Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Authentication issue when user logs on to terminal server 2003

Posted on 2008-06-12
Medium Priority
Last Modified: 2010-03-17
We currenly have an authentication issue which is only affecting 2 terminal server users out of about 30.  When the user attempts to log on to terminal server 2003 an error message is displayed stating that the password or username incorrect.  Sometimes on the second or third attempt the user is able to log in ok.  Other times after 3 failed attempts the user account will lock out and need to be unlocked before attempting to log on again.  This can vary from one fail up to 7 or more.  

I have looked at the users account settings and them seem to be the same as other users who are not having issues.  

Active directory is installed on 2 servers.  In active directory Sites and Services under 'servers' there is a total of 3 servers listed.  The first 2 have NTDS settings refering to each other which seems to be correct.  The third server that is listed in the terminal server which has no NTDS settings attached to it and is not a domain controler.  Should the terminal server even be listed here ? If not how would it get there ?.  Not sure if this configuration could have somehting to do with the authentication issue.

Question by:fellsider
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 11

Accepted Solution

Forrest Burris earned 2000 total points
ID: 21769594
That's really odd. The TS shouldn't be in that list. Delete it and reboot the TS. Sounds like it's trying to poll it's own active directory catalogue that doesn't exist on the TS. It should be connected as a member server only with no replication.

Author Comment

ID: 21769732
So does this mean it is safe to delete the entry ?  we were worried that it might stop terminal server from working if we did this.  Is there any reason why it would be able to add itself here as no one has ever entered it.  It just seems to have appeared there by itself.

I will set the server to reboot tonight and see if it has resolved the issue in the morning.
LVL 11

Assisted Solution

by:Forrest Burris
Forrest Burris earned 2000 total points
ID: 21769845
I checked a few companies that we have separate TS servers at and none of them are in the AD Sites list. That is reserved for Primary Domain Controllers and their replication servers (formerly BDCs). It should be safe to delete and then retest after reboot in the morning.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 21777859
The issue seemed to have resolved itself this morning but now the same thing is still happening to the user.  I have checked the sites and services list and TS is still no longer listed there.

This started again when the user moved to use a differant terminal.  By reseting the password in active directory this seems to allow the user to log on streight away but the same thing will happen again at the next login.
LVL 11

Expert Comment

by:Forrest Burris
ID: 21778901
Sorry to ask the obvious, but you're positive this isn't a user error? IE: Caps lock was left on? You have tried to login as this user yourself typing the password very slowly and accurately?

Author Comment

ID: 21820590
Your solution has sorted the issue.

The other reason for the password not being incorrect was an issue with the firmware version on some terminals.  If you tabbed down to the password box capitals would not work unless you clicked in the box with the mouse cursor.  


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question