using Remote Desktop services error

I just finished configuring my new server with remote desktop services.  I followed this article:
http://www.concurrency.com/blog/rds8-quick-and-easy-remoteapp-on-windows-server-2012/

And at the last step, I'm able to browse to my rdweb directory (https://ts.domain.com/rdweb, but when I click on an application, I get the following error:

rdp error
Even the calculator, any application I click on, I get the same error.
Any idea's on why?
DanNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shahnawaz AhmedTechnical Services SpecialistCommented:
Are you getting any error in the event viewers? Please search Term DD -50 Error in the System logs
0
DanNetwork EngineerAuthor Commented:
no error or warning messages in event log when I try to access it, but I get this informational event every 5 minutes in the application log.

The root\cimv2\rdms namespace is marked with the RequiresEncryption flag. Access to this namespace might be denied if the script or application does not have the appropriate authentication level. Change the authentication level to Pkt_Privacy and run the script or application again.
Event ID: 5605

Can this have anything to do with it?
0
Shahnawaz AhmedTechnical Services SpecialistCommented:
Its not related..

Can you please go to the same problem computer physically and type mstsc in the run and then local host in the RDP window. and try to connect if you can connect locally to the problem machine
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

DanNetwork EngineerAuthor Commented:
It looks like it lets me, but then says "access is denied"
0
Shahnawaz AhmedTechnical Services SpecialistCommented:
Can you please create a local TEST user on the problem machines and then AD LOCAL ADMINISTRATOR group in it and try to login with the help of TEST user once
0
DanNetwork EngineerAuthor Commented:
I created a new user, this is on the domain controller, as the server is a domain controller, then I added the user to the administrators group and the remote desktop users group as well.

Still doesn't work, getting this error message.
rdp error
0
Shahnawaz AhmedTechnical Services SpecialistCommented:
Please add the user in the remote desktop user group. And try
0
DanNetwork EngineerAuthor Commented:
I did that already, I've already added the user there, it's still not working.
0
Shahnawaz AhmedTechnical Services SpecialistCommented:
Please do as mentioned below.

Check the Firewall settings. Turn off Firewall

   Logon to the server locally
    Click Start, Run, type "tscc.msc /s" (without quotation marks) and click OK
    In the Terminal Services Configuration snap-in double-click Connections, then RDP-Tcp in the right pane
    Click the Network Adapter tab, select the correct network adapter and click OK
    Make sure that you can establish an RDP connection to the server

The change takes effect immediately. No need for a restart.
0
DanNetwork EngineerAuthor Commented:
When I run tscc.msc /s  I get the following error:
"windows cannot find tscc.msc.   Make sure you typed hte name correctly, and then try again.

I am running windows server 2012 R2, so not sure if this program perhaps isn't on 2012 R2?
0
Shahnawaz AhmedTechnical Services SpecialistCommented:
Hope you installed remote desktop services from server manager --> Add roles.
Now from your Administrator tools you can fine Terminal Service folder and there is TERMINAL SERVICE CONFIGURATION Manager you can find. then  Click the Network Adapter tab, select the correct network adapter and click OK
    Make sure that you can establish an RDP connection to the server
0
DanNetwork EngineerAuthor Commented:
Wait, I'm a little lost.

So with two different domain admin accounts, I can RDP into the server just fine.

I created a new (third) domain account and that account can't RDP into the server.

So I don't need to install remote desktop services as 2 users can already RDP into the server.
0
Shahnawaz AhmedTechnical Services SpecialistCommented:
Yes, you don't need to install if 2 users are already able to login. So is that issue with 1 user only?
0
DanNetwork EngineerAuthor Commented:
yes, I have one user that can not log in to any of the DCs.

They get the above error message.

Like I said, I have added the user to the domain administrators group, and the domain remote desktop users group as well.

Not sure what else I can do?
0
DanNetwork EngineerAuthor Commented:
Still doesn't work.   I keep on getting the above error message.
0
DanNetwork EngineerAuthor Commented:
I think I figured out the issue, but I can't make any changes.

When I open secpol.msc on the target server, expand Local Policies -> User Rights Assignment and verify that (my user account) is listed under the "Allow log on through Remote Desktop Services", everything is greyed out.  

So how do I make changes to the local security policy?  I'm logged in with a domain account.
local-security-policy.png
0
DanNetwork EngineerAuthor Commented:
Any ideas?
0
DanNetwork EngineerAuthor Commented:
Here's the solution.

Go to start>>run>>gpmc.msc>>Expand Domain>>Expand Domain name>>Domain Controllers>>Right click and Edit the "Default Domain Controller policy">>Computer Configuration>>Policies>>Windows settings>>Security settings>>User rights assignments>>Allow log on through remote desktop services>>Add administrators in it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DanNetwork EngineerAuthor Commented:
I found the answer myself on another post I had that someone else posted.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.