This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 90%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
We have a client who has the following setup:
DC01 with AD/DC, RD Gateway, DHCP, DNS, etc.
DC02 with AD/DC, DHCP, DNS etc.
TS01
The issue randomly occurs when a user attempts to remote in using the NetBIOS name. According to the logs, the kerberos ticket is successfully created on the DC, and then moments later the session disconnects from the Gateway. No logs can be found on the TS that indicate that an attempt was even made to the TS. Usually, if we change from the NetBIOS to the IP address, or the internal FQDN it will resolve and the user can connect.
After rebooting the TS, and no other changes, the users can connect to the TS.
We are unsure how to troubleshoot this further, as a workaround, we have attempted to do a weekly reboot schedule and that is not working. If any one has any ideas on what logs we can look for, or what we can check to see what is causing the issue, that would be greatly appreciated.
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
Hello SkywalkerIsNotNull
As the nature of this issue is intermittent, you may consider using Wireshark to capture network traffic between the client, RD Gateway, and TS01. Analyzing the captured packets can reveal issues like packet loss, unexpected traffic patterns, or errors in the communication flow.
The root of this issue was Kerberos PAC. DC02 was not as up to date as was expected, and in the event logs, we found multiple Error Event 37s on DC01.
I used the command:
wevtutil qe System /q:"*[System[Provider[@Name='Microsoft-Windows-Kerberos-Key-Distribution-Center']]]"
From the primary Domain Controller, and then identified multiple Event 37's
The resolution to this was to update DC02 to the most current cumulative update, and then monitor the event logs for any additional Event 37's over the next week.