Solved

Terminal Server ; remote control (shadowing) ; error 5 access is denied

Posted on 2011-09-19
6
2,145 Views
Last Modified: 2012-08-14
Hello;

We are seeing a problem on all Server 2008 terminal services (remote desktop services) where in certain situation, we and end users cannot "shadow" another user's terminal server session.

When trying to shadow another TS user's session via either the GUI (Administrative Tools > Terminal Services Manager > Right Click existing Session > Remote Control) or via the SHADOW command-line utility, we get the error 'access is denied'; error 5.

There are many articles out there on this error, but they all point to group policy configurations that we DONT use.  I've narrowed it down a bit by OS, it seems.  When I RDP into an affected server from a Windows 7 client (32 or 64 bit), the problem occurs.  However, when I RDP in from another Windows 2008 server (TO the same server), the problem does NOT happen.  Obviously slightly different versions of the RDP client.  I suspect its a problem with the RDP client shipped with WIndows 7.

I have also read this article ( http://support.microsoft.com/kb/2273487/en-us ) which does not apply, as all TS's in this case are Server 2008 SP2 (not R2).

Group Policies do not define any TS/RDP specific settings OTHER THAN keep-alive and session time out.  I have also tried each of the various group policy settings related to RDP compression, to no avail.

Anyone know of any solutions?  Or--at least confirmation that this is a known Microsoft bug that has yet to be fixed?  Thank you.
0
Comment
Question by:Uptime Legal Systems
  • 4
  • 2
6 Comments
 
LVL 5

Expert Comment

by:greedj
ID: 36906216
If you are not using Group Policy, you need to configure terminal services manually on the server.

Administrative tools, Remote Desktop Services, Remote Desktop Session Host Configuration.
Right click rdp-tcp and select properties.
review all settings.

Changes only apply to new rdp sessions. Any existing connection will have to logout and back in.
0
 
LVL 6

Accepted Solution

by:
Uptime Legal Systems earned 0 total points
ID: 36906351
no solution
0
 
LVL 5

Expert Comment

by:greedj
ID: 36906445
I have also seen this happen when there is a kerberos security ticket that exceeds the maximum configured size. Do you have any event log errors (Security or System) ?
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 6

Author Closing Comment

by:Uptime Legal Systems
ID: 37105843
abandoned
0
 
LVL 6

Author Comment

by:Uptime Legal Systems
ID: 37084018
abandoned
0
 
LVL 6

Author Comment

by:Uptime Legal Systems
ID: 37084023
abandoned
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now