Solved

Windows server 2012 R2  Domain accounts can not Remote desktop

Posted on 2014-02-19
5
7,495 Views
Last Modified: 2014-03-17
Hello.  I just added my first windows server 2012 r2 into my network.  I allowed remote connections but can only use the local admin account to connect.  It will not accept any domain accounts.  I did join the server to the domain.  I also added the domain admin accounts to the remote desktop local groups and also the administrators local group.  When I try to RDP into it, it does not allow.  I can however use the local admin account of the server.

What also is strange.  When I use the HP lights out remote console, I am able to login using the domain admin accounts.  Looks like it is a remote desktop issue.

Thank you
0
Comment
Question by:bidgadget
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39870382
Could you check the local GPO and see which user/group is "allowed logon through terminal services"? Sounds like the only user allowed through that method is the local admin.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 39870444
0
 
LVL 5

Expert Comment

by:Arjun Vyavahare
ID: 39872610
Can you please check your machine's date and time and remote server's date and time which you want to take RDP.

Regards,
Arjun
0
 
LVL 11

Expert Comment

by:marek1712
ID: 39872711
Not sure when but if the server is DC it only allows to log in into RDP if user is added in the GPO section (not in the System porperties window). So add it in GPO. The policy is called: Allow log on through Remote Desktop Services.
0
 
LVL 11

Accepted Solution

by:
hecgomrec earned 500 total points
ID: 39873540
Here is my professional opinion on this.

Despite what Microsoft intensions are with the Remote Services, there is a growing issue among IT people that is hard to get at the beginning and I personally thing is because the lack of information about the three options available to remotely access a machine (server or not).  Which bring me to the point that no one... no one for any reason besides IT staff should ever log to server locally or remotely.


1. RDS - REMOTE DESKTOP SERVICES is a set of roles and features that will install security, policies and an authentication server and a license server for those who wants to connect.  Here you will need to expand your knowledge about Terminal Services to another level and once you get it installed you will have a grace period to buy your licences and you will no longer after that period able to use RDC to the server you installed these services.  I discover this when I installed Remote Desktop Web Access (RD Web Access).

2. RD Web Access - REMOTE DESKTOP WEB ACCESS, formerly Terminal Services Web Access (TS Web Access) is the service/role that will allow you to set a website access for your clients to get to their Computer Desktop, Virtual Desktop, a set applications or all of the above.  Here, you most install an RD Gateway to authenticate the users.

RD Gateway is a Service/role that will hold a set of rules/policies for the connection authorization and resources a group or a single client has access to.  This could be any server on your organization.

3. RDC -  REMOTE DESKTOP CONNECTION is a connection establish to a machine on a LAN or WAN (RD Gateway can be uses here too) as long as you know either the name or the IP address of the machine.  Here, the user who wants to connect most be certain that his username is previously authorized on the machine, not as a local user but granted permission to connect remotely even if he/she is already a local user and is logged to the target machine.

To achieve this connection, you most go into remote settings on the target computer (WKs or Server) and give permissions to all desired users (hope they all IT guys!)

Note: This option may not allow "switch user" and close the actual logged connection on the target computer.


Sorry I know is long but I hope it helps..... you can always RDC to a machine using the "/admin" after the machine name to log to a server with RDS installed.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question