Users may encounter an error when connecting to an RDS farm via the standard Remote Desktop client (mstsc.exe) on Windows Server 2008 R2. The error message appears as follows:
“The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name.”
This article discusses how to resolve this error and identifies potential causes.
System Configuration
In this case, the setup involves an RDS farm with three servers running Windows Server 2008 R2, utilizing an RD Connection Broker to distribute load and manage session reconnections. The error occurred intermittently, suggesting potential issues with one of the farm’s servers.
Step 1: Checking the DNS Cache
The first thought when encountering a DNS-related error is an issue with the DNS cache. An attempt was made to re-register the DNS record for the problematic server using the command:
ipconfig /registerdns
On the client side, the local DNS cache was cleared with the command:
ipconfig /flushdns
However, this did not resolve the issue.
Step 2: Adjusting RDP Security Level
Microsoft’s knowledge base suggests lowering the RDP connection encryption level from SSL to the native RDP Security Layer. This setting can be found in Remote Desktop Session Host Configuration > Microsoft RDP 7.1 > Properties > Security Layer. When the Negotiate method is used, it automatically switches between TLS and RDP Security Layer based on client support. However, this step also failed to resolve the issue.
Step 3: Time Synchronization
It was discovered by chance that the problematic server’s time was out of sync with the domain controller. This server was a virtual machine on an ESXi host with incorrect time settings. It turned out that VMware Tools was configured to synchronize time with the hypervisor. A time mismatch between the server and the domain controller could cause authentication issues.
1. Disable time synchronization with ESXi in the VMware Tools settings.
2. Restart the Windows Time service to synchronize with the domain controller:
net stop w32time
net start w32time
After restarting the time service, users were able to connect to the RDS farm servers without issues.
Note on DNS Usage
The “Outdated entry in the DNS cache” error may also occur if a client attempts to connect to a specific RDS farm server by name. In this case, the Connection Broker may redirect the client to a different server, and a mismatch between the specified address and the actual server can trigger the error. To avoid this, always use the RDS farm name for connections rather than the name of an individual server.
The RDP error “Outdated entry in the DNS cache” can be caused by various factors, such as time synchronization issues or DNS cache problems. In this case, the issue was resolved by synchronizing the server’s time with the domain controller and disabling time synchronization with the ESXi hypervisor.
