When attempting to establish Remote Desktop Protocol (RDP) connections from Windows 7 workstations to newly deployed Windows Server 2008 R2 systems using hostnames, administrators encounter:
The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name.
The issue demonstrates these characteristics:
- Exclusive to Windows 7 → Windows Server 2008 R2/R1 connections
- Works when using IP addresses instead of hostnames
- Non-R2 servers and non-Win7 clients function normally
The problem stems from a mismatch in how Windows 7 and Server 2008 handle DNS resolution during RDP handshake:
// Pseudo-code of the resolution process
if (client.OS == Windows7 && server.OS == Server2008R2) {
verifyHostname(connectionRequest) {
// Bug occurs in this verification layer
return incorrectHostnameError;
}
}
Solution 1: DNS Cache Flush (Temporary Fix)
Execute on Windows 7 client:
ipconfig /flushdns nbtstat -R
Solution 2: Hosts File Entry (Permanent Fix)
Modify %SystemRoot%\System32\drivers\etc\hosts:
# RDP Fix for Server2008R2 192.168.1.100 server01.company.local
Solution 3: Registry Modification
Create this registry key on Windows 7 clients:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services] "DisableUDPPort"=dword:00000001
For network administrators needing deeper diagnosis:
# PowerShell DNS verification Test-NetConnection -ComputerName server01 -Port 3389 Resolve-DnsName server01.company.local | Format-List
- Ensure consistent DNS configuration across all domain controllers
- Verify reverse DNS (PTR) records exist for all servers
- Consider implementing DNSSEC for enhanced validation
When establishing RDP connections between Windows 7 clients and Windows Server 2008 R2 (or even non-R2) systems, you might encounter this cryptic error:
The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name.
The issue exhibits these specific characteristics:
- Only occurs between Windows 7 clients and Server 2008/R2 targets
- Works fine when using IP addresses instead of hostnames
- No issues when connecting from non-Win7 clients to 2008/R2
- No problems when Win7 connects to non-2008/R2 servers
The core issue stems from TLS/SSL certificate validation during RDP handshake:
- Windows Server 2008/R2 presents its certificate during connection
- Windows 7 performs strict hostname verification against the cert's SAN
- DNS caching issues cause mismatched hostname resolution
Method 1: Flush DNS Cache
Run this command on the client machine:
ipconfig /flushdns
Method 2: Use IP Address Connection
Create a new RDP shortcut with:
mstsc /v:192.168.1.100
Option 1: Update DNS Records
Ensure your DNS server has:
server01.example.com. IN A 192.168.1.100
Option 2: Certificate Fix
On the server, run this PowerShell to check cert binding:
Get-ChildItem -Path Cert:\LocalMachine\My |
Where-Object {$_.Subject -match "server01"} |
Select-Object Subject, Thumbprint
For enterprise environments, modify this registry key on Win7 clients:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] "AllowEncryptionOracle"=dword:00000002
Save as rdp_fix.reg and merge.
After applying fixes, verify with:
nslookup server01.example.com ping server01.example.com Test-NetConnection -ComputerName server01 -Port 3389