Forum Discussion
Windows Desktop Is Suddenly Broken Connecting With Hostname
Dave Patrick thank you for the feedback and suggestion.
I forgot to mention this was one of the things i checked and checked again this morning.
The time sync between all sites is spot on correct
Might check that all members are using the static address of domain controller listed for DNS on connection properties and no others such as router or public DNS. Also check domain health is 100% (dcdiag, repadmin), check the system and dfs replication event logs for clues.
Thanks.
yes all that has been checked as well as repadmin which seems to check out fine as below:
Beginning data collection for replication summary, this may take aw
..................
Source DSA largest delta fails/total %% error
DOMAINBFTEMP 08m:36s 0 / 5 0
DOMAINBV5 10m:33s 0 / 25 0
DOMAINDB 12m:03s 0 / 10 0
DOMAINDC 18m:26s 0 / 20 0
DOMAINKW5 22m:33s 0 / 50 0
DOMAINMG 12m:04s 0 / 20 0
DOMAINMP 22m:32s 0 / 25 0
DOMAINPL5B 09m:23s 0 / 20 0
DOMAINPM 09m:23s 0 / 5 0
DOMAINPT 13m:23s 0 / 10 0
DOMAINPX 08m:36s 0 / 5 0
DOMAINST4 13m:23s 0 / 15 0
DOMAINWH 07m:33s 0 / 5 0
DOMAINWN 08m:35s 0 / 5 0
SERVERKW4 23m:37s 0 / 45 0
Destination DSA largest delta fails/total %% error
DOMAINBFTEMP 10m:41s 0 / 20 0
DOMAINBV5 09m:29s 0 / 20 0
DOMAINDB 13m:25s 0 / 15 0
DOMAINDC 22m:39s 0 / 15 0
DOMAINKW5 23m:40s 0 / 35 0
DOMAINMG 05m:24s 0 / 20 0
DOMAINMP 18m:33s 0 / 10 0
DOMAINPL5B 04m:44s 0 / 15 0
DOMAINPM 05m:21s 0 / 15 0
DOMAINPT 12m:04s 0 / 20 0
DOMAINPX 09m:16s 0 / 15 0
DOMAINST4 07m:40s 0 / 15 0
DOMAINWH 09m:17s 0 / 15 0
DOMAINWN 05m:45s 0 / 5 0
SERVERKW4 22m:38s 0 / 30 0
C:\Users\>repadmin /showreps
Windhoek\DOMAINWH
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 01994859-6ad8-416e-a18f-b17306974cdd
DSA invocationID: 69d5a0ba-3ad8-4880-8010-c269456ade64
==== INBOUND NEIGHBORS ======================================
DC=,DC=co,DC=za
Kenilworth\DOMAINKW5 via RPC
DSA object GUID: adbbbe26-70de-4ad8-b9dd-7546209cdad4
Last attempt @ 2022-11-02 15:02:41 was successful.
Strand2\DOMAINST4 via RPC
DSA object GUID: cc865bae-debc-4d94-b292-6bc78da83c33
Last attempt @ 2022-11-02 15:02:42 was successful.
Kenilworth\SERVERKW4 via RPC
DSA object GUID: bafb583a-df78-445d-a6d9-d501a18ea1eb
Last attempt @ 2022-11-02 15:02:42 was successful.
CN=Configuration,DC=,DC=co,DC=za
Strand2\DOMAINST4 via RPC
DSA object GUID: cc865bae-debc-4d94-b292-6bc78da83c33
Last attempt @ 2022-11-02 15:02:41 was successful.
Kenilworth\SERVERKW4 via RPC
DSA object GUID: bafb583a-df78-445d-a6d9-d501a18ea1eb
Last attempt @ 2022-11-02 15:02:41 was successful.
Kenilworth\DOMAINKW5 via RPC
DSA object GUID: adbbbe26-70de-4ad8-b9dd-7546209cdad4
Last attempt @ 2022-11-02 15:02:42 was successful.
CN=Schema,CN=Configuration,DC=,DC=co,DC=za
Strand2\DOMAINST4 via RPC
DSA object GUID: cc865bae-debc-4d94-b292-6bc78da83c33
Last attempt @ 2022-11-02 15:02:42 was successful.
Kenilworth\SERVERKW4 via RPC
DSA object GUID: bafb583a-df78-445d-a6d9-d501a18ea1eb
Last attempt @ 2022-11-02 15:02:42 was successful.
Kenilworth\DOMAINKW5 via RPC
DSA object GUID: adbbbe26-70de-4ad8-b9dd-7546209cdad4
Last attempt @ 2022-11-02 15:02:42 was successful.
DC=ForestDnsZones,DC=,DC=co,DC=za
Kenilworth\DOMAINKW5 via RPC
DSA object GUID: adbbbe26-70de-4ad8-b9dd-7546209cdad4
Last attempt @ 2022-11-02 15:02:42 was successful.
Strand2\DOMAINST4 via RPC
DSA object GUID: cc865bae-debc-4d94-b292-6bc78da83c33
Last attempt @ 2022-11-02 15:02:42 was successful.
Kenilworth\SERVERKW4 via RPC
DSA object GUID: bafb583a-df78-445d-a6d9-d501a18ea1eb
Last attempt @ 2022-11-02 15:02:42 was successful.
DC=DomainDnsZones,DC=,DC=co,DC=za
Kenilworth\DOMAINKW5 via RPC
DSA object GUID: adbbbe26-70de-4ad8-b9dd-7546209cdad4
Last attempt @ 2022-11-02 15:02:42 was successful.
Strand2\DOMAINST4 via RPC
DSA object GUID: cc865bae-debc-4d94-b292-6bc78da83c33
Last attempt @ 2022-11-02 15:02:42 was successful.
Kenilworth\SERVERKW4 via RPC
DSA object GUID: bafb583a-df78-445d-a6d9-d501a18ea1eb
Last attempt @ 2022-11-02 15:02:42 was successful.
The search continuesThe issue seems to be related to KB 501 8419 (For Server 2019) other KB numbers will apply to other Windows Server OS:.
Info from another guy below:
The root cause is this: KB5008380—Authentication updates (CVE-2021-42287) https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041So long story short:
- update all DCs in forest to 14 Nov 2021 Updates (KB5008602 for Server 2019)
- wait until all kerberos tickets have the PAC Attributes (System Event ID 35-38 should not appear on any DC anymore)
- Install October 2022 on the DCs (KB5018419 for Server 2019)
If you have October 22 Updates on any DC and an other DC does not have the November 21 Updates installed the only workaround is to remove the October 22 Update.Thank you so much for posting the fix you found!
I've been seeing this pop up on random computers throughout my org. Here are my symptoms:
- RDP attempt to Hostname results in "Logon failed" message
- RDP attempt to IP works normally
- DNS resolves fine for every affected computer I've seen so far
- User account never locks out despite "logon failed" noticeI don't have an affected computer I can test with at the moment, but I'm hopeful those updates will help.
