?
Solved

RDP to AD

Posted on 2008-10-14
15
Medium Priority
?
537 Views
Last Modified: 2012-05-05
Hi . . . please help.
We are setting up an RDP system as follows, SBS 2003 Server and a MS Windows 2003 R2 Terminal (TS) Server.  We have setup two users in AD on the SBS, also same two users as local on the TS Server for testing.
We can successfully log on as Administrator using RDP to the Domain, and both Servers locally.  We can log on locally to both Servers as the test users BUT NOT to the Domain.  Even if we do not use the TS Server and use the SBS IP address to logon to the Domain as a User it fails/errors.  The message is Windows cannot log you on because your profile cannot be loaded.  Check you are connected to the network . . . . 
I believe the problem is in AD somewhere!

0
Comment
Question by:MalcolmNZ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
  • +2
15 Comments
 
LVL 17

Assisted Solution

by:JohnGerhardt
JohnGerhardt earned 80 total points
ID: 22714845
There is a tab under the user that controls a seperate profile for logging onto terminal servers.. Could this be set to something incorrect...?
0
 
LVL 18

Assisted Solution

by:exx1976
exx1976 earned 120 total points
ID: 22714885
Did you change the TS to operate in Application Server mode instead of Remote Administration mode?  By default, only administrators can login to a server.  Regular users cannot login until it is switched to Application Server mode.

0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 160 total points
ID: 22714955
Go to the Local Security Policy in the TS Administrative tools then local polices -> User Right Assignments find Log on Locally and add the users to this.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 8

Assisted Solution

by:DenverRick
DenverRick earned 80 total points
ID: 22714984
In the Terminal Server Configuration you will find in Connections 'RDP-Tcp'.  Right Click and go to Properties, on the Permissions Tab you will need to have the users either listed or in a group you use or create.  this is required regardless of Application Mode or not.

Generally speaking you usually just set Permissions to Guest Access, however, some Applications could dictate User Access or rarely Full Control.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22714994
Sorry also go to Administrative tools then local polices -> User Right Assignments
->Allow Log On Through Terminal Server
0
 

Author Comment

by:MalcolmNZ
ID: 22718576
dariusg:  Just having a problem locating the "TS Administrative tools ".  Are we talking about the SBS Server ?

regards
Malcolm
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22742276
Sorry didn't mean to list that one. Try the below

Sorry also go to Administrative tools then local polices -> User Right Assignments
->Allow Log On Through Terminal Server
0
 

Author Comment

by:MalcolmNZ
ID: 22801248
Hi dariusq, This is an SBS 2003 system, if you select Start, then Administrative Tools, there is no listed local polices.  Please advise.
0
 

Author Comment

by:MalcolmNZ
ID: 22801254
Sorry . . . . that should read Start, then Programs, the Administrative Tools.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22801821
Wait a minute, I just noticed something else..  You said that you can log on locally with both users on both servers??!?!?   Domain controllers don't have local accounts, only domain accounts..   What exactly are you doing?
0
 

Author Comment

by:MalcolmNZ
ID: 22801888
Yes, at one point I could select the SBS Server name in the login to box instead of the domain name.  Due to your remark, I just tried it now, but was not able to.  So it appears something was not correct before.  

I currently have the position of being able to login with RDP as Administrator but NOT one of the two users.  Thanks for pointing out what the situation should be.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22890399
Go into the default domain controller policy in AD and you will find the local policy under here. Also, go into Terminal Server Configuration then right-click RDP-TCP then go to properties then Security and add the users here or just add them to the Remote Desktop group
0
 

Accepted Solution

by:
MalcolmNZ earned 0 total points
ID: 22891113
I contacted local Microsoft, which turned out to be in Australia.  Problem was a combination of items, the main one appeared to be the licencing.  Also found out along the way you should not be able to log on as a standard user.  Thanks to all who replied.
 
0
 

Author Comment

by:MalcolmNZ
ID: 22891138
Hi
Not sure why this Alert box has appeared.  I wish to close the question.
Malcolm
0
 

Author Comment

by:MalcolmNZ
ID: 22891144
Hi
Just altered the points to the total allocated !
Malcolm
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month12 days, 11 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question