We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Remote Desktop to Server not allowed...  Have checked local security settings...  Why??

BroadAustralia
on
Medium Priority
506 Views
Last Modified: 2008-02-01
Hello

I have a Windows Server 2003 box that gives me the following error when attempting to connect via Remote Desktop.  ( The logon screen comes up but throws this error when hitting OK )

Error Message:
To log on to this remote computer, your must have Terminal Server User Access permissions on this computer.  Be default, members of the Remote Desktop Users group have these permissions.  If you are not a member of the Remote Desktop Users group or another group that these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually.

I am trying to logon as Administrator - have checked that Administrator is in Remote Desktop Users group whilst in secpol.msc   ( Local Policies | User Rights Assessment | Allow logon thru terminal services )..  Resorted to explicity adding Administrator to this list of authorised users & rebooted but still no good.

Have checked AD and Administrator has been given right to use terminal services....

(Term Services is running on port 3390)

Please any ideas?  What else should I check..  

Thank you,

Broad.
Comment
Watch Question

Commented:
http://www.computing.net/windows2003/wwwboard/forum/4298.html
Subject: Windows 2003 Terminal Server

Original Message
Name: Scott (by smckellar)
Date: September 06, 2005 at 19:34:50 Pacific
Subject: Windows 2003 Terminal Server
OS: Windows 2003 Terminal Server
CPU/Ram: 2.8Ghz/2Gb
System Manufacturer: HP
Comment:

    Hi,

    I'm running a Windows 2000 Server (DC) and a Windows 2003 Terminal Server. Yesterday everyone, inc me(Administrator) could log into the Terminal Server remotely. However, today when anyone (including me) tries I get the following error. (It does not make sense it would work one day and not another, without any changes being made)


    "To log on to this remote computer, you must have Terminal Server User Access permissions on this computer. By default, members of the Remote Desktop Users group have these permissions. If you are no a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually."


Report Offensive Message For Removal

Response Number 1
Name: Mike (by Arf)
Date: September 16, 2005 at 08:08:42 Pacific
Subject: Windows 2003 Terminal Server
Reply:

    Do you have these permissions?


Report Offensive Follow Up For Removal

Response Number 2
Name: shaneP
Date: September 30, 2005 at 05:01:33 Pacific
Subject: Windows 2003 Terminal Server
Reply:

    it makes sense....

    When the 2003 server is first installed it assumes it will take you a while to get the lic server set up, so from the time the first user logs in via terminal services it gives you 120 days to get the lic server in place.

    After 120 days it requires that the users logging in are in the "Remote Desktop User Group" or that they have the "Terminal Server User Access Right". There are also licence requirements needless to say :-P

    Anyway, that sounds like what happened in your case, you made no changes but the 120 days expired (rember it is from the first terminal services login, not since the server went in).

    Because the DC is win2k the "Remote Desktop User" group is not there :-( [it should be in the AD users + Groups under built in accounts].

    This is where i am stuck myself at the moment :-) Trying to fix an almost identical problem.

    As a work around for the admins, install VNC as a service. It will allow you access to the server desktop via the viewer. its not ideal but it means you can do SOME stuff as before.

    hope this helps.

    S


Report Offensive Follow Up For Removal

Response Number 3
Name: shaneP
Date: September 30, 2005 at 06:22:44 Pacific
Subject: Windows 2003 Terminal Server
Reply:

    Woohoo!!!!! got it :-)

    as ever you feel feel foolish when you get it :P

    go into the terminal server config, right click the connection and go to properties. In there you need to add the users that can terminal server in :-)

    you'll still need to get lics though.

    hope this fixes it for you too :)

    S

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2006

Commented:
Hi BroadAustralia,

heya mate have you checked under the actual terminal services connection in the manager? check the permissions TAB

Cheers!

Author

Commented:
Hey Jay Jay!

I don't have a permissions tab??

Have got under the server I want to connect to:
USERS    SESSIONS    PROCESSES

Thanks,

Broad.
CERTIFIED EXPERT
Top Expert 2006

Commented:
under start menu - programs - admin tools - terminal services configuration      

you are looking for the RDP-TCP... connection    under the properties of that you should have permissions

is this installed as an application server or remote administration server?

Cheers mate

Author

Commented:
Ah yes I found that and can see group Administrators have full rights....  Have added user Administrator explicitly even though is member of group.  Still have the same error.

I'm pretty sure I installed in Remote Administration mode as I didn't intend on serving users via this method at any stage of the game.  I've looked and even gone into Add Remove Programs but cannot verify for you.

Reading GSGI's post maybe my software has timed out?  Although I would assume you get atleast Remote Desktop functionality ( Remote Administration Server ) with Win Server 2003 mode in base product; no other license required???

Hey did I hear Retravision having big change of ownership??  Rebranding??

Thanks JayJay.
CERTIFIED EXPERT
Top Expert 2006
Commented:
hmm i probably should have read the above post but there was so much text :)

with term serv 2003 when it expires you lose all functionality - there is a lot of debate on what the licensing actually is. we roll out servers with 2k3 now and are finding plenty of warning begging to appear about expiration. how long have you had this machine out there? your event logs should let you know whats going on with licensing if that is the issue - let me know if there is anything funny in there

RetraVision arent changing ownership that i know of... Each store is individually owned and changes occur every so often

where abouts in Aus are you my friend?

Author

Commented:
Machine is installed for near on 5 months - but I haven't been using Term Services ( I use VNC instead ).  Couldn't find vncviewer one day and tried to connect via Remote Desktop and was wondering why o why can't I do that.

I can't believe they do not allow just Remote Admin mode if u don't purchase a full license!!!

I'm working at Loganholme, living on the coast.   What Retravision u at?

Thanks GSGI & JayJay!

Broad.
CERTIFIED EXPERT
Top Expert 2006

Commented:
no worries mate

I'm not at a store, work in the nsw head office in burwood   do a bit of everything from here and dont have to deal with the retail side thankfully!

cheers bro
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.