New TS - Noone; not even Domain Admin can login

Posted on 2009-02-19
Last Modified: 2013-11-21
I installed TS.  Just as I've done 100 times.  Server 2003 member server.  Joined to domain.  Went into groups; added [DOMAINNAME]\domain users just as I've done many times before.  No Joy.  Uninstalled and reinstalled TS from console. No Joy.  Played around in RDP properties under Terminal Server Config.  No Joy.  Added Domain Users to permissions there.  No Joy.  Manually aimed license server at license server.  No Joy.  Nothing I do lets the damn users log in; or the domain administrator log in!  I added a bunch of groups and specific users to the Remote Users group on the server; No Joy.

Here is the error all domain users get:
"To log on to this remote computer, you must have Terminal Server User Access permissions on this computer. By default, members of the Remote Desktop Users group have these permissions. If you are no a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually."
Question by:gsgi

    Expert Comment

    Check Licensing Mode
    --> Adminitrative Tools/Terminal Services Configuration/Server Settings/Licensing

    Check protocol/connection security
    --> Terminal Services Configuration/Connections/[RDP/ICA/...]/Permissions

    Check Terminal Server Licensing
    --> Administrative Tools/Terminal Server Licensing

    Check if logon is enabled
    --> at command prompt type "change logon /query"
    Enable logon: change logon /enable
    Disable logon: change logon /disable

    If you are using Citrix have a look at the workload (q farm).

    Is there any other message in the eventlog?

    LVL 2

    Expert Comment

    LVL 13

    Accepted Solution

    i called microsoft.

    Here are the steps that I performed to resolve the issue:

    -- Checked the group memberships: they seemed to be correct on the DC.

    -- Checked the same on Terminal Server.

    -- We had only Administrators in the Remote Desktop Users group. Added Domain Users in that.

    -- Checked the RDP connection's properties (in TSCC.MSC): Found that we had domain users already there with full control.

    -- Checked if there was any group policy hitting TS.

    -- Found that we had number of local group policies configured.

    -- Added domain users to "Allow access through Terminal Services" policy.

    -- Added domain users to "Allow access through network".

    -- Found that we were getting events stating that TS was not able to locate the LS.

    -- Checked in TSCC.msc that Licensing Server discovery was set to "As Selected".

    -- Added BackupServ2 to the list.

    -- Rebooted the machine (AppSrv - the TS)

    -- After rebooting, we were able to RDP the server.


    If you have any further queries, feel free to write back to me, I will be more than happy to answer them.



    Arun Kohli

    Microsoft Windows 2000/2003 Server  Directory Services

    Enterprise Platforms Support


    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
    Citrix XenDesktop 7.6 Citrix Policies Disable Peripherals
    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now