Solved

The local policy of this system does not permit you to logon interactively

Posted on 2009-05-05
8
772 Views
Last Modified: 2013-11-21
Last week we promoted a new DC on one of our subnets and demoted the DC that was originally on that subnet.  Since then we have been receiving this message when ever we attempt to RDC to a workstation:

The local policy of this system does not permit you to logon interactively.

I have verified that the "Allow log on through Terminal Services" is enabled for the local policy and that Remote Desktop Users group is allowed.  I have also forced an update using gpupdate /force command.  No one can RDC not even the Administrators.  I have made sure that the group of employees that need this right are part of the Remote Desktop Users group.

We can remote control these boxes using Dameware, just can't using RDC.
0
Comment
Question by:sfletcher1959
  • 5
  • 3
8 Comments
 
LVL 7

Expert Comment

by:dolomiti
ID: 24306280
hi,
in a DC, just Domain Admins can login (at console OR by TS).

"Interactive Logins" stay for no-batch, no-service, no-network: you press CtrAltDel, enter U/P,
and see a desktop.

Probably the user that you are using to login, isn't a DomainAdmin: also if you go at Server Console (without TS), you receive the same message.

There is a way to permit any user to login on a DC, and this is used when, someone
want use a DC as TS in Application Mode.

If you are interested to permit any user to login on a DC, post again, sayng type of OS.

bye
vic

0
 

Author Comment

by:sfletcher1959
ID: 24307067
I am sorry, I guess I wasn't clear.  I am not trying to log into a DC.  

If I am at home and use a VPN client to RDC to my work desktop, I get the message.  If I try to RDC into a computer that belongs to one of my employees, I get the message.  I have Domain Admin Rights and am a user in the Remote Desktop user group, but can't RDC into non-DC systems.  We were able to do this prior to the promotion and demotion of our servers.
0
 
LVL 7

Expert Comment

by:dolomiti
ID: 24307967
hi,
this may be a little bit complicated, and I can forward one hypothesys:

there is a server in your company that manages the VPN and allows remote users
to login or not. To do this, it contacts not the Active Directory in general,
but it has been configured, it is done so, to contact a DC server.
After DC swap, in such machine ( or db, configuration,...) there is still old name
and you have to write new one.

bye
vic
0
Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

 

Author Comment

by:sfletcher1959
ID: 24317249
Vic,
    Again, I don't think you quite understand.  It is not specific to the VPN or to a DC.  This problem occurs whether coming in across a VPN or on the local network.
0
 
LVL 7

Accepted Solution

by:
dolomiti earned 500 total points
ID: 24320115
hi,
in my last post, I did not speak about login on a DC.
I believe there is a computer that manages the VPN:
what I proposed is to check if in its configuration (of VPN)
there is a reference (witten in some fields) to the old (demoted) DC rather to new.

In your first post, you were clear, I misunderstood the scenario.

sorry
vic
0
 

Author Comment

by:sfletcher1959
ID: 24325721
There isn't a computer managing the VPN, we have a Cisco PIX firewall that manages the VPN and that hasn't changed in a couple of years.  Additionally, as I tried to explain this happens on our network as well as across the VPN.  Because of this I don't think the problem is specific to just VPN traffic.  I can sit in my office and try to RDC to a workstation on the same switch and get the error.
0
 

Author Comment

by:sfletcher1959
ID: 24326331
Vic,
    By the way, thanks for hanging in there with me!

THANKS!
0
 

Author Closing Comment

by:sfletcher1959
ID: 31578056
Ready to close.  Didn't fix the problem, but I will open with Microsoft for solution.
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question