Solved

Users can't remote after migration

Posted on 2010-08-16
8
340 Views
Last Modified: 2013-11-21
I just preformed a swing migration from SBS to 2003 standard.  Everything went fine so it has seemed.  I just added a new server to the domain that is a stand alone.  It is to be a Windows Terminal Server.  None of my users can log onto the new server using RDP.  So I checked to make sure the users were part of the remote desktop users group.  They were so then I checked to see if the users could log onto the DC.  They still couldn't.  I can't seem to find what's wrong with my AD to see why these users can't logon remotely.  Help!!
0
Comment
Question by:johnpatbullock
8 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 33448870
Whats the error... and whats in the security log for the server ?
0
 
LVL 3

Expert Comment

by:mijared
ID: 33448898
There can be lots of reasons why users can't log into a terminal server.

1 Check the firewall on the server.
2 Check the GPO for this server, look for Comp Config > Admin Temp > Windows Components > Terminal Services > Allow users to connect remotely.
3 Check that the RDP group is allowed to connect to the server. Check this in Terminal services configuration.

Michael
0
 
LVL 4

Accepted Solution

by:
Jamie_Wilson earned 500 total points
ID: 33448932
If the TS server is not a DC, make sure the users are members of the local remote desktop users group
0
 

Author Comment

by:johnpatbullock
ID: 33448988
I know the firewall is ok.  I can logon remotely using the domain admin account.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 20

Expert Comment

by:woolnoir
ID: 33448997
show us what the server logs are saying while attempting to login with a user account... at present we have little information to work on.
0
 

Author Comment

by:johnpatbullock
ID: 33449230
It seems only domain admins can logon.  When a normal user tries the message is "To log on to the remote computer, you must be granted the Allow log on through Terminal Services right."  Even though these users have that right??  I get no errors in application or system even viewer.  
0
 
LVL 5

Expert Comment

by:SteelerPaz
ID: 33455344
Sounds like you need to focus on Step 3.  Domain admins always have the rights.

To enable Remote Desktop via group policy, you need to:

1. Enable Remote Desktop,
2. Create the inbound firewall rule,
3. (Optionally) Configure the groups allowed to connect.

You can do this by using the following settings:

1. Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Allow users to connect remotely using Remote Desktop Services = Enabled

2. Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules
2a. Right-click -> New Rule...
2b. Predefined -> Remote Desktop, Next, Next
2c. Allow the connection, Finish.

3. Computer Configuration > Windows Settings > Security Settings > Restricted Groups
3a. Right-click -> Add Group,
3b. Use the Browse button to find the domain group that has all the users you want to be able to use RDP in it, click OK,
3c. Click the second Add button (for "This group is a member of:",
3d. Type, Remote Desktop Users, then click OK twice to confirm the policy setting.
0
 
LVL 16

Expert Comment

by:Spike99
ID: 33465636
I think that error indicates that the user is NOT a member of the local Remote Desktop Users group on the server.  Since these users are already members of the Remote desktop Users group, I would check terminal servicies configuration:

click on Start > All programs > administrative tools > terminal services configuration

Double click on the RDP-TCP in the right hand panel. Click on the permissions tab:
make sure the Remote Desktop Users group is granted "user" and "guest" access to the server.
I hope this helps.

Alicia
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

##the calculator has been updated to version 1.6 please download the use the updated version## Hi there, After the previous post of the original version of the calculator here : http://www.experts-exchange.com/articles/OS/Microsoft_Operatin…
After having deployed hundreds of thousands of Terminal Services seats worldwide, I still see all the time people asking me that same old question: "If TS/RDS is that reliable why are you telling me I should reboot it that often? My DC/SQL/Exchange/…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now