Domain User Can't Logon to a Server Via RDP

Posted on 2007-10-11
Medium Priority
Last Modified: 2009-03-03
Terminal Services Permissions Problem:

I have a user who I would like to be able to RDP to certain servers within my infrastructure to enable him to update an application that he looks after. When the user tries to do this, it displays the default message:

"the desktop you are trying to open is currently only available to administrators, contact your systems..."

"to logon to this computer you must have terminal server user access permissions on this computer..."

I have checked GPO, all settings allow this and there are no policies which deny access.

The user is part of the Remote Desktop Users Group on that server. I have checked RDP listener permissions in Terminal Services Config Manager and the Remote Desktop Users group is there, I also added the user in manually. I have also checked the local security policy and both 'allow logon locally' and 'allow logon using terminal services' are enabled for remote desktop users - again I added the user in manually.

Still the user gets the same message. Any ideas?
Question by:hertel-dev

Accepted Solution

Stashio earned 2000 total points
ID: 20055256
Do you have Citrix MetaFrame Presentation Server installed? This is a known issue where Citrix creates a new RDP-TCP listener but the default properties of this listener allow only the launching of published applications.
To fix clear "Only launch Published Applications" under the 'Advanced Connection Settings' of the RDP-TCP listener.
URL: http://support.citrix.com/article/CTX104106

Expert Comment

ID: 20055304
It definately sounds like a permissions issue somewhere. Remember that an explicit deny somewhere will override any allow permissions you may have set. There are a few tests you could do to see where the issue lies but it depends on what your current setup is.

Are you using domain accounts? If so, copy the user's account and try the same thing with the new, copied account. That would eliminate your user's account being specifically the cause. I assume all other users who are supposed to have RDP access can without an issue? Is your user in a group that these other users aren't? Do some testing adding a working user to these other groups one at a time to see if you can highlight a denied group.

If this doesnt fit your setup, please provide a bit more info. Good luck

Author Comment

ID: 20055321
Correct, we are using MPS3.0 on the same servers. Strangely enough, the farm has 5 application servers and the user can RDP to 3 of them without a problem so I can only assume that the setting you mention hasn't been changed on the other 2.

It worked a treat. Thanks

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question