TS 2008 - Requested session access is denied

I am receiving "The requested session access is denied" when attempting to log in to my experimental TS 2008 machine. This machine is also running domain controller role.  I know it's a bad idea, but it is just a test environment.

The problem I ran in to is that I can't add cross domain users into the Remote Desktop Users group. As a result, I created a new Domain Local group that has all my TS remote access accounts.
I went into Group Policy and updated the Default Domain Controller policy to include the new group, "Test Remote Users", but I'm still receiving the above error.  If anyone could point me to where this is hanging up I would appreciate it.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

timbrighamConnect With a Mentor Author Commented:
Under "Terminal Services Configuration", I missed updating the security on the RDP-Tcp object to include the new group I created.
I updated the gateway and remote app settings and web access settings and missed the most basic permission group. Hopefully someone else will save some time looking for a solution to this. :)
Is that the full error message?
How are you connecting to your TS (Local/External)?
Is the computer connecting to the TS part of your domain?

First, I would check firewall settings on the TS.  Second, I would use the built-in remote users group.  Third, I would check to make sure that the TS isn't requiring the connecting computer to be the same OS for compatibility.  Fourth, let me know.
timbrighamAuthor Commented:
The connection is local.
The TS machine a separate domain  (requirement in the initial setup) and acting as a domain controller.
The onboard firewall has been disabled.

Unless I am missing something, I can not use the inbuilt remote user group, since it has problems with cross domain member assignment, and I can't change the group type of an inbuilt group.
The OS compatibility is not a problem - everything works with a local account assigned to the Remote Users group.
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Have you setup the Domain Trusts?  I believe this can be done in the Active Directory Domains and Trusts settings.  If you go to the TS, then AD Domain and Trusts feature, right click on your domain, and then check to see that it trusts your other DC.
Post what you did to fix it.
Didn't update.  Good work on solving it.
timbrighamAuthor Commented:
Thanks for your help stlbridge.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.