error "The requested Session Access is Denied

I didn't set up this network and I'm trying to setup a new user to RDP into the TS server and keep getting access is denied. I can get in using the admin acct but can't setup new users. I know I'm missing something but don't know what.  They are in the RDP group on the DC, and locally on the TS server as far as I can tell all else is the same except of course it isn't.  help!
desireelacPresidentAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
desireelacConnect With a Mentor PresidentAuthor Commented:
It's fixed thanks to Supportonthespot

It turns out in terminal services manager I had to right click on rdp-tcp connections and add the users there in security and viola it worked.  Although RDP user groups were setup and looked like they were being used they weren't.  

Question closed. thanks!
0
 
SupportonthespotCommented:
Can you open terminal services manager and right click on TCP Session. if Windows 2003 and check who has access to the terminal server you should see Remote Desktop Users, if not add one persons account and try again with that user to test. then add the remote desktop users group. also watch out that on a terminal server there is nothing in Group policy that is saying only administrators are allowed to access RDP on a server.

0
 
desireelacPresidentAuthor Commented:
Well the TS server I'm trying to get to is 2008 I don't see what you're refering to there. I've right clicked on everything. I have lots of users that get in regularly I just can't setup this new user and everything seems the same to me.  Most of the users are just regular users not domain admins or anything special.  All are members or Remote desktop users on the domain and I added them to the local users remote desktop.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
SupportonthespotCommented:
Ok i didnt realise that is was 2008 Terminal Server.

Sometimes the access is defined in Group policy should you so have this running in AD unless its standalone. check the below location to see if the previous administrator setup a different group that was allowed access to the terminal server or if they were explicitly defined in here by user name

Local Machine ---- Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections\
AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\


Are you perhaps running a 2008 SBS server as your domain controller? are your users making use of a web front end? or directly using RDP.

is the machine you are using to connect this one user the same machine that you logon with admin accounts? (Im trying to eliminate client version here) Some cases the remote session is denied due to client version Ie XP RDP and Windows 7 new RDP with encryption.

Are you also perhaps running TS in console mode for that user which would naturally be denied to anybody but an administrator.
0
 
desireelacPresidentAuthor Commented:
checked local machine on the ts server and the only thing under Computer Configuration\Administrative Templates\Windows Components\Terminal Services is remote desktop connections and all is says is do not allow passwords to be saved.  

There is nothing listed under AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\

we're not running 2008 SBS only full version 2008 server R2 on both ts server and dc, I also have a 32bit 2003 TS server and can't get into that either.  

I have about 25 users using this so it works for them it's just these new users I'm setting up that I'm missing something.  

I'm not sure what you mean by running ts in console mode?

I can get in using one of the other user accts from the same pc I'm using so I don't think it's a pc rights issue.  I'm trying it right now from an xp sp3 box but also trying from a toshiba windows 7 home laptop.  I'll try to get in using another user acct on the laptop but I'm pretty sure it's something with the user.  The guy who set this up was a super super security wonk and had security settings set like we were working as NASA.  I had only setup 1 user this way when he left suddenly so I know I'm missing something but am not sure what.  Thanks so much for you help I really appreciate it.  

0
 
desireelacPresidentAuthor Commented:
just tried setting up a new user just in case I'd gotten myself off somehow and missed something
 
i added test as a user on AD.
Added that user to groups domain users, non admins, print operators, remote desktop users
added user to local group remote desktop users on  TS 2008 server with lusrmgr.msc

after that it should work but I'm getting that stupid error...requested access is denied.  this is from the xp sp3 box.
0
 
desireelacPresidentAuthor Commented:
Added test user as a domain admin and still getting the same result.  arhggggggggg
and that was from the ts 2008 server to the DC

What am I missing??
0
 
SupportonthespotCommented:
im more than happy to diagnose this myself for you. My support company is www.(removed by Moderator).co.uk I can send you a link for my logmein account and I deal with Terminal servers on a daily basis, If you want a second pair of eyes to go through the settings for you then I have no problem doing so. If you have your own remote software or public RDP with a temp admin account completely up to you and I can have a look but not till monday as i try to not work at the weekends
0
 
desireelacPresidentAuthor Commented:
I'm not there on mondays but maybe will get you in remotely? How about tomorrow at 8am my time. I'm on Atlantic Standard so right now it's 11.57 I guess you're in the UK so it would be 5pm there I think? So tomorrow that would be at 1pm your time? I'd really appreciate it. I'm just completely stuck..
0
 
desireelacPresidentAuthor Commented:
My comment has the answer his had questions and finally contact info.I only input the solution so others could have access.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.