cfsa
asked on
Terminal Server only allowing connection to Console Session - no one else can log on!
Hi,
Suddenly I got a call today that users were no longer able to log onto one of our Terminal Servers (W2K3). In addition, there were a few users who had previously logged on earlier in the day but if these users logged off they were also NOT able to log back on.) At first I was pretty sure this was a firewall issue (which it might have been in the beginning), but now I am seeing the following:
Although I am able to access the console session on this machine remotely (using the "admin" switch"), NO OTHER USERS (not even my Domain Admin account) are able to log onto this terminal server. Any attempt to RDP to this machine (other than session "0") by anyone produces the Logon Message below (we've all seen this one before):
"To log onto this remote computer, you must have Terminal Server Access permissions on this computer" ...... If you are not a member of the Remote Desktop User group.... " Etc.
I've checked the local Remote Desktop Users group and nothing there has changed from when it was working previously.
I've also checked the following:
*Terminal Services Configuration\Connections -- RDP-Tcp properties ¦ Permissions Tab: --> I added both a local and domain user explicitly and enabled full control but it still does not work
*Checked the Local Security Settings ¦ Allow log on through Terminal Services --> The Remote Desktop Users group is present and the proper domain and local user(s) group(s) have been added but still no dice
*I've checked the domain GPOs and none of these should be blocking user access (like I said, nothing was changed, the problem "just started happening". Very bizarre.)
I'm not sure where else to look.
Any ideas?
Suddenly I got a call today that users were no longer able to log onto one of our Terminal Servers (W2K3). In addition, there were a few users who had previously logged on earlier in the day but if these users logged off they were also NOT able to log back on.) At first I was pretty sure this was a firewall issue (which it might have been in the beginning), but now I am seeing the following:
Although I am able to access the console session on this machine remotely (using the "admin" switch"), NO OTHER USERS (not even my Domain Admin account) are able to log onto this terminal server. Any attempt to RDP to this machine (other than session "0") by anyone produces the Logon Message below (we've all seen this one before):
"To log onto this remote computer, you must have Terminal Server Access permissions on this computer" ...... If you are not a member of the Remote Desktop User group.... " Etc.
I've checked the local Remote Desktop Users group and nothing there has changed from when it was working previously.
I've also checked the following:
*Terminal Services Configuration\Connections -- RDP-Tcp properties ¦ Permissions Tab: --> I added both a local and domain user explicitly and enabled full control but it still does not work
*Checked the Local Security Settings ¦ Allow log on through Terminal Services --> The Remote Desktop Users group is present and the proper domain and local user(s) group(s) have been added but still no dice
*I've checked the domain GPOs and none of these should be blocking user access (like I said, nothing was changed, the problem "just started happening". Very bizarre.)
I'm not sure where else to look.
Any ideas?
ASKER
Sorry, I should have mentioned that I rebooted the server - twice. No change.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I appreciate all of the helpful comments. In the end, we discovered that the firewall lost one of its rules (don't ask me how) and was filtering traffic to the Licensing Server. After re-establishing communications with it, a reboot of the Terminal Server solved our problems.<br /><br />Thanks to everyone. -j
Cheers,