabling the security software to see if that rectifies the trouble,
Subsequently much hand wringing, and a few days of rebuilding firewall VPNs, patching servers, and installing hot-fixes, I admitted defeat and got Microsoft on the phone.
5. The fist thing they found, was if they attempted to open up a UNC path to the destinations server IP address it worked.
6. BUT If they did the aforementioned to the server proper name it failed.
Fault: The specified network name is no longer valid
7. Unremarkably this is an indication that the secure channel betwixt this machine, and the target car is broken. Normally this can exist fixed with the following commands;
internet finish KDC klist purge netdom resetpwd /server:{IP address of domain controller}/userd:{your-domain-name}ambassador /passwordd:*
Then supply the domain administrators password
cyberspace beginning KDC
However this did non prepare our problem, just indicated that it was not just RDP that was declining. Both the motorcar we were using, and the destination auto were domain controllers, then domain replication was checked and the following was plant;
Upshot ID 1865
Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Consequence ID: 1311 Task Category: Knowledge Consistency Checker Level: Error Keywords: Classic User: ANONYMOUS LOGON Figurer: your-server-your-domain.com Description: The Knowledge Consistency Checker (KCC) has detected problems with the following directory sectionalization.
Directory sectionalisation: CN=Configuration,DC=your-domain,DC=com In that location is bereft site connectivity information for the KCC to create a spanning tree replication topology. Or, 1 or more than directory servers with this directory partition are unable to replicate the directory sectionalization information. This is probably due to inaccessible directory servers. User Action Perform one of the following deportment: – Publish sufficient site connectivity data so that the KCC can determine a route by which this directory division tin can reach this site. This is the preferred option. – Add together a Connexion object to a directory service that contains the directory partition in this site from a directory service that contains the same directory sectionalization in another site.
Event ID 1311
Log Proper name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Event ID: 1566 Task Category: Knowledge Consistency Checker Level: Warning Keywords: Classic User: ANONYMOUS LOGON Estimator: your-server-your-domain.com Description: All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Event ID 1566
Log Proper noun: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Consequence ID: 1865 Chore Category: Noesis Consistency Checker Level: Warning Keywords: Classic User: ANONYMOUS LOGON Reckoner: your-server-your-domain.com Description: The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a consequence, the following list of sites cannot exist reached from the local site. Sites: CN=Your-OU,CN=Sites,CN=Configuration,DC=your-domain,DC=com
8. So we Practice have a communications trouble, some things work others do non! Let'due south make sure our traffic is not getting fragmented, y'all would expect a packet of 1500 bytes to be able to get though, ours did non, using trial and error Microsoft ascertained that 1320 was the highest nosotros could go though without error.
Note: To get the figure exactly right, you need to keep decreasing the packet size past ane, then when you accept constitute the largest size permissible, yous need to add 28 to it (for the overhead of the IP Header).
ix. So the MTU was 'locked' at BOTH ENDS (source machine and destination server). To do so, Windows Central+R > regedit > Navigate to;
HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > Tcpip > Parameters > Interfaces
Note: There may be many 'keys' here, cheque each ane in turn, to find the ane that equates to the IP address on your motorcar, (the ane you are working on).
When y'all have located the right central, create a new DWORD (32 bit) value (or edit ane if it exists) prepare the DECIMAL value to the same size that you could get though without fault in step 8.
x. Reboot the machines and try once again.
Related Articles, References, Credits, or External Links
Special thanks and credit to Harprit Singh at Microsoft, for his hard work and outstanding support.
Source: https://www.petenetlive.com/KB/Article/0000845
0 Response to "I Used Vpn on Rdp and Cant Login Again"
Postar um comentário