Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Must Have Terminal Server User Access Permissions--Error

Posted on 2006-06-07
14
Medium Priority
?
20,340 Views
Last Modified: 2011-08-18
Presentation Server 4.0 running on Server 2003 SP1 also is our Terminal Server License Server.  We have 3 remote locations connected via site-to-site VPN’s.  DC is 2000 SBS.  One clarification I need to make is, I installed Citrix on the remote client before the site-to-site VPN was working.

The Citrix icon on the task bar shows “Citrix Program Neighborhood – Not Connected”

I used the “Custom ICA Connection” in Program Neighborhood and created a Connect By Published Application session.  When I tried the connection, it errored out (see error below); didn’t matter if I logged on as admin or user.  I have made sure that the users belong to Remote Desktop Users group AND Allow log on Trough Terminal Services rights are assigned.  I have also made sure permissions are set through Connections in Terminal Services Configuration (both Microsoft RDP and Citrix ICA 3.0), also Citrix Connection Configuration (which looks like the same thing to me).  From the Citrix Management Console, I have set the farm “Connection Access Control” property to “any connection”, the published application “Access Control” property to “Allow connection through Metaframe…”, “Any connection”, and “Allow all other connections”.  

ERROR DIALOG
“To log on to this remote computer, you must have Terminal Server User Access permissions on this computer. By default members of the Remote Desktop Users group have these permissions. If you are not a member of the Remote Desktop Users group or another group another group that has these permissions, you must be granted these permissions manually.”

Folks this is betting the snot out of me!


I used the “Custom ICA Connection” in Program Neighborhood and created a Connect By Server session.  When I connect with admin rights it brings up a RDP session just fine, but if I try to loin to the domain as a domain user I get two error dialogs.
ERROR DIALOGS
1.The desktop you are trying to open is currently available only to administrators. Contact your administrator to confirm that the settings are in place for your client connection.
2.To log on to this remote computer, you must have Terminal Server User Access permissions on this computer. By default members of the Remote Desktop Users group have these permissions. If you are not a member of the Remote Desktop Users group or another group another group that has these permissions, you must be granted these permissions manually.

Help me…Please
0
Comment
Question by:bit_ter
  • 5
  • 2
  • 2
  • +2
11 Comments
 
LVL 2

Expert Comment

by:krais99
ID: 16856796
Log onto the Citrix server as an administrator.  Go into Computer Management, Local Users and Groups, Groups and go into the Remote Desktop Users group.  Add the Domain Users group and close out.  If you wish to restrict who in the domain can log on, create a domain group called Citrix Users or something to that effect and add the personnel you wish to have access to Citrix to that group and add that group into Remote Desktop users.

Hope this helps,

Todd
0
 

Author Comment

by:bit_ter
ID: 16857412
Sorry, I forgot to mention that I already did that, still doesn't work, thanks for your comment though.
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16858784
When you installed Terminal Services (through Add/Remove Programs > Add Windows Components) did you choose Remote Administration Mode, or Application Server Mode?

Should be Application Server Mode
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:bit_ter
ID: 16862010
Installed as App Server Mode with per device licenses
0
 

Author Comment

by:bit_ter
ID: 16871186
I had looked at these articles before,
Link 1. There is no "Citrix Settings" tab in the dialog, the article refers to Win 2003 x64, we run 32 bit 2003. Therefore I thought it was only for 64 bit ver, should that tab be on ver we run?
Link 2. I have verified these settings too, I made reference to this in my original post.  However I had "access control" selected as "any connection" instead of "any connection that meets any of the following filters" because I don't know how to make a filter and I thought any connection would be less restrictive.
Link 3. We are not getting that event ID num in the events viewer, the only events are "can't create printer for session (not exact)", but I have started going through the troubleshooting procedures listed in the article just to see what we have (don't have high hopes it will help).

Thanks for your help, I always appreciate anything anyone wants to suggest!!
0
 
LVL 13

Expert Comment

by:gsgi
ID: 16878561
Here are a couple of guesses:

To let non admins citrix or ts into a dc you have to set the log on locally group policy.
Make users at least power users on their own box (even as a test if it's against your better judgement, then we'll deal with that if it works later).

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20256896.html?query=logon+locally&clearTAFilter=true
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20971422.html?query=logon+locally+ts&clearTAFilter=true


-gsgi
0
 

Author Comment

by:bit_ter
ID: 16903988
I appreciate your help; the box is not a DC, just a member server.  I tried the suggestions in the links, but it didn’t help.  I can TS in with admin privileges, I can also launch a “server” session as admin (TS?), from Citrix Program Neighborhood, but if I try to launch a “published application”, even as admin; it gives the old “allow log on through TS” error.  

Could someone tell me why the “Citrix Program Neighborhood Agent” shows “not connected” on the task bar?  Do you think I need to uninstall reinstall Citrix client?  As I mentioned earlier, I loaded it on client box before the site-to-site VPN was working properly.  If I do, can you recommend a “best practice” install method for my situation?
0
 
LVL 1

Expert Comment

by:bjlillo
ID: 16920915
Does it make a difference if you connect to the application through a Custom ICA Connection vs. finding the application set and running it from there? I had the exact same behavior you described this morning and can connect through the Application Set, but not through a Custom ICA Connection.
0
 

Author Comment

by:bit_ter
ID: 16923263
I don't know, how do I connect using the "finding application set and running it from there"?  I'm lost could you give me a procedure to follow?


Thanks!
0
 
LVL 1

Accepted Solution

by:
bjlillo earned 2000 total points
ID: 16923552
1) Publish the application to a specific AD group (I assume that's done.)
2) When logged in as a user in the group specified in #1, open Program Neighborhood and go to the Application Set Manager, Find New Application Set, and run through the wizard to connect to your particular farm.
3) Run the application from the icon that is found in the newly created Application set.

This worked for me. The procedure I was doing prior to that was creating a custom ICA connection and attempting to connect to the application that way.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenDesktop, Citrix Studio, Citrix Policies, Citrix XenApp
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question