Authentication issue when user logs on to terminal server 2003

Posted on 2008-06-12
Last Modified: 2010-03-17
We currenly have an authentication issue which is only affecting 2 terminal server users out of about 30.  When the user attempts to log on to terminal server 2003 an error message is displayed stating that the password or username incorrect.  Sometimes on the second or third attempt the user is able to log in ok.  Other times after 3 failed attempts the user account will lock out and need to be unlocked before attempting to log on again.  This can vary from one fail up to 7 or more.  

I have looked at the users account settings and them seem to be the same as other users who are not having issues.  

Active directory is installed on 2 servers.  In active directory Sites and Services under 'servers' there is a total of 3 servers listed.  The first 2 have NTDS settings refering to each other which seems to be correct.  The third server that is listed in the terminal server which has no NTDS settings attached to it and is not a domain controler.  Should the terminal server even be listed here ? If not how would it get there ?.  Not sure if this configuration could have somehting to do with the authentication issue.

Question by:fellsider
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 11

Accepted Solution

Forrest Burris earned 500 total points
ID: 21769594
That's really odd. The TS shouldn't be in that list. Delete it and reboot the TS. Sounds like it's trying to poll it's own active directory catalogue that doesn't exist on the TS. It should be connected as a member server only with no replication.

Author Comment

ID: 21769732
So does this mean it is safe to delete the entry ?  we were worried that it might stop terminal server from working if we did this.  Is there any reason why it would be able to add itself here as no one has ever entered it.  It just seems to have appeared there by itself.

I will set the server to reboot tonight and see if it has resolved the issue in the morning.
LVL 11

Assisted Solution

by:Forrest Burris
Forrest Burris earned 500 total points
ID: 21769845
I checked a few companies that we have separate TS servers at and none of them are in the AD Sites list. That is reserved for Primary Domain Controllers and their replication servers (formerly BDCs). It should be safe to delete and then retest after reboot in the morning.
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.


Author Comment

ID: 21777859
The issue seemed to have resolved itself this morning but now the same thing is still happening to the user.  I have checked the sites and services list and TS is still no longer listed there.

This started again when the user moved to use a differant terminal.  By reseting the password in active directory this seems to allow the user to log on streight away but the same thing will happen again at the next login.
LVL 11

Expert Comment

by:Forrest Burris
ID: 21778901
Sorry to ask the obvious, but you're positive this isn't a user error? IE: Caps lock was left on? You have tried to login as this user yourself typing the password very slowly and accurately?

Author Comment

ID: 21820590
Your solution has sorted the issue.

The other reason for the password not being incorrect was an issue with the firmware version on some terminals.  If you tabbed down to the password box capitals would not work unless you clicked in the box with the mouse cursor.  


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question