• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 826
  • Last Modified:

administrator denied access to terminal services

Hello,

I am not sure what happend here but a user called because they couldn't access terminal services...I am not sure if anyone made any group policy edits or anything but I am suspecting that is the case.

In order to get the person logged in I had to add them to the local terminal server via computer management - remote - and add user. I never had to do that before since the user is a member of the remote desktop users group and the remote desktop users group by default has login rights to terminal servers....another thing that is very wierd now as well is that all 3 of my 2008 servers are denying the administrator access to log in? I can rdp into all of the 2003 servers as the admin but not the 2008 - I suspect that I could log onto them locally and add the administrator manually however I just want to try to get things back to the way they were...ex the administrator can log into all servers remotley....and remote desktop users can log into all of the terminal servers without having to add them locally to the terminal server via computer management - remote - and adding all the users...

If anyone could help me troubleshoot on where to look for why this is happening it would be great...the only thing that I am sure of is that the domain controller had been modified for something last night -

Thanks
0
badgermike
Asked:
badgermike
  • 2
2 Solutions
 
badgermikeAuthor Commented:
Here is what i see

In the default domain policy - local policies - user rights assignment - allow login through terminal services = not defined

Buitin -Remote desktop users is populated with teh appropriate users

Users in AD are members of the Remote Desktop Users.

Domain Controller Security Policy -local policies - user rights assignment - allow login through terminal services = not defined

No restricted groups.

0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Try to run Group Policy Modeling fro those TS servers to check if there is no any GPOs which modified "administrator" permission.
MS article will help you with that GPO Modeling
http://technet.microsoft.com/en-us/library/cc781242%28WS.10%29.aspx
or
http://technet.microsoft.com/en-us/library/cc780305%28WS.10%29.aspx

Regards,
Krzysztof
0
 
ChiefITCommented:
You have implied that this once workd. On 2003 server, there are known issues with RDP using service pack 2. Here you go, you might want to check this out.

http://www.lan-2-wan.com/2003-SP2.htm 

How does this apply to 2008 server, you might ask. I don't know if the listening port has been fixed in 2008 server. So, you might want to go through the steps to see if the listening port is dynamically assigned for a TS session.
---------------
Also, if the error says something like (can not logon locally) it is a group policy object that will not allow remote sessions to control local features. This group policy prevents remote operators from using terminal services.
--------------
If the error says, (access denied) it is a permissions problem.
-------------
Firewalls often block TS from a remote computer as well.
-------------
Please provide the syntax of the error you are seeing when trying to logon to TS/remote desktop. Providing the error helps when troubleshooting this issue.
0
 
badgermikeAuthor Commented:
Thanks, sorry so late it was both of your posts that helped me solve the issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now