Solved

Cannot log on through Terminal Services

Posted on 2006-10-20
13
548 Views
Last Modified: 2008-01-09
I have a new servers, running Windows Server 2003 R2, it is the Domain controller and the Terminal Server.

Terminal services is configured and has 6 CALs.  Users that are members of Domain Users and Remote Desktop Users cannot log on through Terminal Services.  Upon starting an RDP session and entering username/password they get the standard message: "To log on to this remote computer you must be granted the allow log on through terminal services right. By default the remote desktop users group ...".  They are members of this group and still can not log in. I checked the rights of the RDU group and everything looks normal.  In active directory the profile does NOT have the deny login to terminal servers checked.

This was not a problem in Windows Server 2003 SP1 or lesser, where it was possible to right-click My Computer and select the Remote tab and and add Remote Users there.
0
Comment
Question by:Ivertec
  • 6
  • 4
  • 3
13 Comments
 
LVL 8

Expert Comment

by:caddlady
ID: 17773977
What about your Policies for  

Allow logon through Terminal Services

or

Deny logon through Terminal Services
0
 

Author Comment

by:Ivertec
ID: 17774106
Hi caddlady,

Thanks for your quick response.

The Remote Desktop Users group has the permission to Allow log on through Terminal Services in Group Policy in Active Directory and also locally in the Domain Security Policy and the Domain Controller Security Policy.

The Deny log on through terminal services permission is not configured.
0
 
LVL 8

Expert Comment

by:caddlady
ID: 17774137
What about those policies for Group  

try looking at   gpedit.msc   to look at the policies there.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Ivertec
ID: 17774212
Just checked that out.

RDU group are in the "Allow log on locally" and "Allow log on through Terminal Services" policies.

"Deny log on locally" and "Deny log on through Terminal Services" contain no user or group.

I am beginning to think that this issue may be peculiar to W2k3 R2.
0
 
LVL 5

Expert Comment

by:modathir
ID: 17774241
Hi,
As caddlady said check local policy on TS
On the Terminal Server start > run> type gpedit.msc enter >Local policy> User Rihgts Assignment > Allow logon through Terminal Services
Make sure that Remote Desktop Users are added

Thanks
Mo
0
 

Author Comment

by:Ivertec
ID: 17774351
Hi Mo,

Yeah, Remote Desktop Users group have been added and still no luck.

Jim
0
 
LVL 5

Expert Comment

by:modathir
ID: 17774414
Ok try to add there the users by name add one user for test & go to command line type gpupdate & try to logon to terminal server as that user.
0
 

Author Comment

by:Ivertec
ID: 17774471
Thanks Mo,

I have added the user, ran GPUPDATE /FORCE and still cannot log on to the Terminal Server.

Jim
0
 
LVL 5

Expert Comment

by:modathir
ID: 17774611
In Active Directory Users & Computers right click on one of the users that you added last time & go properties > Dail-in tab > remote access permissions (Dail-in or VPN) make sure is Allow access.

Thanks
0
 

Author Comment

by:Ivertec
ID: 17774788
Allow Access is checked in Properties>Dial-In tab.

I have gone over all the steps again and the user is still unable to log on through TS.

At this stage I'm convinced that the issue is specific to R2 and am thinking about implementing a separate box running W2k3 SP1 for Terminal Server. However, my client may not agree to that due to the extra licence involved, and to be honest, he would be right.
0
 
LVL 8

Accepted Solution

by:
caddlady earned 500 total points
ID: 17775058
The only policy above those is OU (organizational unit)  - do you have an GPOs linked to an OU?
0
 

Author Comment

by:Ivertec
ID: 17803450
Thanks caddlady.

I haven't had time to post until now; sorry for the delay.
0
 
LVL 8

Expert Comment

by:caddlady
ID: 17805244
Did you find the error?
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question