Solved

Users can't remote after migration

Posted on 2010-08-16
8
343 Views
Last Modified: 2013-11-21
I just preformed a swing migration from SBS to 2003 standard.  Everything went fine so it has seemed.  I just added a new server to the domain that is a stand alone.  It is to be a Windows Terminal Server.  None of my users can log onto the new server using RDP.  So I checked to make sure the users were part of the remote desktop users group.  They were so then I checked to see if the users could log onto the DC.  They still couldn't.  I can't seem to find what's wrong with my AD to see why these users can't logon remotely.  Help!!
0
Comment
Question by:johnpatbullock
8 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 33448870
Whats the error... and whats in the security log for the server ?
0
 
LVL 3

Expert Comment

by:mijared
ID: 33448898
There can be lots of reasons why users can't log into a terminal server.

1 Check the firewall on the server.
2 Check the GPO for this server, look for Comp Config > Admin Temp > Windows Components > Terminal Services > Allow users to connect remotely.
3 Check that the RDP group is allowed to connect to the server. Check this in Terminal services configuration.

Michael
0
 
LVL 4

Accepted Solution

by:
Jamie_Wilson earned 500 total points
ID: 33448932
If the TS server is not a DC, make sure the users are members of the local remote desktop users group
0
 

Author Comment

by:johnpatbullock
ID: 33448988
I know the firewall is ok.  I can logon remotely using the domain admin account.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 20

Expert Comment

by:woolnoir
ID: 33448997
show us what the server logs are saying while attempting to login with a user account... at present we have little information to work on.
0
 

Author Comment

by:johnpatbullock
ID: 33449230
It seems only domain admins can logon.  When a normal user tries the message is "To log on to the remote computer, you must be granted the Allow log on through Terminal Services right."  Even though these users have that right??  I get no errors in application or system even viewer.  
0
 
LVL 5

Expert Comment

by:SteelerPaz
ID: 33455344
Sounds like you need to focus on Step 3.  Domain admins always have the rights.

To enable Remote Desktop via group policy, you need to:

1. Enable Remote Desktop,
2. Create the inbound firewall rule,
3. (Optionally) Configure the groups allowed to connect.

You can do this by using the following settings:

1. Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Allow users to connect remotely using Remote Desktop Services = Enabled

2. Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules
2a. Right-click -> New Rule...
2b. Predefined -> Remote Desktop, Next, Next
2c. Allow the connection, Finish.

3. Computer Configuration > Windows Settings > Security Settings > Restricted Groups
3a. Right-click -> Add Group,
3b. Use the Browse button to find the domain group that has all the users you want to be able to use RDP in it, click OK,
3c. Click the second Add button (for "This group is a member of:",
3d. Type, Remote Desktop Users, then click OK twice to confirm the policy setting.
0
 
LVL 16

Expert Comment

by:Spike99
ID: 33465636
I think that error indicates that the user is NOT a member of the local Remote Desktop Users group on the server.  Since these users are already members of the Remote desktop Users group, I would check terminal servicies configuration:

click on Start > All programs > administrative tools > terminal services configuration

Double click on the RDP-TCP in the right hand panel. Click on the permissions tab:
make sure the Remote Desktop Users group is granted "user" and "guest" access to the server.
I hope this helps.

Alicia
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

##the calculator has been updated to version 1.6 please download the use the updated version## Hi there, After the previous post of the original version of the calculator here : http://www.experts-exchange.com/articles/OS/Microsoft_Operatin…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now