Member Avatar for Dani

Last week, Google AdWords editor setup wizard crashed in the middle of an install, and Windows Explorer started acting super funky ever since. The desktop icons for My Computer, Recycle Bin, etc. would intermittently show up with the unknown file icon, and Windows Explorer would freeze everytime I pressed the Windows key or clicked the Windows 8 version of the start menu.

My Windows 8 workstation is on a domain. My server / domain controller powered by Windows Server Essentials (Windows Server 2012 R2) was making regular System Restore images, so I used Windows PE on a USB stick to do a system restore over the network from a couple of days prior.

Everything works just fine (from what I can tell), with one major exception. RDP suddenly no longer works, and I can't figure out why!! I double checked, and the setting is exactly as it should be, enabled with access granted to the domain user I want.

When I attempt to connect to connect from my mac at home, I get the following error message:

The credentials are correct, but the host cannot log you on for another reason. Please check if your password has expired or contact your system administrator for assistance.

When I attempt to connect from the domain controller itself, I get the following error message:

Remote Desktop can't connect to the remote computer for one of these reasons:
1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network

Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.

The Windows Server Essentials dashboard shows the computer online and the server is continuing to schedule and store regular backups over the network. Additionally, there are no issues connecting to network drives.

The Windows Firewall on the workstation is turned off. As mentioned above, I can't even connect from the domain controller, which is on the same router / internal network.

Absolutely nothing changed other than doing a system restore from a backup that was only a couple of days old. All my other settings on the computer seem fine.

Edited by Dani
  • 4 Contributors
  • 9 Replies
  • 2K Views
  • 2 Weeks Discussion Span
  • Latest Post Latest Post by jonmaekle

Recommended Answers

All 9 Replies

Member Avatar for Dani

Based on some feedback I received via Facebook, there seems to be some confusion.

Windows Server has no issues at all. It serves as the domain controller and file server and has been effectively storing backups.

My Windows 8 workstation is what has been having issues. First crashes lead me to do a system restore off of a backup the server had, and now, while my crashing problem is cured, I can no longer RDP into it.

All other network communication is fine. My domain controller server is able to effectively initiate and store backups, etc.

Member Avatar for rubberman

Have you turned off the Windows firewall after reinstalling the OS? What about credentials for enabling RDP?

Member Avatar for cgeier

Here are a few ideas:

Ensure that "Don't allow connections to this computer" is not selected (on workstation)

Open "System Properties"

  • Win-logo-key + R (or in Charms, select "Select Apps", type "run")
  • type: "control.exe sysdm.cpl"

Then:

  • Select "Remote" tab
  • Change/verify settings for "Remote Desktop"

If you made changes, re-test your connection.

Reset computer account

  • On Server, open the Active Directory Users and Computers console
  • Select the "Computers" container.
  • Right click on the computer that you are having trouble with. Select the Reset Account command from the shortcut menu.
  • When you do, you will see a prompt asking you if you are sure that you want to reset the computer account. Click Yes and the computer account will be reset.

Alternatives:
Netdom resetpwd

Powershell Reset-ComputerMachinePassword

After resetting the computer account, perform a backup of the workstation.

Re-join workstation to domain.
Trust Relationship Between Workstation and Domain Fails

If the Secure Channel is Broken between Domain controller and workstations
...A common cause of broken secure channel [machine account password] is that the secure channel password held by the domain member does not match that held by the AD. Often, this is caused by performing a Windows System Restore (or reverting to previous backup or snapshot) on the member machine, causing an old (previous) machine account password to be presented to the AD...

Resolution:
Most simple resolution would be unjoin/disjoin the computer from the domain and rejoin the computer account back to the domain.
(this is a somewhat similar principle to performing a password reset for a user account)

You can change the Win 8 workstation back to "Workgroup", re-boot. Then change it back to domain again, by selecting "Domain".

Remove Windows 8 - from the domain

Open "System Properties"

  • Win-logo-key + R (or in Charms, select "Select Apps", type "run")
  • type: "control.exe sysdm.cpl"

Then,

  • Select "Computer Name" tab
  • Select "Change"
  • Select "Workgroup"
  • Re-boot computer.
  • After reboot, re-enter this screen and select "Domain".

After joining the domain, perform a backup of the workstation.

Edited by cgeier
Member Avatar for cgeier

Use Nltest to test trust relationship
nltest

nltest /server:<server name> /sc_query:<domain name>

nltest /server:<server name> /sc_verify:<domain name>

/sc_query: <DomainName>
Reports on the state of the secure channel the last time that you used it. (The secure channel is the one that the NetLogon service established.) This parameter lists the name of the domain controller that you queried on the secure channel, also.

/sc_verify: <DomainName>
Checks the status of the secure channel that the NetLogon service established. If the secure channel does not work, this parameter removes the existing channel, and then builds a new one. You must have administrative credentials to use this parameter. This parameter is only valid on domain controllers that run Windows 2000 with Service Pack 2 and later.

Member Avatar for Dani

Have you turned off the Windows firewall after reinstalling the OS?

Windows Firewall was previously already turned off before the system restore. After the system restore, I double-checked, and it was still disabled.

What about credentials for enabling RDP?

I double checked those, as well, after the system restore, and they were correctly set just the way they were supposed to be.

I only did a system restore from a backup from a couple of days prior, and I hadn't even used my computer in that time frame.

Reset computer account

I am able to use the credentials I log into on my workstation to successfully navigate around network drives on the server.

Re-join workstation to domain.

The domain controller is not only able to successfully see the workstation as successfully connected to the domain from within Windows Server Essentials Dashboard, but it's also able to confirm the workstation is 'Online', change group policy settings, and even remotely back up the workstation.

The only thing that's not working is RDP, which doesn't work from the server/domain controller connected to the same router, nor does it work from my home iMac.

Member Avatar for cgeier

Do you have sleep/hibernation disabled (or set to "Allow wake timers") on the workstation? Are you able to rdp to this workstation from any other computer (on the same side of the router or remotely)?

Check value of the following registry keys on workstation:

  • HKEY_Local_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\PortNumber

Check that workstation is listening on the port:

  • netstat -anp TCP

should see something like 0.0.0.0:3389 (where 3389 is the PortNumber from the registry key)

When you attempt to connect are you typing "Domain\username" or "username"? Try both.

Are you connecting remotely using the IP Address? If you are connecting locally (inside the network), do you use the the IP Address or name? (When on a domain, you may have to type: name.local)

Resource:
Remote Desktop for Windows 8

Enabling Remote Desktop

Edited by cgeier
Member Avatar for Dani

Do you have sleep/hibernation disabled (or set to "Allow wake timers") on the workstation?

Yes, the computer doesn't go to sleep.

Are you able to rdp to this workstation from any other computer (on the same side of the router or remotely)?

No and no.

When you attempt to connect are you typing "Domain\username" or "username"? Try both.

I always use Domain\username.

Are you connecting remotely using the IP Address? If you are connecting locally (inside the network), do you use the the IP Address or name? (When on a domain, you may have to type: name.local)

I use the name when trying to connect interally. It worked for the past year.

Member Avatar for Dani

I was finally able to get this fixed. After doing a whole handful of stuff trying to "fix" users on the server side, disconnecting and reconnecting to the domain on the workstaiton fixed the issue.

Member Avatar for jonmaekle

Have you turned off the Windows firewall

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.