Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


error "The requested Session Access is Denied

Posted on 2011-02-24
Medium Priority
Last Modified: 2013-11-21
I didn't set up this network and I'm trying to setup a new user to RDP into the TS server and keep getting access is denied. I can get in using the admin acct but can't setup new users. I know I'm missing something but don't know what.  They are in the RDP group on the DC, and locally on the TS server as far as I can tell all else is the same except of course it isn't.  help!
Question by:desireelac
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3

Expert Comment

ID: 34988509
Can you open terminal services manager and right click on TCP Session. if Windows 2003 and check who has access to the terminal server you should see Remote Desktop Users, if not add one persons account and try again with that user to test. then add the remote desktop users group. also watch out that on a terminal server there is nothing in Group policy that is saying only administrators are allowed to access RDP on a server.


Author Comment

ID: 34989210
Well the TS server I'm trying to get to is 2008 I don't see what you're refering to there. I've right clicked on everything. I have lots of users that get in regularly I just can't setup this new user and everything seems the same to me.  Most of the users are just regular users not domain admins or anything special.  All are members or Remote desktop users on the domain and I added them to the local users remote desktop.

Expert Comment

ID: 34991009
Ok i didnt realise that is was 2008 Terminal Server.

Sometimes the access is defined in Group policy should you so have this running in AD unless its standalone. check the below location to see if the previous administrator setup a different group that was allowed access to the terminal server or if they were explicitly defined in here by user name

Local Machine ---- Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections\
AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\

Are you perhaps running a 2008 SBS server as your domain controller? are your users making use of a web front end? or directly using RDP.

is the machine you are using to connect this one user the same machine that you logon with admin accounts? (Im trying to eliminate client version here) Some cases the remote session is denied due to client version Ie XP RDP and Windows 7 new RDP with encryption.

Are you also perhaps running TS in console mode for that user which would naturally be denied to anybody but an administrator.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 34991721
checked local machine on the ts server and the only thing under Computer Configuration\Administrative Templates\Windows Components\Terminal Services is remote desktop connections and all is says is do not allow passwords to be saved.  

There is nothing listed under AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\

we're not running 2008 SBS only full version 2008 server R2 on both ts server and dc, I also have a 32bit 2003 TS server and can't get into that either.  

I have about 25 users using this so it works for them it's just these new users I'm setting up that I'm missing something.  

I'm not sure what you mean by running ts in console mode?

I can get in using one of the other user accts from the same pc I'm using so I don't think it's a pc rights issue.  I'm trying it right now from an xp sp3 box but also trying from a toshiba windows 7 home laptop.  I'll try to get in using another user acct on the laptop but I'm pretty sure it's something with the user.  The guy who set this up was a super super security wonk and had security settings set like we were working as NASA.  I had only setup 1 user this way when he left suddenly so I know I'm missing something but am not sure what.  Thanks so much for you help I really appreciate it.  


Author Comment

ID: 34991790
just tried setting up a new user just in case I'd gotten myself off somehow and missed something
i added test as a user on AD.
Added that user to groups domain users, non admins, print operators, remote desktop users
added user to local group remote desktop users on  TS 2008 server with lusrmgr.msc

after that it should work but I'm getting that stupid error...requested access is denied.  this is from the xp sp3 box.

Author Comment

ID: 34991857
Added test user as a domain admin and still getting the same result.  arhggggggggg
and that was from the ts 2008 server to the DC

What am I missing??

Expert Comment

ID: 34991859
im more than happy to diagnose this myself for you. My support company is www.(removed by Moderator).co.uk I can send you a link for my logmein account and I deal with Terminal servers on a daily basis, If you want a second pair of eyes to go through the settings for you then I have no problem doing so. If you have your own remote software or public RDP with a temp admin account completely up to you and I can have a look but not till monday as i try to not work at the weekends

Author Comment

ID: 34991876
I'm not there on mondays but maybe will get you in remotely? How about tomorrow at 8am my time. I'm on Atlantic Standard so right now it's 11.57 I guess you're in the UK so it would be 5pm there I think? So tomorrow that would be at 1pm your time? I'd really appreciate it. I'm just completely stuck..

Accepted Solution

desireelac earned 0 total points
ID: 35023502
It's fixed thanks to Supportonthespot

It turns out in terminal services manager I had to right click on rdp-tcp connections and add the users there in security and viola it worked.  Although RDP user groups were setup and looked like they were being used they weren't.  

Question closed. thanks!

Author Closing Comment

ID: 35067682
My comment has the answer his had questions and finally contact info.I only input the solution so others could have access.

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are IT support and need to work after hours to resolve customer issues then here are a few tips on how to handle after hours support
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question