Authentication issue when user logs on to terminal server 2003

Posted on 2008-06-12
Last Modified: 2010-03-17
We currenly have an authentication issue which is only affecting 2 terminal server users out of about 30.  When the user attempts to log on to terminal server 2003 an error message is displayed stating that the password or username incorrect.  Sometimes on the second or third attempt the user is able to log in ok.  Other times after 3 failed attempts the user account will lock out and need to be unlocked before attempting to log on again.  This can vary from one fail up to 7 or more.  

I have looked at the users account settings and them seem to be the same as other users who are not having issues.  

Active directory is installed on 2 servers.  In active directory Sites and Services under 'servers' there is a total of 3 servers listed.  The first 2 have NTDS settings refering to each other which seems to be correct.  The third server that is listed in the terminal server which has no NTDS settings attached to it and is not a domain controler.  Should the terminal server even be listed here ? If not how would it get there ?.  Not sure if this configuration could have somehting to do with the authentication issue.

Question by:fellsider
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 11

Accepted Solution

Forrest Burris earned 500 total points
ID: 21769594
That's really odd. The TS shouldn't be in that list. Delete it and reboot the TS. Sounds like it's trying to poll it's own active directory catalogue that doesn't exist on the TS. It should be connected as a member server only with no replication.

Author Comment

ID: 21769732
So does this mean it is safe to delete the entry ?  we were worried that it might stop terminal server from working if we did this.  Is there any reason why it would be able to add itself here as no one has ever entered it.  It just seems to have appeared there by itself.

I will set the server to reboot tonight and see if it has resolved the issue in the morning.
LVL 11

Assisted Solution

by:Forrest Burris
Forrest Burris earned 500 total points
ID: 21769845
I checked a few companies that we have separate TS servers at and none of them are in the AD Sites list. That is reserved for Primary Domain Controllers and their replication servers (formerly BDCs). It should be safe to delete and then retest after reboot in the morning.
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.


Author Comment

ID: 21777859
The issue seemed to have resolved itself this morning but now the same thing is still happening to the user.  I have checked the sites and services list and TS is still no longer listed there.

This started again when the user moved to use a differant terminal.  By reseting the password in active directory this seems to allow the user to log on streight away but the same thing will happen again at the next login.
LVL 11

Expert Comment

by:Forrest Burris
ID: 21778901
Sorry to ask the obvious, but you're positive this isn't a user error? IE: Caps lock was left on? You have tried to login as this user yourself typing the password very slowly and accurately?

Author Comment

ID: 21820590
Your solution has sorted the issue.

The other reason for the password not being incorrect was an issue with the firmware version on some terminals.  If you tabbed down to the password box capitals would not work unless you clicked in the box with the mouse cursor.  


Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question