Solved

Terminal Services is Jacked UP!!!

Posted on 2004-10-28
306 Views
Last Modified: 2011-09-20
Greetings:

I want to allow simple remote administration of our 2003 Server that is acting as a DC.  I only want to grant myself access to this as administrator.  I have had myriad problems; here is my story:

After installing 2003 Server and AD, I was able to connect via terminal services just fine.  One day I had a friend connect from outside of our network to test my ability to remotely troubleshoot the machines while I was traveling.  I simply gave him my username and password and allowed him to test using that (i was unsuccessful in granting him access using a different user account).  Ever since then, when I tried to connect via RDP, I got the "there are no terminal servers licensing, blah blah blah) error.  So I went into the Terminal Services configuration and changed to Per User licensing.  This allowed me to connect via TS to at least get the authentication dialog box.  When I tried to log on as administrator, I got the "Local Policy does not allow you to logon interactively error).  So I went into the GP for the domain and changed the "Allow Logon Locally" to allow the accounts that I desired to log on locally.  Now when I try to connect I get the "You do not have access to this session" error.  ***Note all errors messages are as I can remember them and not 100% exact, but I think I have conveyed the gist of the message.

I'm stumped.  This shouldn't be a tough thing to do.
0
Question by:knottydrd
    8 Comments
     
    LVL 10

    Accepted Solution

    by:
    You do not need to have terminal services installed.  Just un-install terminal services and use the remote desktop support which is built into the 2003 server.  Terminal Services requires licensing and needs configuring and is exactly the same thing as remote desktop the only difference is that remote desktop limits to only two concurrent users and is only supposed to be used for remote administration on 2003 server while terminal services is meant for application/numerous people working from the environment hence needing licensing etc...after 30 days i believe it may be longer terminal services will stop working unless you setup a terminal services licensing server.

    Dis
    0
     
    LVL 10

    Expert Comment

    by:dis1931
    "Local Policy does not allow you to logon interactively error", this error will come up if you are not an admin on this server.  This is standard security for an AD controller.  You can change this however by changing the security policies on the server.

    Dis
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    i agree in all what dis931 sayed.
    just one point differs: in windows 2003 the TS grace period is 120 days.
    0
     
    LVL 10

    Expert Comment

    by:dis1931
    thanks for the correction WeHe, I thought I remember it changing for 2003 but didn't remember...thanks

    0
     
    LVL 11

    Expert Comment

    by:WeHe
    you are right, it has changed.
    on w2k its 90 days, on w2k3 its 120 days :)
    0
     

    Author Comment

    by:knottydrd
    I was going to uninstall TS but I got a warning that any application installed after TS will be unusable.  I don't believe that I have installed any applications since the server was set up but I 'm wondering does this mean that those apps will be disabled?
    0
     
    LVL 16

    Assisted Solution

    by:JamesDS
    knottydrd
    You are fine to uninstall terminal services, you will not lose access to anything on the server - provided you address the local policy issue.

    To enable remote administration, you need to go to the control panel/system applet and on the remote tab click allow in the relevant box. TS in remote admin mode only allows administrators to connect to it.

    Cheers

    JamesDS
    0
     

    Author Comment

    by:knottydrd
    The "Allow Terminal Services Logon" for the user was unchecked in the AD.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Learn The Basics of Ethical Hacking & Pen Testing

    Computer and network security is one of the fastest growing and most essential industries in technology, meaning companies will pay big bucks for ethical hackers. This is the perfect course to leap into this lucrative career, learning how to use ethical hacking to reveal ...

    When bringing a new server on line, you may see an error that says: The Security System detected an authenticaton error for the server ldap/xxxxxxxt. The failure code from the authentication protocal Kerberos was "There are currently no logon se…
    Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
    This video discusses moving either the default database or any database to a new volume.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now