Cannot login to Windows 2003 via Terminal Services?

Hello -

I have a Windows 2003 Domain Member server with Terminal Services installed.  Sp1.

Administrators can connect to this box via RDP, but Domain Users cannot.  However, Domain Users CAN log in via the console.  

In the local Management Groups, I have (Domain)\Domain Users added to the Remote Desktop Group.

I have verified the Local Security Settings to allow the Remote Desktop Group the right to log on locally.

Any troubleshooting ideas?  I get this message:

"To log on to this remote computer, you must have Terminal Server User Access permissions on this computer.  By default, mmebers of the Remote Desktop Users group have these permissions.  If you are not a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Dekstop User group does not have these permissions, you must be granted these permissions manually."  (I guess I didn't need to type that all out).... :D

Jason
LVL 1
trivalentAsked:
Who is Participating?
 
Craig_200XCommented:
There should be a Users group rather than computer group name Remote Desktop Users. You have to be a member of that in order to use Terminal services or Remote desktop. The administrator account is a member by default, which is why you can connect. That is what makes me think everything else is OK. It's located (on the terminal server machine):
Computer management | Local users and groups | Groups | Remote Desktop Users

Also in active directory, users and computers, under the users profile on the domain controler, there is a tab labeled Terminal services profile. Near the bottom there is a check box. On some systems it is labeled "Deny the user permission to log on to any terminal server" and on others "Allow Logon to Terminal Server". make sure it is checked appropriately. I believe the default is to allow, so that may not be an issue.

0
 
Craig_200XCommented:
also check

In administrative tools - local security policy - then local policies - User rights assignments -

Check if remote desktop users is added in the 'allow logon through terminal servers' right.
0
 
trivalentAuthor Commented:
Craig:

>There should be a Users group rather than computer group name Remote Desktop Users. You have to be a member of that in order to use Terminal services or Remote desktop.

Under Local Management on this server, under Groups, I have the (Domain)\Domain Users inside the Remote Desktop Users Group.  

>On some systems it is labeled "Deny the user permission to log on to any terminal server" and on others "Allow Logon to Terminal Server". make sure it is checked appropriately.

I did check this, it is not enabled.

>Check if remote desktop users is added in the 'allow logon through terminal servers' right.

Yes, I have done this.  Remote Dekstop Users have this right.
0
 
trivalentAuthor Commented:
This has been resolved -

I didn't mention this in the question, to avoid complicating it -

But on top of Terminal Server I have Citrix Pres 4.0

It overwrites the RDP connection tool - and in there there is a checkbox that only allows RDP to be used for published applications only.

After unchecking this, it started working..

Points awarded for quick response....

Thank you!

Jason
0
 
Craig_200XCommented:
thank you for the points, and the explanation ! definately good info!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.