error "The requested Session Access is Denied
I didn't set up this network and I'm trying to setup a new user to RDP into the TS server and keep getting access is denied. I can get in using the admin acct but can't setup new users. I know I'm missing something but don't know what. They are in the RDP group on the DC, and locally on the TS server as far as I can tell all else is the same except of course it isn't. help!
Supportonthespot
Can you open terminal services manager and right click on TCP Session. if Windows 2003 and check who has access to the terminal server you should see Remote Desktop Users, if not add one persons account and try again with that user to test. then add the remote desktop users group. also watch out that on a terminal server there is nothing in Group policy that is saying only administrators are allowed to access RDP on a server.
ASKER
Well the TS server I'm trying to get to is 2008 I don't see what you're refering to there. I've right clicked on everything. I have lots of users that get in regularly I just can't setup this new user and everything seems the same to me. Most of the users are just regular users not domain admins or anything special. All are members or Remote desktop users on the domain and I added them to the local users remote desktop.
Ok i didnt realise that is was 2008 Terminal Server.
Sometimes the access is defined in Group policy should you so have this running in AD unless its standalone. check the below location to see if the previous administrator setup a different group that was allowed access to the terminal server or if they were explicitly defined in here by user name
Local Machine ---- Computer Configuration\Administrati
AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
Are you perhaps running a 2008 SBS server as your domain controller? are your users making use of a web front end? or directly using RDP.
is the machine you are using to connect this one user the same machine that you logon with admin accounts? (Im trying to eliminate client version here) Some cases the remote session is denied due to client version Ie XP RDP and Windows 7 new RDP with encryption.
Are you also perhaps running TS in console mode for that user which would naturally be denied to anybody but an administrator.
Sometimes the access is defined in Group policy should you so have this running in AD unless its standalone. check the below location to see if the previous administrator setup a different group that was allowed access to the terminal server or if they were explicitly defined in here by user name
Local Machine ---- Computer Configuration\Administrati
AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
Are you perhaps running a 2008 SBS server as your domain controller? are your users making use of a web front end? or directly using RDP.
is the machine you are using to connect this one user the same machine that you logon with admin accounts? (Im trying to eliminate client version here) Some cases the remote session is denied due to client version Ie XP RDP and Windows 7 new RDP with encryption.
Are you also perhaps running TS in console mode for that user which would naturally be denied to anybody but an administrator.
ASKER
checked local machine on the ts server and the only thing under Computer Configuration\Administrati
There is nothing listed under AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
we're not running 2008 SBS only full version 2008 server R2 on both ts server and dc, I also have a 32bit 2003 TS server and can't get into that either.
I have about 25 users using this so it works for them it's just these new users I'm setting up that I'm missing something.
I'm not sure what you mean by running ts in console mode?
I can get in using one of the other user accts from the same pc I'm using so I don't think it's a pc rights issue. I'm trying it right now from an xp sp3 box but also trying from a toshiba windows 7 home laptop. I'll try to get in using another user acct on the laptop but I'm pretty sure it's something with the user. The guy who set this up was a super super security wonk and had security settings set like we were working as NASA. I had only setup 1 user this way when he left suddenly so I know I'm missing something but am not sure what. Thanks so much for you help I really appreciate it.
There is nothing listed under AD Machine ---- Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
we're not running 2008 SBS only full version 2008 server R2 on both ts server and dc, I also have a 32bit 2003 TS server and can't get into that either.
I have about 25 users using this so it works for them it's just these new users I'm setting up that I'm missing something.
I'm not sure what you mean by running ts in console mode?
I can get in using one of the other user accts from the same pc I'm using so I don't think it's a pc rights issue. I'm trying it right now from an xp sp3 box but also trying from a toshiba windows 7 home laptop. I'll try to get in using another user acct on the laptop but I'm pretty sure it's something with the user. The guy who set this up was a super super security wonk and had security settings set like we were working as NASA. I had only setup 1 user this way when he left suddenly so I know I'm missing something but am not sure what. Thanks so much for you help I really appreciate it.
ASKER
just tried setting up a new user just in case I'd gotten myself off somehow and missed something
i added test as a user on AD.
Added that user to groups domain users, non admins, print operators, remote desktop users
added user to local group remote desktop users on TS 2008 server with lusrmgr.msc
after that it should work but I'm getting that stupid error...requested access is denied. this is from the xp sp3 box.
i added test as a user on AD.
Added that user to groups domain users, non admins, print operators, remote desktop users
added user to local group remote desktop users on TS 2008 server with lusrmgr.msc
after that it should work but I'm getting that stupid error...requested access is denied. this is from the xp sp3 box.
ASKER
Added test user as a domain admin and still getting the same result. arhggggggggg
and that was from the ts 2008 server to the DC
What am I missing??
and that was from the ts 2008 server to the DC
What am I missing??
im more than happy to diagnose this myself for you. My support company is www.(removed by Moderator).co.uk I can send you a link for my logmein account and I deal with Terminal servers on a daily basis, If you want a second pair of eyes to go through the settings for you then I have no problem doing so. If you have your own remote software or public RDP with a temp admin account completely up to you and I can have a look but not till monday as i try to not work at the weekends
ASKER
I'm not there on mondays but maybe will get you in remotely? How about tomorrow at 8am my time. I'm on Atlantic Standard so right now it's 11.57 I guess you're in the UK so it would be 5pm there I think? So tomorrow that would be at 1pm your time? I'd really appreciate it. I'm just completely stuck..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My comment has the answer his had questions and finally contact info.I only input the solution so others could have access.