RDP Relay Error: "This computer can't connect to the remote computer."

  • 7017886
  • 26-Jul-2016
  • 23-Sep-2020

Environment

NetIQ Privileged Account Manager

Situation

User receives the following error when attempting to launch RDP Relay from the User Console:
This computer can't connect to the remote computer.

OR When Launching RDP Relay, the server responds with the following:
The user name or password is incorrect. Try again.

Resolution

There can be several environment-related causes. Please verify the following:

  1. The Domain Name of the Resource in the Credential Vault is configured to be the AD NetBIOSName.
    Note: Requires the Active Directory module for Windows Powershell to be installed. For more details, please refer to the Additional Information section below.

    Powershell> Get-ADDomain
    ...
    OR Get-ADDomain | findstr NetBIOSName
    OR (Get-ADDomain -Identity (Get-WmiObject Win32_ComputerSystem).Domain).NetBIOSNameNetBIOSName: ADDomain

  2. The cmdctrl rule is properly configured with the appropriate Domain credential details, for example:

    Account Domain: NetBIOSName (Domain)
    Credentials: Domain\Administrator
    Run User: Domain\Administrator
    Note: Please verify that "Domain" is consistently used here.

  3. (conditional) If the Run Host has been configured with DNS Name, then this must be resolvable from the RDP Relay server's perspective. Please verify this name resolved to the proper ip address, from a terminal on the RDP Relay server:

    nslookup <Run Host>
    ping <Run Host>

  4. RDP Port is accessible from RDP Relay server to Run Host. Please verify from a terminal on the RDP Relay server:

    telnet <Run Host> 3389
    Note: default 3389 unless otherwise specified in the cmdctrl rule.

  5. Otherwise, please enable the client.log and analyze for any errors in establishing the rdp session from the rdp relay server to the run host:
    See TID 7021106 - How to enable the client log.

Additional Information

How to install Active Directory module for Windows Powershell

(Option 1) Add the module as a feature in the Server Manager:
  • Server Manager > Manage > Add Roles and Features > Next until the Features section.
  • Enable Active Directory module for Windows Powershell in Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
(Option 2) Install the module from Powershell console:
Install-WindowsFeature RSAT-AD-PowerShell

How to install telnet on Windows Server with PowerShell

(Option 1) Add the feature in the Server Manager:
  • Server Manager > Manage > Add Roles and Features > Next until the Features section.
  • Enable Telnet Client.
(Option 2) Install the feature from Powershell console:
Import-Module servermanager
Add-WindowsFeature telnet-client