4

I have one DC that also acts as a Hyper-V host. It hosts a build server, and a WDS server. Up until Daylight Savings happened a few days ago these were both working fine and I could remote in no problem. Cue DST and I'm getting errors about time and date mismatches. I cleared those up and now one of these two remote machines is griping about NLA:

Remote Desktop Connection: The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialogue box.

The other computer can be connected to no problem, and both of them are setup for remote desktop in the same way. What could have happened to cause such a problem? I'm at my wits end here!

mwfearnley
  • 757
  • 9
  • 21
DTI-Matt
  • 249
  • 1
  • 6
  • 20
  • 1
    `Daylight Savings happened a few days ago these were both working fine` - Well that might be a **very strong** hint that your problem might be time related. Use of the AD requires time to be accruate within 5 minutes (by default). Are you sure one of your servers didn't somehow not make the DST switch? Are you sure your timezones are properly configured on all computers? Are you sure time is synced properly? – Zoredache Nov 06 '14 at 21:33
  • The time is now working correctly after a bit of finagling. Now I'm more positive that it's a DNS issue. My working Hyper-V is able to nslookup to the DC, while the non-working one can't. The non-working one also has an IP that used to be assigned to the DC (.101) but the DC was moved to `.100` and the non-working server to `.101`. Again, all this was working fine up until a few days ago. The DC can nslookup the non-working server, but the non-working server can't do the same. Ugh. – DTI-Matt Nov 07 '14 at 15:16
  • It's definitely that because if I change it to `.103` then it can nslookup the `.100` DC no problem. So something, somewhere, is still blocking `.101` thinking it's the DC. – DTI-Matt Nov 07 '14 at 16:38
  • So it turns out that I still had an Internal IP4 connection going in RRAS. I changed the static pool to assign addesses from elsewhere, then restarted RRAS and now my 'non-working' server is working again. Hallelujah. – DTI-Matt Nov 07 '14 at 19:07

0 Answers0