Solved

2K8R2 drain mode, cannot chglogon /drain, should we change

Posted on 2014-08-01
4
666 Views
Last Modified: 2014-08-02
Hi,

I'd like to activate drain mode on our terminal servers: http://blogs.msdn.com/b/rds/archive/2007/06/15/introducing-terminal-services-server-drain-mode.aspx

But my policy won't let me to, if I do chglogon /drain it says "connections are currently ENABLED by group policy ... unable to change".

I can set the policy to not configured but I am not eager to, I don't want to impact users.

 located in Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> "Allow users to connect remotely using Remote Desktop Services" –

Have you configured it too and it works correctly?

Pls advise.
J.
0
Comment
Question by:janhoedt
  • 2
4 Comments
 
LVL 15

Expert Comment

by:joharder
ID: 40235567
In order to drain a server, new connections must be disabled .  Otherwise, the two policies would counter each other.

Typically, you would drain a subset of servers at any given time, not all servers.  Thus, users could still logon and do their work, but not on the draining servers.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40235778
You must be having enabled RDP protocol on RD session host servers in system\remote settings and also must be added required users \ groups in Remote Desktop users local group on same server.
So in reality you need to make "Allow users to connect remotely using Remote Desktop Services" GPO setting mentioned in question to "Not Configured"
Then run gpupdate /force on terminal server and run change logon command from elevated command prompt, it should work.
If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet.
Taken from GPO setting description.
0
 

Author Comment

by:janhoedt
ID: 40236098
So changing this policy to not configured won t impact production servers (terminal servers and their connections€ not at all?
Don t get it since the policy need to be there to make terminal services work at all.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40236341
U need to ensure that Remote Desktop is enabled on all RD Session Host Servers and  required users (Domain users built-in group) is added in Remote Desktop Users local group on each server
Then above GPO setting is not required
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question