Solved

The local policy of this system does not permit you to logon interactively

Posted on 2009-05-05
8
773 Views
Last Modified: 2013-11-21
Last week we promoted a new DC on one of our subnets and demoted the DC that was originally on that subnet.  Since then we have been receiving this message when ever we attempt to RDC to a workstation:

The local policy of this system does not permit you to logon interactively.

I have verified that the "Allow log on through Terminal Services" is enabled for the local policy and that Remote Desktop Users group is allowed.  I have also forced an update using gpupdate /force command.  No one can RDC not even the Administrators.  I have made sure that the group of employees that need this right are part of the Remote Desktop Users group.

We can remote control these boxes using Dameware, just can't using RDC.
0
Comment
Question by:sfletcher1959
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 7

Expert Comment

by:dolomiti
ID: 24306280
hi,
in a DC, just Domain Admins can login (at console OR by TS).

"Interactive Logins" stay for no-batch, no-service, no-network: you press CtrAltDel, enter U/P,
and see a desktop.

Probably the user that you are using to login, isn't a DomainAdmin: also if you go at Server Console (without TS), you receive the same message.

There is a way to permit any user to login on a DC, and this is used when, someone
want use a DC as TS in Application Mode.

If you are interested to permit any user to login on a DC, post again, sayng type of OS.

bye
vic

0
 

Author Comment

by:sfletcher1959
ID: 24307067
I am sorry, I guess I wasn't clear.  I am not trying to log into a DC.  

If I am at home and use a VPN client to RDC to my work desktop, I get the message.  If I try to RDC into a computer that belongs to one of my employees, I get the message.  I have Domain Admin Rights and am a user in the Remote Desktop user group, but can't RDC into non-DC systems.  We were able to do this prior to the promotion and demotion of our servers.
0
 
LVL 7

Expert Comment

by:dolomiti
ID: 24307967
hi,
this may be a little bit complicated, and I can forward one hypothesys:

there is a server in your company that manages the VPN and allows remote users
to login or not. To do this, it contacts not the Active Directory in general,
but it has been configured, it is done so, to contact a DC server.
After DC swap, in such machine ( or db, configuration,...) there is still old name
and you have to write new one.

bye
vic
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:sfletcher1959
ID: 24317249
Vic,
    Again, I don't think you quite understand.  It is not specific to the VPN or to a DC.  This problem occurs whether coming in across a VPN or on the local network.
0
 
LVL 7

Accepted Solution

by:
dolomiti earned 500 total points
ID: 24320115
hi,
in my last post, I did not speak about login on a DC.
I believe there is a computer that manages the VPN:
what I proposed is to check if in its configuration (of VPN)
there is a reference (witten in some fields) to the old (demoted) DC rather to new.

In your first post, you were clear, I misunderstood the scenario.

sorry
vic
0
 

Author Comment

by:sfletcher1959
ID: 24325721
There isn't a computer managing the VPN, we have a Cisco PIX firewall that manages the VPN and that hasn't changed in a couple of years.  Additionally, as I tried to explain this happens on our network as well as across the VPN.  Because of this I don't think the problem is specific to just VPN traffic.  I can sit in my office and try to RDC to a workstation on the same switch and get the error.
0
 

Author Comment

by:sfletcher1959
ID: 24326331
Vic,
    By the way, thanks for hanging in there with me!

THANKS!
0
 

Author Closing Comment

by:sfletcher1959
ID: 31578056
Ready to close.  Didn't fix the problem, but I will open with Microsoft for solution.
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Every system administrator encounters once in while in a problem where the solution seems to be a needle in haystack.  My needle was an anti-virus version causing problems with my Exchange server. I have an HP DL350 with Windows Server 2008 Stand…
On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question