error "The requested Session Access is Denied

Posted on 2011-02-24
Last Modified: 2013-11-21
I didn't set up this network and I'm trying to setup a new user to RDP into the TS server and keep getting access is denied. I can get in using the admin acct but can't setup new users. I know I'm missing something but don't know what.  They are in the RDP group on the DC, and locally on the TS server as far as I can tell all else is the same except of course it isn't.  help!
Question by:desireelac
  • 7
  • 3

Expert Comment

ID: 34988509
Can you open terminal services manager and right click on TCP Session. if Windows 2003 and check who has access to the terminal server you should see Remote Desktop Users, if not add one persons account and try again with that user to test. then add the remote desktop users group. also watch out that on a terminal server there is nothing in Group policy that is saying only administrators are allowed to access RDP on a server.


Author Comment

ID: 34989210
Well the TS server I'm trying to get to is 2008 I don't see what you're refering to there. I've right clicked on everything. I have lots of users that get in regularly I just can't setup this new user and everything seems the same to me.  Most of the users are just regular users not domain admins or anything special.  All are members or Remote desktop users on the domain and I added them to the local users remote desktop.

Expert Comment

ID: 34991009
Ok i didnt realise that is was 2008 Terminal Server.

Sometimes the access is defined in Group policy should you so have this running in AD unless its standalone. check the below location to see if the previous administrator setup a different group that was allowed access to the terminal server or if they were explicitly defined in here by user name

Local Machine ---- Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections\
AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\

Are you perhaps running a 2008 SBS server as your domain controller? are your users making use of a web front end? or directly using RDP.

is the machine you are using to connect this one user the same machine that you logon with admin accounts? (Im trying to eliminate client version here) Some cases the remote session is denied due to client version Ie XP RDP and Windows 7 new RDP with encryption.

Are you also perhaps running TS in console mode for that user which would naturally be denied to anybody but an administrator.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 34991721
checked local machine on the ts server and the only thing under Computer Configuration\Administrative Templates\Windows Components\Terminal Services is remote desktop connections and all is says is do not allow passwords to be saved.  

There is nothing listed under AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\

we're not running 2008 SBS only full version 2008 server R2 on both ts server and dc, I also have a 32bit 2003 TS server and can't get into that either.  

I have about 25 users using this so it works for them it's just these new users I'm setting up that I'm missing something.  

I'm not sure what you mean by running ts in console mode?

I can get in using one of the other user accts from the same pc I'm using so I don't think it's a pc rights issue.  I'm trying it right now from an xp sp3 box but also trying from a toshiba windows 7 home laptop.  I'll try to get in using another user acct on the laptop but I'm pretty sure it's something with the user.  The guy who set this up was a super super security wonk and had security settings set like we were working as NASA.  I had only setup 1 user this way when he left suddenly so I know I'm missing something but am not sure what.  Thanks so much for you help I really appreciate it.  


Author Comment

ID: 34991790
just tried setting up a new user just in case I'd gotten myself off somehow and missed something
i added test as a user on AD.
Added that user to groups domain users, non admins, print operators, remote desktop users
added user to local group remote desktop users on  TS 2008 server with lusrmgr.msc

after that it should work but I'm getting that stupid error...requested access is denied.  this is from the xp sp3 box.

Author Comment

ID: 34991857
Added test user as a domain admin and still getting the same result.  arhggggggggg
and that was from the ts 2008 server to the DC

What am I missing??

Expert Comment

ID: 34991859
im more than happy to diagnose this myself for you. My support company is www.(removed by Moderator) I can send you a link for my logmein account and I deal with Terminal servers on a daily basis, If you want a second pair of eyes to go through the settings for you then I have no problem doing so. If you have your own remote software or public RDP with a temp admin account completely up to you and I can have a look but not till monday as i try to not work at the weekends

Author Comment

ID: 34991876
I'm not there on mondays but maybe will get you in remotely? How about tomorrow at 8am my time. I'm on Atlantic Standard so right now it's 11.57 I guess you're in the UK so it would be 5pm there I think? So tomorrow that would be at 1pm your time? I'd really appreciate it. I'm just completely stuck..

Accepted Solution

desireelac earned 0 total points
ID: 35023502
It's fixed thanks to Supportonthespot

It turns out in terminal services manager I had to right click on rdp-tcp connections and add the users there in security and viola it worked.  Although RDP user groups were setup and looked like they were being used they weren't.  

Question closed. thanks!

Author Closing Comment

ID: 35067682
My comment has the answer his had questions and finally contact info.I only input the solution so others could have access.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Both MMF (multi-mode fiber) and SMF (single-mode fiber) are types of optical fiber that can aid in communication applications. These thin strands of silica or glass will allow communication to occur between devices. The transmission of light between…
IT certifications are a concrete representation of continual learning on the part of the candidate.  Continual learning is necessary for the long term success of an IT professional, but are IT certifications the right path for you?
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question