Last updated on November 2nd, 2020
This tutorial contains instructions to resolve the following error while trying to remotely manage a computer through Active Directory Users and Computers from the AD Domain Server 2016: "Computer cannot be connected. Verify that the network path is correct, the computer is available on the network, and that the appropriate Windows Firewall rules are enabled on the target computer.
To enable the appropriate rules Windows Firewall rules on the remote computer, open the Windows Firewall with Advanced Security snap-in and enable the following inbound rules:
COM+ Network Access (DCOM-In)…"
How to fix: Unable to Manage Computer(s) from Active Directory Users and Computers – Computer cannot be connected. (Active Directory 2016/2019)
The error message "Computer cannot be connected" in Active Directory, may appear for the following reasons:
Reason 1. The computer does not exist anymore on the network or is shut down. At this case, verify that the computer is up and running.
Reason 2. The computer's IP Address cannot be resolved from the domain controller. The problem usually occurs when the computer uses the DNS Servers provided by the router (ISP). To fix the issue, make sure that the computer uses the AD DNS.
1. Ping the computer by using its name, or use the NSLOOKUP command to find out if the computer's name and IP address, is resolved correctly from the DNS server.
2. If your Active Directory Domain controller acts also as a DNS Server, then go to Control Panel > Administrative Tools > DNS > Forward Lookup Zones to add the missing record.
Reason 3. The remote administration is blocked from the Windows Firewall on the target machine (the computer that you want to manage). To resolve this issue, you can disable the Windows Firewall on the target machine (but is not recommended), or to enable the COM+ Network Access on Windows Firewall, either only on the target machine or on all AD computers. To do that, follow one of the methods below:
- Method 1. Enable the COM+ Network Access (DCOM-In) on the Target Machine.
- Method 2. Enable the COM+ Network Access (DCOM-In) for all the Active Directory Computers (Group Policy).
Method 1. Enable the COM+ Network Access rule on the Target Machine.
To allow the Remote administration (enable COM+ Network Access), in Windows Firewall, in Windows 10, 8, 7 OS:
1. Open the registry editor on the computer that you want to connect/manage and navigate to the following registry location:
2. At the right pane, double click at RemoteAccessEnabled and change the value data from 0 to 1.
3. Click OK and close the registry editor.
4. Restart the computer.
Method 2. Allow the "Remote administration" for all the Active Directory Computers through the Domain Group Policy.
To enable the COM+ Network Access rule (allow the "Remote administration"), on all the computers in the Active Directory:
1. In Server 2016 AD Domain Controller, open the Server Manager and then from Tools menu, open the Group Policy Management. *
* Additionally, navigate to Control Panel -> Administrative Tools -> Group Policy Management.
2. Under Domains, select your domain and then right click at Default Domain Policy and choose Edit.
3. Then navigate to:
- Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile
4. At the right pane, double click at: Windows Firewall: Allow inbound remote administration exception
5. Check Enabled and click OK.
6. Close the Group Policy Management editor.
7. Finally, open Command Prompt as Administrator and give the following command to update the group policy.
- gpupdate /force
That's it! Which method worked for you?
Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.