2

I have a domain, 'domain.local' and I have set up a child domain named 'development.domain.local'.

The Domain Controller for 'domain.loacl' is running Windows Server 2012R2, and the Domain Controller for 'development.domain.local' is running Windows Server 2019.

I have set up DNS stub zones on each domain controller, and I can successfully perform NSLookup and ´ping´ between servers in both directions.

I can RDP from the Child domain controller to servers in the parent domain (as long as I provide credentials from the Parent domain, of course).

When I attempt to RDP from systems on the Parent domain to the Child domain, I am not able to.

I don't even get prompted for credentials, or anything. RDP errors out as if the server on the Child domain is offline. The server is on, and they're on the same switch and the same subnet.

It is not DNS related, or network hardware/policy related as I can perform NSLookup and Pings in both directions. It is not credentials related, as I am using an Enterprise admin account, and I am not even prompted for credentials. I was able to RDP before promoting the Child DC, and I can even RDP to it if I demote it. It let's me on with local server credentials if it has been demoted and is not on any domain. I have also disabled the local Windows Firewall without any luck.

bjoster
  • 4,805
  • 5
  • 25
  • 33
Alexander The Great
  • 21
  • 3

1 Answers1

0

It turns out the issue was related to Group Policy. When the systems left the Parent domain and were joined to the Child domain, they lost the group plocy which enables RDP. I created a new group policy object in the Child domain and eveyrthing works as expected.

The policy in question is: Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Connections.

I needed to enable Allow users to connect remotely using Remote Desktop Services.

Alexander The Great
  • 21
  • 3