Solved

Unable to RDP to a W2k3 Server after joining the domain.

Posted on 2013-12-24
12
781 Views
Last Modified: 2014-01-31
We rename a Windows 2003 server and join it to the domain from workgroup.  When I login as a domain user, I am getting a message - Please see the screen shot.

I have already make sure the user belongs to the local Remote Desktop Users group which has permission to remote in.  Both TS Licensing and Terminal Services are running.  

I was able to RDP to it when It

Please advise what else to check.  

Thanks.
TS-Error.bmp
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +3
12 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39738269
Try adding the user to the Remote Desktop Users group in Active Directory.
0
 
LVL 1

Expert Comment

by:MohanrajM
ID: 39738296
User is having admin rights or not?...check with the other server with the user account so that you will know there is a issue with access not with server.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39738446
Just check if you have set any GPO which having following user rights enabled for this server:
"Allow logon through terminal services"
If that's the case, you must have configured some domain groups there which can access server remotely
Just add user to that group and check

Mahesh
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 3

Expert Comment

by:Detlef001
ID: 39738570
Have you tried to turn the firewall off on both machines to see if that works?

Moreover please try to create a new user and connect .

Thanks.
0
 

Author Comment

by:nav2567
ID: 39738797
The domain admin accounts can RDP.  Domain users cannot.

I will double check what you have suggested to check and update later.

Merry Christmas, everyone!
0
 

Author Comment

by:nav2567
ID: 39739566
Mahesh, allow logon through terminal services has already been granted to all domain users.
Detlef001, firewall is off already..

Not sure what sure to try.

Thanks for the feed back.
0
 

Author Comment

by:nav2567
ID: 39739573
As mentioned, the server was renamed before joining the domain.  Do you think that is the cause of what is happening?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39739737
On windows 2003 server, navigate to terminal services configuration->rdp-tcp->properties->permissions tab
and add "Domain Users" to the permissions tab and please check

Mahesh
0
 
LVL 8

Accepted Solution

by:
Ratnesh Mishra earned 500 total points
ID: 39743462
What I understood so far :-
1. Before joining domain ,you renamed Windows 2003.
2. Domain users are unable to take RDP but Domain Admins can take RDP although Domain user belongs to local Remote Desktop group.
3. Firewall is off.

Please try these steps :-
Make it sure Terminal services are configured on the Windows 2003 server.

Action Plan 01 :
Create a new user and try to take RDP to Windows 2003 server . Are we able to login if not whats the error ?

Action Plan 02 :
Add a single domain user on windows 2003 server to take RDP  and take RDP locally on the same server by trying mstsc. Are we able to login if not whats the error ?

Action Plan 03 :
Since Domain Admin has no issue only domain users have this issue , please create a seperate Organizational Unit and put a domain user in that OU which doesnot inherit the group policy i.e no GP applied on that OU . Now try to take RDP of Windows 2003 TS ?

Action Plan 04 :
http://technet.microsoft.com/en-us/library/cc781509(WS.10).aspx follow this article to allow log on through terminal services

Apart from this can you please provide us the all properties of RDP-tcp as snapshot which is in tscc [terminal services configuration connection]
0
 

Author Comment

by:nav2567
ID: 39778337
Ratnesh,

The error message is "To log on to this remote computer, you mush have terminal server user access permission on this cojputer.  By default, members of the remote desktop group have these permissions.  If you are not a member of the remote desktop user group......"

I have already followed your suggestions in bullet 2, 3, 4 but same result.  I still cannot login.  

RDP-TCP properties security permission already shown local Remote Desktop Users group is included.  The local Remote Desktop group does include the domain users group.  

Sorry, I do not want to send a sceenshot over the internet.  

Thanks for your feedback.
0
 
LVL 8

Expert Comment

by:Ratnesh Mishra
ID: 39779806
What about step 1 , did you created a new user in seperate OU with no inheritance properties and that OU should not have any GP applied on it . Add that user to RD group or you can add it especially on the RDS machine. Check if it works or not.

Oh my bad , Did you mentioned that the role was already installed on the machine and later you joined the domain. If that so , its not the right approach. Add machine as member server and then add the role on it.
0
 

Author Closing Comment

by:nav2567
ID: 39825455
Sorry, I have tried that but they just don't work.  I will have to revisit the issue later.

Thanks.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
BgInfo help 5 65
Unable to hit site 2 30
Determine what is creating a pagefile.sys file? 33 56
Time server on domain 3 24
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question