We help IT Professionals succeed at work.

Cannot access RDP on remote DC in SBS 2003 R2 domain

1,355 Views
Last Modified: 2013-11-21
I have an SBS 2003 R2 domain setup with a remote DC at another office running Server 2003 Standard (not R2). While I was setting up the system I had installed Terminal Services on the machine in a fit of madness, thinking I needed it to enable the remote management capabilities through RDP. I did this before I had promoted the server to a DC. I had confirmed that I could get to the box with RDP and then continued to setup the rest of the box and then promoted it to a DC. At that time it said it was modifying the permissions of the Terminal services to only allow remote administration, which I said Yes to. Apparently I never tried to get back onto the box with RDP after that point. I have since installed the box in the remote network, setup everything locally and come back to the home office again. Now when I attempt to access the remote server with RWW or RDP direct, I get a dialog box after attempting to login that says: "To log onto this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop User's group, or another group that has this right, or if the Remote Desktop Users group does not have this right, you must be granted this right manually". I have checked the Domain Users and Computers plug-in and cannot find that group listed, although when I tried adding administrator to it, It found the group when I did the Check Names step as a BUILTIN. This still didn't allow me access to that remote server and still gives the above error. I went into the Group Policy Management plug-in and found the rights for Allow log on through Terminal Services under Default Domain Policy/Computer Configuration/Security Settings/Local Policies/User Rights and it is set to undefined, but also says that by default Administrators and Remote Desktop Users should have this right enabled on Workstations and Servers and Administrators for Domain Controllers. Because I actually installed Terminal Services on that server and then promoted it to a DC, do I now need to explicitly define those rights in the GPMC to get it to let me remote in, or is there some other step that I am missing?

This is not urgent yet as nothing is broken, but it will be as soon as somebody want to make a change on the remote system, so 500 points to whom ever can get me back on this box!

    markh

Comment
Watch Question

Senior Engineer
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for the pointers. I hadn't found those two yet. The one thing I failed to add to the description is that I am attempting to login via RDP as administrator and still getting that error. Once everyone has left I'll try rebooting the server remotely since that appeared to fix the problem in the first article you pointed out.

    markh

Author

Commented:
Been working through these steps, but not having much luck in finding a solution yet. Rebooting did not fix the issue. Odd additional behavior discovered: On the remote DC you can login to the console, but not via RDP. On the local SBS server you can log onto the SBS server via RDP, but not from the console. On both systems when denied access, the error message is the same as what was given above.

    markh

Author

Commented:
Mystrey one is solved. Somewhere in the process of setting up the new server the administrator was added to the Remote Operators Group, which is what stopped local login on the SBS server. I removed Administrator from that group and was allowed access to the local SBS server. Been throiugh the whole list on the articles sited and still cannot get access to the remote server. I have determined that I can login to the remote server as anything except the actual administrator though, so I created a new user with administrator rights and am now waiting for the account to propogate to the server so it will let me log in with it to see if I can just uninstall Terminal Services on the remote machine, since I didn't really want it there anyway. Just RDP access for remote administration. Will update when I get access with the new account and let this thread know if that fixes the problem.

    markh
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.