Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Users can't remote after migration

Posted on 2010-08-16
8
Medium Priority
?
354 Views
Last Modified: 2013-11-21
I just preformed a swing migration from SBS to 2003 standard.  Everything went fine so it has seemed.  I just added a new server to the domain that is a stand alone.  It is to be a Windows Terminal Server.  None of my users can log onto the new server using RDP.  So I checked to make sure the users were part of the remote desktop users group.  They were so then I checked to see if the users could log onto the DC.  They still couldn't.  I can't seem to find what's wrong with my AD to see why these users can't logon remotely.  Help!!
0
Comment
Question by:johnpatbullock
8 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 33448870
Whats the error... and whats in the security log for the server ?
0
 
LVL 3

Expert Comment

by:mijared
ID: 33448898
There can be lots of reasons why users can't log into a terminal server.

1 Check the firewall on the server.
2 Check the GPO for this server, look for Comp Config > Admin Temp > Windows Components > Terminal Services > Allow users to connect remotely.
3 Check that the RDP group is allowed to connect to the server. Check this in Terminal services configuration.

Michael
0
 
LVL 4

Accepted Solution

by:
Jamie_Wilson earned 2000 total points
ID: 33448932
If the TS server is not a DC, make sure the users are members of the local remote desktop users group
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 

Author Comment

by:johnpatbullock
ID: 33448988
I know the firewall is ok.  I can logon remotely using the domain admin account.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33448997
show us what the server logs are saying while attempting to login with a user account... at present we have little information to work on.
0
 

Author Comment

by:johnpatbullock
ID: 33449230
It seems only domain admins can logon.  When a normal user tries the message is "To log on to the remote computer, you must be granted the Allow log on through Terminal Services right."  Even though these users have that right??  I get no errors in application or system even viewer.  
0
 
LVL 5

Expert Comment

by:SteelerPaz
ID: 33455344
Sounds like you need to focus on Step 3.  Domain admins always have the rights.

To enable Remote Desktop via group policy, you need to:

1. Enable Remote Desktop,
2. Create the inbound firewall rule,
3. (Optionally) Configure the groups allowed to connect.

You can do this by using the following settings:

1. Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Allow users to connect remotely using Remote Desktop Services = Enabled

2. Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules
2a. Right-click -> New Rule...
2b. Predefined -> Remote Desktop, Next, Next
2c. Allow the connection, Finish.

3. Computer Configuration > Windows Settings > Security Settings > Restricted Groups
3a. Right-click -> Add Group,
3b. Use the Browse button to find the domain group that has all the users you want to be able to use RDP in it, click OK,
3c. Click the second Add button (for "This group is a member of:",
3d. Type, Remote Desktop Users, then click OK twice to confirm the policy setting.
0
 
LVL 17

Expert Comment

by:Spike99
ID: 33465636
I think that error indicates that the user is NOT a member of the local Remote Desktop Users group on the server.  Since these users are already members of the Remote desktop Users group, I would check terminal servicies configuration:

click on Start > All programs > administrative tools > terminal services configuration

Double click on the RDP-TCP in the right hand panel. Click on the permissions tab:
make sure the Remote Desktop Users group is granted "user" and "guest" access to the server.
I hope this helps.

Alicia
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question