So, the entire environment is in AWS. I have 2 VPC's A and B - A has AD in it, and B has multiple domain joined servers. The domain joining and other AD connections work across VPC peering. I can login using domain admin to the VPC B servers (though there's a little lag) successfully. Within the AD, I have added all the users to remote desktop users group, but the other domain users can login to a server only if their domain credentials are added in the local server remote desktop users group. I know this is not the correct way. When I check the rsop, I see that the domain group policy is being inherited, but when I try to update group policy (gpupdate, there comes the error:

Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Can someone help me understand what's the issue here.? Any help would really be appreciated.


Solution 1:

Within the AD, I have added all the users to remote desktop users group, but the other domain users can login to a server only if their domain credentials are added in the local server remote desktop users group. I know this is not the correct way.

That actually is the correct way. Membership in the domain Remote Desktop Users group grants the ability to log onto Domain Controllers via Remote Desktop Services. This domain group does not grant the ability to log on to domain members via Remote Desktop Services.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc756898(v=ws.10)

As for your Group Policy processing problem, what are the domain members using for DNS (in the TCP/IPv4 properties of the NIC)? What is the Domain Controller using for DNS (in the TCP/IPv4 properties of the NIC)?