We help IT Professionals succeed at work.

Windows 2003 terminal server error

Suddenly we got this error when try log in using RDP
"To log on to this remote computer, you must have Terminal Server User Access Permissions on this computer. By default, members of the Remote Desktop group have these permissions. If you are not a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually."
Windows server 2003 SP2 terminal server
Nobody can login even with administrator account usng RDP
This server always working for years ...
we had 2 servers , one is cal licenses and other is terminal server
I did not run any update
Look to me about licenses issue?

thanks in advance for your help,
Comment
Watch Question

maybe just try adding the domain Administrators group to the RDP permissions on the server.
Have you reboot or restarted that system since the problem started?

I now that seems like a newby question but I now that you are limited to the number of active TS sessions you can run at a time so if there are more than your are licensed for locked up or hanging it will reject connections.

I have it happen before. That is why I set my TS  to logoff after a few hours, just enough so my backups can run.
know rather than now. My k button on my laptop is starting to get flakey. :)
if that were the case it should give you the error of to many active sessions and not allow you to log in.

Author

Commented:
I can login using console but not RDP
I did restart CAL server and terminal server but no luck
did you try to add the domain Administrators group to RDP permissions on the server?

Author

Commented:
yes .. it was always there

Author

Commented:
and everyone group is on RDP
Has anyone changed any group policy settings to prevent logon through Terminal Services?
You can try this:

go into the terminal server config, right click the connection and go to  properties. In there you need to add the users that can terminal server  in


1.  On the TS, start Terminal Services Configuration
2.  Double-click rdp-tcp on the right hand side and select
the Permissions tab
3.  If you HAVE NOT customized your permissions, click on
the Advanced button, then click the Default button, and
click OK to save your changes and SKIP the remaining
steps
4.  If you HAVE customized your permissions, click on
Remote Desktop Users if it is in the list and click the
Remove button
5.  Click the OK button to save your changes
6.  Double-click rdp-tcp on the right hand side and select
the Permissions tab
7.  Click the Add button, and type in "Remote Desktop Users",
without the quotes, and click OK
8.  Check User Access under the Allow column.
9.  Click the OK button to save your changes

It seems that every once in a while the connection object
permissions get messed up.  Even though they appear
correct, the server behaves as if they are set wrong.

Based on what you have said I think this is what happened
to you.  By clicking the default button you caused the
server to rewrite the security key using the default
permissions.  FYI, the security is stored here:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations
\RDP-Tcp\Security

Author

Commented:
hi sean_larabee and MCMC_Support,
I try both of your suggestion but no luck ...
One more suggestion here...

1.  On the TS, open the Local Security Policy
2.  Expand Local Policies on the left, select
User Rights Assignment
3.  Double-click "Allow log on through Terminal Services" on
the right
4.  If Remote Desktop Users is in the list, select it and then
click the Remove button
5.  Make sure "Define these policy settings" is checked, if it
exists.
6.  Click the OK button to save your changes
7.  Open a command prompt window and type gpupdate
8.  Back in your Local Security Policy window, double-click
9.  Click the Add button, and type "Remote Desktop Users",
without the quotes, and click OK
10. Make sure "Define these policy settings" is checked, if it
exists.
11. Click the OK button to save your changes
12. Open up a command prompt window and type gpupdate

Author

Commented:
hi MCMC_Support,
it's gray out ... I can't change anything under "allow log on through terminal services"
I guess we're using GPO?
we're using windows 2003 domain controller
I would say you are using a Group Policy
Object that is setting the security policies for your TS, so now you know where to look.

Is this issue figured out?
Commented:
I called Microsoft support and here is the issue and solution
Issue: the terminal serve was unable to locate the license server
solution: http://support.microsoft.com/kb/279561

thank much for all your help