Terminal Server ; remote control (shadowing) ; error 5 access is denied
Hello;
We are seeing a problem on all Server 2008 terminal services (remote desktop services) where in certain situation, we and end users cannot "shadow" another user's terminal server session.
When trying to shadow another TS user's session via either the GUI (Administrative Tools > Terminal Services Manager > Right Click existing Session > Remote Control) or via the SHADOW command-line utility, we get the error 'access is denied'; error 5.
There are many articles out there on this error, but they all point to group policy configurations that we DONT use. I've narrowed it down a bit by OS, it seems. When I RDP into an affected server from a Windows 7 client (32 or 64 bit), the problem occurs. However, when I RDP in from another Windows 2008 server (TO the same server), the problem does NOT happen. Obviously slightly different versions of the RDP client. I suspect its a problem with the RDP client shipped with WIndows 7.
I have also read this article ( http://support.microsoft.com/kb/2273487/en-us ) which does not apply, as all TS's in this case are Server 2008 SP2 (not R2).
Group Policies do not define any TS/RDP specific settings OTHER THAN keep-alive and session time out. I have also tried each of the various group policy settings related to RDP compression, to no avail.
Anyone know of any solutions? Or--at least confirmation that this is a known Microsoft bug that has yet to be fixed? Thank you.
We are seeing a problem on all Server 2008 terminal services (remote desktop services) where in certain situation, we and end users cannot "shadow" another user's terminal server session.
When trying to shadow another TS user's session via either the GUI (Administrative Tools > Terminal Services Manager > Right Click existing Session > Remote Control) or via the SHADOW command-line utility, we get the error 'access is denied'; error 5.
There are many articles out there on this error, but they all point to group policy configurations that we DONT use. I've narrowed it down a bit by OS, it seems. When I RDP into an affected server from a Windows 7 client (32 or 64 bit), the problem occurs. However, when I RDP in from another Windows 2008 server (TO the same server), the problem does NOT happen. Obviously slightly different versions of the RDP client. I suspect its a problem with the RDP client shipped with WIndows 7.
I have also read this article ( http://support.microsoft.com/kb/2273487/en-us ) which does not apply, as all TS's in this case are Server 2008 SP2 (not R2).
Group Policies do not define any TS/RDP specific settings OTHER THAN keep-alive and session time out. I have also tried each of the various group policy settings related to RDP compression, to no avail.
Anyone know of any solutions? Or--at least confirmation that this is a known Microsoft bug that has yet to be fixed? Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have also seen this happen when there is a kerberos security ticket that exceeds the maximum configured size. Do you have any event log errors (Security or System) ?
ASKER
abandoned
ASKER
abandoned
ASKER
abandoned
Administrative tools, Remote Desktop Services, Remote Desktop Session Host Configuration.
Right click rdp-tcp and select properties.
review all settings.
Changes only apply to new rdp sessions. Any existing connection will have to logout and back in.