?
Solved

The local policy of this system does not permit you to logon interactively

Posted on 2009-05-05
8
Medium Priority
?
776 Views
Last Modified: 2013-11-21
Last week we promoted a new DC on one of our subnets and demoted the DC that was originally on that subnet.  Since then we have been receiving this message when ever we attempt to RDC to a workstation:

The local policy of this system does not permit you to logon interactively.

I have verified that the "Allow log on through Terminal Services" is enabled for the local policy and that Remote Desktop Users group is allowed.  I have also forced an update using gpupdate /force command.  No one can RDC not even the Administrators.  I have made sure that the group of employees that need this right are part of the Remote Desktop Users group.

We can remote control these boxes using Dameware, just can't using RDC.
0
Comment
Question by:sfletcher1959
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 7

Expert Comment

by:dolomiti
ID: 24306280
hi,
in a DC, just Domain Admins can login (at console OR by TS).

"Interactive Logins" stay for no-batch, no-service, no-network: you press CtrAltDel, enter U/P,
and see a desktop.

Probably the user that you are using to login, isn't a DomainAdmin: also if you go at Server Console (without TS), you receive the same message.

There is a way to permit any user to login on a DC, and this is used when, someone
want use a DC as TS in Application Mode.

If you are interested to permit any user to login on a DC, post again, sayng type of OS.

bye
vic

0
 

Author Comment

by:sfletcher1959
ID: 24307067
I am sorry, I guess I wasn't clear.  I am not trying to log into a DC.  

If I am at home and use a VPN client to RDC to my work desktop, I get the message.  If I try to RDC into a computer that belongs to one of my employees, I get the message.  I have Domain Admin Rights and am a user in the Remote Desktop user group, but can't RDC into non-DC systems.  We were able to do this prior to the promotion and demotion of our servers.
0
 
LVL 7

Expert Comment

by:dolomiti
ID: 24307967
hi,
this may be a little bit complicated, and I can forward one hypothesys:

there is a server in your company that manages the VPN and allows remote users
to login or not. To do this, it contacts not the Active Directory in general,
but it has been configured, it is done so, to contact a DC server.
After DC swap, in such machine ( or db, configuration,...) there is still old name
and you have to write new one.

bye
vic
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:sfletcher1959
ID: 24317249
Vic,
    Again, I don't think you quite understand.  It is not specific to the VPN or to a DC.  This problem occurs whether coming in across a VPN or on the local network.
0
 
LVL 7

Accepted Solution

by:
dolomiti earned 1500 total points
ID: 24320115
hi,
in my last post, I did not speak about login on a DC.
I believe there is a computer that manages the VPN:
what I proposed is to check if in its configuration (of VPN)
there is a reference (witten in some fields) to the old (demoted) DC rather to new.

In your first post, you were clear, I misunderstood the scenario.

sorry
vic
0
 

Author Comment

by:sfletcher1959
ID: 24325721
There isn't a computer managing the VPN, we have a Cisco PIX firewall that manages the VPN and that hasn't changed in a couple of years.  Additionally, as I tried to explain this happens on our network as well as across the VPN.  Because of this I don't think the problem is specific to just VPN traffic.  I can sit in my office and try to RDC to a workstation on the same switch and get the error.
0
 

Author Comment

by:sfletcher1959
ID: 24326331
Vic,
    By the way, thanks for hanging in there with me!

THANKS!
0
 

Author Closing Comment

by:sfletcher1959
ID: 31578056
Ready to close.  Didn't fix the problem, but I will open with Microsoft for solution.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
1. Boot PC and press F10, select storage options and change the compatibility from “AHCI” to “IDE”, save and exit 2. Boot PC and press F12 3. Upon PXE display of searching for DHCP server, press Pause break to obtain MAC address 3. Open Configu…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question