TS 2008 - Requested session access is denied

I am receiving "The requested session access is denied" when attempting to log in to my experimental TS 2008 machine. This machine is also running domain controller role.  I know it's a bad idea, but it is just a test environment.

The problem I ran in to is that I can't add cross domain users into the Remote Desktop Users group. As a result, I created a new Domain Local group that has all my TS remote access accounts.
I went into Group Policy and updated the Default Domain Controller policy to include the new group, "Test Remote Users", but I'm still receiving the above error.  If anyone could point me to where this is hanging up I would appreciate it.
LVL 1
timbrighamAsked:
Who is Participating?
 
timbrighamConnect With a Mentor Author Commented:
Under "Terminal Services Configuration", I missed updating the security on the RDP-Tcp object to include the new group I created.
 
I updated the gateway and remote app settings and web access settings and missed the most basic permission group. Hopefully someone else will save some time looking for a solution to this. :)
0
 
stlbridgeCommented:
Is that the full error message?
How are you connecting to your TS (Local/External)?
Is the computer connecting to the TS part of your domain?

First, I would check firewall settings on the TS.  Second, I would use the built-in remote users group.  Third, I would check to make sure that the TS isn't requiring the connecting computer to be the same OS for compatibility.  Fourth, let me know.
0
 
timbrighamAuthor Commented:
The connection is local.
The TS machine a separate domain  (requirement in the initial setup) and acting as a domain controller.
The onboard firewall has been disabled.

Unless I am missing something, I can not use the inbuilt remote user group, since it has problems with cross domain member assignment, and I can't change the group type of an inbuilt group.
The OS compatibility is not a problem - everything works with a local account assigned to the Remote Users group.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
stlbridgeCommented:
Have you setup the Domain Trusts?  I believe this can be done in the Active Directory Domains and Trusts settings.  If you go to the TS, then AD Domain and Trusts feature, right click on your domain, and then check to see that it trusts your other DC.
0
 
stlbridgeCommented:
Post what you did to fix it.
0
 
stlbridgeCommented:
Didn't update.  Good work on solving it.
0
 
timbrighamAuthor Commented:
Thanks for your help stlbridge.
0
All Courses

From novice to tech pro — start learning today.