RDP broken after patches to managment server

Question

We recently recently patched a management Windows server 2012 R2 and now it is giving the following error when trying to connect a RDP session:

"This Computer cannot connect to the remote computer.

Try connecting again. If the problem continues, contact the owner of the remote computer or your Network administrator."

Here are the symptoms:

1. Some admin (only admin accounts access this server) are able to access with an IP or a newly created CNAME (created for the purpose of troubleshooting this problem).
2. All admin get the stated error when using the A record created by DHCP. This A record was created when the machine build a year ago.
3. Some admin get the stated error no matter what.
4. Here are some connection tests (tried with multiple users:
   1. ping (works)
   2. nslookup (returns correct name)
   3. tracert (returns correct name)
   4. ping (works and resolves name)
   5. nslookup (shows correct info)
   6. tracert (shows correct info)

Here are the steps taken to troubleshoot:

1. IPConfig /FlushDNS and IPConfig /RegisterDNS
2. Host file is not used but we checked it anyhow
3. There is no proxy
4. Reset the IP Stack (netsh int ip reset C:\resetlog.txt)
5. Tested with several admin on different workstations.
6. Restarted server

I have attached an excel file with the most recent updates applied on 31 Jan 2018. Again, this server was built a year ago and has been used as a management server across several offices being accessed every day.

Any ideas?

Answer 1

It turned out the WID service was not starting because the local service account was not allowed to logon as a Service. Possibly this service was restricted by a patch. Also, our GPO for the OU the server is in is very dirty. Thanks for the help!