0

I have a local Domain Controller (DC02) with a relatively simple AD setup that has been there for quite a few years now - maybe 6-10 years. I've moved a few of the VMs from one hypervisor to another (ESXi to Proxmox). I don't believe that is relevant, but always good to share extra just in case. The domain records seem ok on the server, both forward and reverse lookup zones show the correct IP address.

  • When I RDP in with IP Address, it works just fine.
  • When I RDP in with the host name (W2022-DEV), it does not work (I get an error stating: "The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box.")

I decided to try one more thing as well. I had already created another zone at one point called 'local' under the Forward Lookup Zones. If I create W2022-DEV there and then RDP to W2022-DEV.local - that also works fine.

Any ideas what I have setup wrong that would cause this? More information on the DC itself:

When I run:

NSLOOKUP DC02 W2022-DEV I get the following:

DNS request timed out.
    timeout was 2 seconds.
Server:   UnKnown
Address:   192.168.111.24

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

The .24 address is accurate to the W2022-DEV machine.

Improve this question
1

1 Answer 1

Reset to default
0

What OS's are you running, is the DC a older one? Are they patched to latest CU?

  1. In powershell, run Test-ComputerSecureChannel from the VM to see if its connected fully to AD
  2. You might need to tweak the RDP security, while you troubleshoot - I do it through a GPO https://i.stack.imgur.com/M1FgJ.png

MS say the reason may be:

  • The VM cannot communicate with the domain controller (DC). This problem could prevent an RDP session from accessing a VM by using domain credentials. However, you would still be able to log on by using the Local Administrator credentials. This problem may occur in the following situations:
  • The Active Directory Security Channel between this VM and the DC is broken. The VM has an old copy of the account password and the DC has a newer copy.
  • The DC that this VM is connecting to is unhealthy.
  • The encryption level of the VM is higher than the one that's used by the client computer.
  • The TLS 1.0, 1.1, or 1.2 (server) protocols are disabled on the VM. The VM was set up to disable logging on by using domain credentials, and the Local Security Authority (LSA) is set up incorrectly.
  • The VM was set up to accept only Federal Information Processing Standard (FIPS)-compliant algorithm connections. This is usually done by using Active Directory policy. This is a rare configuration, but FIPS can be enforced for Remote Desktop connections only.
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .