RDP Error Between Win2003 Servers
Two servers – one is the domain controller and doesn’t do much but act as the DC, serve files and run the backup app. The other is a member server and houses the database app that the company uses. Both are Server 2003 Standard. For remote access, I RDP into the domain controller. The company only has one public IP address and this wasn’t a big deal until we installed the database server a few weeks ago. Now, though, I need to look at the database server from time to time and I’d simply like to use RDP to look at the database server from the domain controller but I get this message:
**To log on to this remote computer, you must be granted the Allow log on throught Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop Users group, or another group that has this right, or if the Remote Desktop User group does not have this right, you must be granted this right manually.**
The logon I use for RDP has domain admin rights AND is a member of the Remote Desktop Users group. For fun, I tried it with the Administrator account (and, even thought I knew it was, I ensured that Administrator was in the Remote Desktop Users group) – no dice. I tried some other solutions – involving editing the group policy – given by the Windows Help – no dice. Looked up the error message on the Web and got a couple of solutions – no dice.
Does anyone have suggestions about how to approach this?
John Gates, CISSP, CDPSE
The other server is question is a member of the domain that dc is from?
ASKER
Yes. The DC and the database server are both in the same domain.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I went to add Domain Admins to the Local Administrators group but could not because the domain (ADFNET in this case) does not appear on the list when I click on the Locations button. The only item that is there is NAVISION, which is the hostname of the database server. I'm stumped here because NAVISION is in the ADFNET domain...I put it there when we deployed the server.
I am now able to RDP over to NAVISION by using navision\administrator as the user name. I cannot logon if I use the domain, i.e., ADFNET\administrator.
I am now able to RDP over to NAVISION by using navision\administrator as the user name. I cannot logon if I use the domain, i.e., ADFNET\administrator.
Are you sure that NAVISION is a member of your domain? Or did you just add the server account to Active Directory and NOT actually join the server to the domain?
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Well, I thought that NAVISION might not be in the domain. Double-checking, I see that NAVISION appears in the Computers container in Active Directory Users and Computers. That's the computer account, I know, but that's just the first place I look when troubleshooting a situation such as this. In the Log on to: text box of the logon screen, ADFNET and NAVISION both appear. On the Computer Name tab of the properties of My Computer, the full computer name reads navision.adfnet.local, with adfnet.local being the correct domain. Clicking the Change button here shows that ADFNET.local is listed in the Domain text box in the Member of section. Do you have another suggestion for confirming whether or not NAVISION is really in the domain? Should I consider taking NAVISION out of the domain and then putting it back in to "force" the domain to recognize it?
ASKER
As a note, I am limited to the one public IP address that the company has, i.e., getting them to buy more won't fly.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK...I'll do that. What about the fact that NAVISION does not seem to be in the domain?
Actually, I recommended a way to get around the single IP for TS, which I prefer to the way that KB article describes.
As for the domain? Before removing and rejoining, make sure that there is an entry in your local DNS forward lookup zone for it because that would be why it's not resolving.
If it's not there, you can just add a HOST A record for it. Removing from the domain and rejoining should do the same thing as long as your DNS isn't causing the problem overall by not being Active Directory integrated.
Windows 2003 DNS Best Practices: http://support.microsoft.com/kb/825036
Jeff
TechSoEasy
As for the domain? Before removing and rejoining, make sure that there is an entry in your local DNS forward lookup zone for it because that would be why it's not resolving.
If it's not there, you can just add a HOST A record for it. Removing from the domain and rejoining should do the same thing as long as your DNS isn't causing the problem overall by not being Active Directory integrated.
Windows 2003 DNS Best Practices: http://support.microsoft.com/kb/825036
Jeff
TechSoEasy
Actually, I just reread that you were able to log in with the local admin account and not the domain one... so I'd definitely remove and rejoin the domain with this thing.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Will have to wait for an after-hours session to do this. I will let you know how it goes.
Thanks, guys.
Thanks, guys.
ASKER
Removing NAVISION from the domain, rebooting and putting it back in the domain provided the final resolution to the problem. Thank you, gentlemen, for all your input. I found all of it useful, so I split the points accordingly.
Thanks Mate