I got here throughout the following error when attempting to attach by way of RDP to a distant server in the AD area. After specifying the right area credentials for the RDP person, the error message appeared (proven under) and the RDP shopper window closed.
Remote Desktop can not confirm the id of the distant pc as a result of there’s a time or date distinction between your pc and the distant pc. Make positive your pc’s clock is about to the right time, after which strive connecting once more. If the downside happens once more, contact your community administrator or the proprietor of the distant pc.
As it seems from the error, the RDP shopper couldn’t authenticate utilizing Kerberos, since the time distinction between the native and distant pc exceeds 5 minutes. But in my case it turned out that it was not true: having opened the distant server console over ILO, I made positive that the time and had been the similar on each computer systems (and had been obtained from the similar supply NTP server).
You can attempt to test the time on the distant pc utilizing this command:
web time remote-computer-IP-address
You can sync time manually simply in case and restart the w32time service:
w32tm /config /manualpeerlist:your_ntp_server_ip NTP,0x8 /syncfromflags:guide
web cease w32time & web begin w32time & w32tm /resync
article describes another the explanation why time will be incorrect on a pc.
Tip. If the distant server is digital machine, make sure that if the time synchronization with the host hypervisor is disabled in the VM settings.
If you will have bodily entry to the distant pc (I had entry via the HPE ILO console), test the DNS server in the community adapter settings. Also just be sure you can entry this DNS server out of your distant server. It is simpler to do it utilizing this command:
nslookup some_server_name DNSServername
If the DNS server will not be responding, ensure that it’s working appropriately or attempt to specify one other DNS server tackle.
If a number of community adapters are used on the distant pc, ensure that the routing desk is right when accessing the DNS server. The pc might attempt to entry the DNS server utilizing one other community adapter a special IP subnet.
Try to hook up with the distant pc utilizing the IP tackle as an alternative of full FQDN DNS title in the RDP shopper connection window. In this case, Kerberos received’t be used for authentication.
Make positive that belief relationship with the AD area exists. To do it, run this PowerShell command:
If there may be trusted relationships, it’s going to return True.
To restore the trusted relationship with the Active Directory area, you need to use this command:
Test-ComputerSecureChannel -Repair -Credential contosoyour_admin_account_name
If the error “
Test-ComputerSecureChannel : Cannot reset the safe channel password for the pc account in the area. Operation failed with the following exception: The server will not be operational” seems, test the availability of the area controller out of your server and open TCP/UDP ports for “Domain and Trusts” service utilizing the device.
Make positive that the similar “RDP Security Layer” is chosen each on the native and distant pc. This parameter could also be set utilizing the “Require use of particular safety layer for distant (RDP) connections” coverage in the GPO part Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security by choosing much less safe RDP stage as described in . Or do it utilizing this registry key: HKLMSystemCurrentControlSetControlTerminal ServerWinStationsRDP-TcpSecurityLayer.
It can be advisable to ensure that the downside will not be associated to the latest modifications in the protocol.