• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7976
  • Last Modified:

Windows server 2012 R2 Domain accounts can not Remote desktop

Hello.  I just added my first windows server 2012 r2 into my network.  I allowed remote connections but can only use the local admin account to connect.  It will not accept any domain accounts.  I did join the server to the domain.  I also added the domain admin accounts to the remote desktop local groups and also the administrators local group.  When I try to RDP into it, it does not allow.  I can however use the local admin account of the server.

What also is strange.  When I use the HP lights out remote console, I am able to login using the domain admin accounts.  Looks like it is a remote desktop issue.

Thank you
0
bidgadget
Asked:
bidgadget
1 Solution
 
Jason WatkinsIT Project LeaderCommented:
Could you check the local GPO and see which user/group is "allowed logon through terminal services"? Sounds like the only user allowed through that method is the local admin.
0
 
Arjun VyavahareTechnical ConsultantCommented:
Can you please check your machine's date and time and remote server's date and time which you want to take RDP.

Regards,
Arjun
0
 
marek1712Commented:
Not sure when but if the server is DC it only allows to log in into RDP if user is added in the GPO section (not in the System porperties window). So add it in GPO. The policy is called: Allow log on through Remote Desktop Services.
0
 
hecgomrecCommented:
Here is my professional opinion on this.

Despite what Microsoft intensions are with the Remote Services, there is a growing issue among IT people that is hard to get at the beginning and I personally thing is because the lack of information about the three options available to remotely access a machine (server or not).  Which bring me to the point that no one... no one for any reason besides IT staff should ever log to server locally or remotely.


1. RDS - REMOTE DESKTOP SERVICES is a set of roles and features that will install security, policies and an authentication server and a license server for those who wants to connect.  Here you will need to expand your knowledge about Terminal Services to another level and once you get it installed you will have a grace period to buy your licences and you will no longer after that period able to use RDC to the server you installed these services.  I discover this when I installed Remote Desktop Web Access (RD Web Access).

2. RD Web Access - REMOTE DESKTOP WEB ACCESS, formerly Terminal Services Web Access (TS Web Access) is the service/role that will allow you to set a website access for your clients to get to their Computer Desktop, Virtual Desktop, a set applications or all of the above.  Here, you most install an RD Gateway to authenticate the users.

RD Gateway is a Service/role that will hold a set of rules/policies for the connection authorization and resources a group or a single client has access to.  This could be any server on your organization.

3. RDC -  REMOTE DESKTOP CONNECTION is a connection establish to a machine on a LAN or WAN (RD Gateway can be uses here too) as long as you know either the name or the IP address of the machine.  Here, the user who wants to connect most be certain that his username is previously authorized on the machine, not as a local user but granted permission to connect remotely even if he/she is already a local user and is logged to the target machine.

To achieve this connection, you most go into remote settings on the target computer (WKs or Server) and give permissions to all desired users (hope they all IT guys!)

Note: This option may not allow "switch user" and close the actual logged connection on the target computer.


Sorry I know is long but I hope it helps..... you can always RDC to a machine using the "/admin" after the machine name to log to a server with RDS installed.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now