Cannot log on through Terminal Services
I have a new servers, running Windows Server 2003 R2, it is the Domain controller and the Terminal Server.
Terminal services is configured and has 6 CALs. Users that are members of Domain Users and Remote Desktop Users cannot log on through Terminal Services. Upon starting an RDP session and entering username/password they get the standard message: "To log on to this remote computer you must be granted the allow log on through terminal services right. By default the remote desktop users group ...". They are members of this group and still can not log in. I checked the rights of the RDU group and everything looks normal. In active directory the profile does NOT have the deny login to terminal servers checked.
This was not a problem in Windows Server 2003 SP1 or lesser, where it was possible to right-click My Computer and select the Remote tab and and add Remote Users there.
Terminal services is configured and has 6 CALs. Users that are members of Domain Users and Remote Desktop Users cannot log on through Terminal Services. Upon starting an RDP session and entering username/password they get the standard message: "To log on to this remote computer you must be granted the allow log on through terminal services right. By default the remote desktop users group ...". They are members of this group and still can not log in. I checked the rights of the RDU group and everything looks normal. In active directory the profile does NOT have the deny login to terminal servers checked.
This was not a problem in Windows Server 2003 SP1 or lesser, where it was possible to right-click My Computer and select the Remote tab and and add Remote Users there.
ASKER
Hi caddlady,
Thanks for your quick response.
The Remote Desktop Users group has the permission to Allow log on through Terminal Services in Group Policy in Active Directory and also locally in the Domain Security Policy and the Domain Controller Security Policy.
The Deny log on through terminal services permission is not configured.
Thanks for your quick response.
The Remote Desktop Users group has the permission to Allow log on through Terminal Services in Group Policy in Active Directory and also locally in the Domain Security Policy and the Domain Controller Security Policy.
The Deny log on through terminal services permission is not configured.
What about those policies for Group
try looking at gpedit.msc to look at the policies there.
try looking at gpedit.msc to look at the policies there.
ASKER
Just checked that out.
RDU group are in the "Allow log on locally" and "Allow log on through Terminal Services" policies.
"Deny log on locally" and "Deny log on through Terminal Services" contain no user or group.
I am beginning to think that this issue may be peculiar to W2k3 R2.
RDU group are in the "Allow log on locally" and "Allow log on through Terminal Services" policies.
"Deny log on locally" and "Deny log on through Terminal Services" contain no user or group.
I am beginning to think that this issue may be peculiar to W2k3 R2.
Hi,
As caddlady said check local policy on TS
On the Terminal Server start > run> type gpedit.msc enter >Local policy> User Rihgts Assignment > Allow logon through Terminal Services
Make sure that Remote Desktop Users are added
Thanks
Mo
As caddlady said check local policy on TS
On the Terminal Server start > run> type gpedit.msc enter >Local policy> User Rihgts Assignment > Allow logon through Terminal Services
Make sure that Remote Desktop Users are added
Thanks
Mo
ASKER
Hi Mo,
Yeah, Remote Desktop Users group have been added and still no luck.
Jim
Yeah, Remote Desktop Users group have been added and still no luck.
Jim
Ok try to add there the users by name add one user for test & go to command line type gpupdate & try to logon to terminal server as that user.
ASKER
Thanks Mo,
I have added the user, ran GPUPDATE /FORCE and still cannot log on to the Terminal Server.
Jim
I have added the user, ran GPUPDATE /FORCE and still cannot log on to the Terminal Server.
Jim
In Active Directory Users & Computers right click on one of the users that you added last time & go properties > Dail-in tab > remote access permissions (Dail-in or VPN) make sure is Allow access.
Thanks
Thanks
ASKER
Allow Access is checked in Properties>Dial-In tab.
I have gone over all the steps again and the user is still unable to log on through TS.
At this stage I'm convinced that the issue is specific to R2 and am thinking about implementing a separate box running W2k3 SP1 for Terminal Server. However, my client may not agree to that due to the extra licence involved, and to be honest, he would be right.
I have gone over all the steps again and the user is still unable to log on through TS.
At this stage I'm convinced that the issue is specific to R2 and am thinking about implementing a separate box running W2k3 SP1 for Terminal Server. However, my client may not agree to that due to the extra licence involved, and to be honest, he would be right.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks caddlady.
I haven't had time to post until now; sorry for the delay.
I haven't had time to post until now; sorry for the delay.
Did you find the error?
Allow logon through Terminal Services
or
Deny logon through Terminal Services