Solved

Extremely short Terminal Server lockout

Posted on 2010-11-22
10
331 Views
Last Modified: 2012-06-27
When logging in to a terminal services session on a remote Domain controller, I am always able to successfully log in. However, the lockout is being invoked after less than a minute of activity, regardless of account being used. I do not have this extremely short lockout configured anywhere in Terminal Services Configuration, Terminal Services Manager, or Group Policy. I can't think of any other place where this value could be configured. Also, I see no events in the security event log that would indicate any problem. There is an avent 1030 in the Application event viewer: "Windows cannot query for the list of Group Policy objects," but I don't think it is related, since I believe that is a known error and has an associated hotfix. Any ideas?
0
Comment
Question by:bdbuchanan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 41

Expert Comment

by:Adam Brown
ID: 34190077
Check the settings on the Sessions tab for your user account properties in AD. You can set timeout and session limits in there.
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34190236
Does this occur when logged in to your TS via any workstation?

Rob
0
 

Author Comment

by:bdbuchanan
ID: 34190484
acbrown2010: Sessions permissions are wide open; never disconnect.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:bdbuchanan
ID: 34190503
rjwesley: Yes, it happens from any workstation. Also, I have several other remote domain controllers, none of which has this problem.
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 34190514
What is your screen saver timeout set for on those systems? (Out of curiosity)
0
 

Author Comment

by:bdbuchanan
ID: 34190569
acbrown2010: 15 minutes.
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34214007
Can you have someone test the terminal server connection that is physically at the remote site, does the lockout occur in that situation as well.
Are you using custom ports for each of your servers for terminal server connections?

Rob
0
 

Accepted Solution

by:
bdbuchanan earned 0 total points
ID: 34500797
The solution was related to our drive encryption utility being incorrectly configured.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35171035
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question