Solved

Terminal Server ; remote control (shadowing) ; error 5 access is denied

Posted on 2011-09-19
6
2,241 Views
Last Modified: 2012-08-14
Hello;

We are seeing a problem on all Server 2008 terminal services (remote desktop services) where in certain situation, we and end users cannot "shadow" another user's terminal server session.

When trying to shadow another TS user's session via either the GUI (Administrative Tools > Terminal Services Manager > Right Click existing Session > Remote Control) or via the SHADOW command-line utility, we get the error 'access is denied'; error 5.

There are many articles out there on this error, but they all point to group policy configurations that we DONT use.  I've narrowed it down a bit by OS, it seems.  When I RDP into an affected server from a Windows 7 client (32 or 64 bit), the problem occurs.  However, when I RDP in from another Windows 2008 server (TO the same server), the problem does NOT happen.  Obviously slightly different versions of the RDP client.  I suspect its a problem with the RDP client shipped with WIndows 7.

I have also read this article ( http://support.microsoft.com/kb/2273487/en-us ) which does not apply, as all TS's in this case are Server 2008 SP2 (not R2).

Group Policies do not define any TS/RDP specific settings OTHER THAN keep-alive and session time out.  I have also tried each of the various group policy settings related to RDP compression, to no avail.

Anyone know of any solutions?  Or--at least confirmation that this is a known Microsoft bug that has yet to be fixed?  Thank you.
0
Comment
Question by:Uptime Legal Systems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 5

Expert Comment

by:greedj
ID: 36906216
If you are not using Group Policy, you need to configure terminal services manually on the server.

Administrative tools, Remote Desktop Services, Remote Desktop Session Host Configuration.
Right click rdp-tcp and select properties.
review all settings.

Changes only apply to new rdp sessions. Any existing connection will have to logout and back in.
0
 
LVL 6

Accepted Solution

by:
Uptime Legal Systems earned 0 total points
ID: 36906351
no solution
0
 
LVL 5

Expert Comment

by:greedj
ID: 36906445
I have also seen this happen when there is a kerberos security ticket that exceeds the maximum configured size. Do you have any event log errors (Security or System) ?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 6

Author Closing Comment

by:Uptime Legal Systems
ID: 37105843
abandoned
0
 
LVL 6

Author Comment

by:Uptime Legal Systems
ID: 37084018
abandoned
0
 
LVL 6

Author Comment

by:Uptime Legal Systems
ID: 37084023
abandoned
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question