?
Solved

Users can't remote after migration

Posted on 2010-08-16
8
Medium Priority
?
353 Views
Last Modified: 2013-11-21
I just preformed a swing migration from SBS to 2003 standard.  Everything went fine so it has seemed.  I just added a new server to the domain that is a stand alone.  It is to be a Windows Terminal Server.  None of my users can log onto the new server using RDP.  So I checked to make sure the users were part of the remote desktop users group.  They were so then I checked to see if the users could log onto the DC.  They still couldn't.  I can't seem to find what's wrong with my AD to see why these users can't logon remotely.  Help!!
0
Comment
Question by:johnpatbullock
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 33448870
Whats the error... and whats in the security log for the server ?
0
 
LVL 3

Expert Comment

by:mijared
ID: 33448898
There can be lots of reasons why users can't log into a terminal server.

1 Check the firewall on the server.
2 Check the GPO for this server, look for Comp Config > Admin Temp > Windows Components > Terminal Services > Allow users to connect remotely.
3 Check that the RDP group is allowed to connect to the server. Check this in Terminal services configuration.

Michael
0
 
LVL 4

Accepted Solution

by:
Jamie_Wilson earned 2000 total points
ID: 33448932
If the TS server is not a DC, make sure the users are members of the local remote desktop users group
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 

Author Comment

by:johnpatbullock
ID: 33448988
I know the firewall is ok.  I can logon remotely using the domain admin account.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33448997
show us what the server logs are saying while attempting to login with a user account... at present we have little information to work on.
0
 

Author Comment

by:johnpatbullock
ID: 33449230
It seems only domain admins can logon.  When a normal user tries the message is "To log on to the remote computer, you must be granted the Allow log on through Terminal Services right."  Even though these users have that right??  I get no errors in application or system even viewer.  
0
 
LVL 5

Expert Comment

by:SteelerPaz
ID: 33455344
Sounds like you need to focus on Step 3.  Domain admins always have the rights.

To enable Remote Desktop via group policy, you need to:

1. Enable Remote Desktop,
2. Create the inbound firewall rule,
3. (Optionally) Configure the groups allowed to connect.

You can do this by using the following settings:

1. Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Allow users to connect remotely using Remote Desktop Services = Enabled

2. Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules
2a. Right-click -> New Rule...
2b. Predefined -> Remote Desktop, Next, Next
2c. Allow the connection, Finish.

3. Computer Configuration > Windows Settings > Security Settings > Restricted Groups
3a. Right-click -> Add Group,
3b. Use the Browse button to find the domain group that has all the users you want to be able to use RDP in it, click OK,
3c. Click the second Add button (for "This group is a member of:",
3d. Type, Remote Desktop Users, then click OK twice to confirm the policy setting.
0
 
LVL 17

Expert Comment

by:Spike99
ID: 33465636
I think that error indicates that the user is NOT a member of the local Remote Desktop Users group on the server.  Since these users are already members of the Remote desktop Users group, I would check terminal servicies configuration:

click on Start > All programs > administrative tools > terminal services configuration

Double click on the RDP-TCP in the right hand panel. Click on the permissions tab:
make sure the Remote Desktop Users group is granted "user" and "guest" access to the server.
I hope this helps.

Alicia
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question