Solved

error "The requested Session Access is Denied

Posted on 2011-02-24
13
9,151 Views
Last Modified: 2013-11-21
I didn't set up this network and I'm trying to setup a new user to RDP into the TS server and keep getting access is denied. I can get in using the admin acct but can't setup new users. I know I'm missing something but don't know what.  They are in the RDP group on the DC, and locally on the TS server as far as I can tell all else is the same except of course it isn't.  help!
0
Comment
Question by:desireelac
  • 7
  • 3
13 Comments
 
LVL 4

Expert Comment

by:Supportonthespot
Comment Utility
Can you open terminal services manager and right click on TCP Session. if Windows 2003 and check who has access to the terminal server you should see Remote Desktop Users, if not add one persons account and try again with that user to test. then add the remote desktop users group. also watch out that on a terminal server there is nothing in Group policy that is saying only administrators are allowed to access RDP on a server.

0
 

Author Comment

by:desireelac
Comment Utility
Well the TS server I'm trying to get to is 2008 I don't see what you're refering to there. I've right clicked on everything. I have lots of users that get in regularly I just can't setup this new user and everything seems the same to me.  Most of the users are just regular users not domain admins or anything special.  All are members or Remote desktop users on the domain and I added them to the local users remote desktop.
0
 
LVL 4

Expert Comment

by:Supportonthespot
Comment Utility
Ok i didnt realise that is was 2008 Terminal Server.

Sometimes the access is defined in Group policy should you so have this running in AD unless its standalone. check the below location to see if the previous administrator setup a different group that was allowed access to the terminal server or if they were explicitly defined in here by user name

Local Machine ---- Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections\
AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\


Are you perhaps running a 2008 SBS server as your domain controller? are your users making use of a web front end? or directly using RDP.

is the machine you are using to connect this one user the same machine that you logon with admin accounts? (Im trying to eliminate client version here) Some cases the remote session is denied due to client version Ie XP RDP and Windows 7 new RDP with encryption.

Are you also perhaps running TS in console mode for that user which would naturally be denied to anybody but an administrator.
0
 

Author Comment

by:desireelac
Comment Utility
checked local machine on the ts server and the only thing under Computer Configuration\Administrative Templates\Windows Components\Terminal Services is remote desktop connections and all is says is do not allow passwords to be saved.  

There is nothing listed under AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\

we're not running 2008 SBS only full version 2008 server R2 on both ts server and dc, I also have a 32bit 2003 TS server and can't get into that either.  

I have about 25 users using this so it works for them it's just these new users I'm setting up that I'm missing something.  

I'm not sure what you mean by running ts in console mode?

I can get in using one of the other user accts from the same pc I'm using so I don't think it's a pc rights issue.  I'm trying it right now from an xp sp3 box but also trying from a toshiba windows 7 home laptop.  I'll try to get in using another user acct on the laptop but I'm pretty sure it's something with the user.  The guy who set this up was a super super security wonk and had security settings set like we were working as NASA.  I had only setup 1 user this way when he left suddenly so I know I'm missing something but am not sure what.  Thanks so much for you help I really appreciate it.  

0
 

Author Comment

by:desireelac
Comment Utility
just tried setting up a new user just in case I'd gotten myself off somehow and missed something
 
i added test as a user on AD.
Added that user to groups domain users, non admins, print operators, remote desktop users
added user to local group remote desktop users on  TS 2008 server with lusrmgr.msc

after that it should work but I'm getting that stupid error...requested access is denied.  this is from the xp sp3 box.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:desireelac
Comment Utility
Added test user as a domain admin and still getting the same result.  arhggggggggg
and that was from the ts 2008 server to the DC

What am I missing??
0
 
LVL 4

Expert Comment

by:Supportonthespot
Comment Utility
im more than happy to diagnose this myself for you. My support company is www.(removed by Moderator).co.uk I can send you a link for my logmein account and I deal with Terminal servers on a daily basis, If you want a second pair of eyes to go through the settings for you then I have no problem doing so. If you have your own remote software or public RDP with a temp admin account completely up to you and I can have a look but not till monday as i try to not work at the weekends
0
 

Author Comment

by:desireelac
Comment Utility
I'm not there on mondays but maybe will get you in remotely? How about tomorrow at 8am my time. I'm on Atlantic Standard so right now it's 11.57 I guess you're in the UK so it would be 5pm there I think? So tomorrow that would be at 1pm your time? I'd really appreciate it. I'm just completely stuck..
0
 

Accepted Solution

by:
desireelac earned 0 total points
Comment Utility
It's fixed thanks to Supportonthespot

It turns out in terminal services manager I had to right click on rdp-tcp connections and add the users there in security and viola it worked.  Although RDP user groups were setup and looked like they were being used they weren't.  

Question closed. thanks!
0
 

Author Closing Comment

by:desireelac
Comment Utility
My comment has the answer his had questions and finally contact info.I only input the solution so others could have access.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Remote Desktop Connections allow you to control remote host machines via the magic of the Internet and RDP (Remote Desktop Protocol). For the purposes of this article we will assume you are connecting from your home PC or laptop to a remote offic…
Online collaboration can help businesses be more efficient, help employees grow their skills and foster a team environment.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now