Hello Everyone,

I'm getting a Authentication error on all of my Windows 2012 servers connecting through RDP. The weird thing is, this error only pops up using the DNS name. If I use the IP of the server, I connect with no issues or errors. 

Does anyone have any ideas?

Please let me know

Thank you

Devon

Hi Devon,

Thank you for posting in Windows Server Forum.

Whats your client OS and RDP version you are using?

From your description it occurs that there is issue resolving IP address with Hostname through DNS, so need to check the DNS record to see whether Hostname I mapped with IP address. Initially you can also try to clear DNS cache and try to flush with below command.
Ipconfig /flushdns

Then you can check using nslookup command whether you can resolve IP address from Hostname. You can check following articles for DNS troubleshooting.
- Cannot Connect to Remote Systems Using Host Name
- Troubleshooting DNS Servers

Hope it helps!

Thanks.

Thank you for the reply...

DNS seems to be fine, nslookup and ping work fine.. Its just weird this is only happening with windows server 2012.

I'm using Windows 8 as a client.

Devon

sounds like a permissions issue.   Check out the Event logs on your server.  Is the user a remember of the local admin group or remote desktop?

more info

https://social.technet.microsoft.com/Forums/en-US/ee4353f6-1977-47b4-a521-60a26986b361/authentication-error-has-occurred-code-0x80004005

The user is in the Remote desktop group... It works fine using IP, just not DNS name.

Devon

Hi,

Thanks for your comment.

Think that you are connecting from a machine in the same network and both are Windows. When you are pinging with server name (abc) what IP you are getting, is it same server IP?
Does it give a different computer name? 

If so then your DNS server is not updated with resource records of Server (abc). From abc, try ipconfig /registerdns. It will take few minutes to register that computers resource records with DNS.

Also suggest you to try access machine with FQDN if you have not tried it yet. Sometime it happens trying just giving computer name will not connect, but giving the Full-Qualified name will connect.

If the above fails, try using nslookup for abc and compare the IPs you get. If these are different, then your DNS is definitely not updated. Then try to proper registering with DNS. 

The name resolution problem might be in your Hosts file and LMHOSTS file, which looks for addresses sequentially from the top down. If more than one address is listed for the same host name, TCP/IP returns the first value it encounters, whether that value is accurate or not.
You can find the Host file and LMHOSTS file in \% SystemRoot %\System32\Drivers\Etc. Note that this file does not exist by default; a sample file named hosts & LMHOSTS.SAM exists. Please rename the original file before you change anything and then used changed file.

Apart if still facing issue after checking above steps, you can capture network related logs with NetMon (Network Monitir) and see the RDP port with destination address that whats the error cause this to happen.

Hope it helps!

Thanks.

Hi,

Dharmesh Solanki provided very good explanation on the potential DNS issue with the server you reported, you may like to check the name resolution to start with, use basic tools like ping with FQDN, nslookup check the dns zone entries make sure they are not static etc, keep us posted what you found out with the tests above.

Thank you Dharmesh for your information..

DNS is working just fine, all of my other servers are working as well... Its just Windows 2012 servers that are having this issue. The FQDN name also resulted in the same error.

Keep in mind, I have a mixed AD environment, Domain Level 2003. I do not have a Windows 2012 server, only 2003 and 2008. I have however, upgraded the schema to 2012. I think this might be a certificate issue.

Any other ideas?

Devon

Hi Devon,

Still suggest you to check below steps for further troubleshooting.
- Ensure that at least one correct DNS record is registered on each domain controller. 
- To ensure that a correct DNS record is registered on each domain controller, find this server's Active Directory replication partners that run DNS. 
- Open DNSManager and connect in turn to each of these replication partners. 
- Find the host (A) resource record registration for this server on each of the other replication partner domain controllers. 
- Delete those host (A) records that do not have IP addresses corresponding to any of this server's IP addresses. 
- If a domain controller has no host (A) records for this server, add at least one that corresponds to an IP address on this server. (If there are multiple IP addresses for this server, add at least one that is on the same network as the domain controller you are updating.)  

Name resolution may also fail with the RPC Server is unavailable error if NetBIOS over TCP/IP is disabled on the WINS tab in the advanced section of the TCP/IP properties. The NetBIOS over TCP/IP setting should be either enabled or default (use DHCP).   

More troubleshooting steps you can find over here.
Windows Server Troubleshooting: "The RPC server is unavailable"

In addition, as you have commented verify your certificate is correct and matching the server name properly which can resolve the name form internal external environment.

Hope it helps!

Thanks.

Hi Devon,

the DNS name you use, is it the FQDN of your 2012 server or an alias ?