[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 895
  • Last Modified:

2K8R2 drain mode, cannot chglogon /drain, should we change

Hi,

I'd like to activate drain mode on our terminal servers: http://blogs.msdn.com/b/rds/archive/2007/06/15/introducing-terminal-services-server-drain-mode.aspx

But my policy won't let me to, if I do chglogon /drain it says "connections are currently ENABLED by group policy ... unable to change".

I can set the policy to not configured but I am not eager to, I don't want to impact users.

 located in Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> "Allow users to connect remotely using Remote Desktop Services" –

Have you configured it too and it works correctly?

Pls advise.
J.
0
janhoedt
Asked:
janhoedt
  • 2
1 Solution
 
joharderCommented:
In order to drain a server, new connections must be disabled .  Otherwise, the two policies would counter each other.

Typically, you would drain a subset of servers at any given time, not all servers.  Thus, users could still logon and do their work, but not on the draining servers.
0
 
MaheshArchitectCommented:
You must be having enabled RDP protocol on RD session host servers in system\remote settings and also must be added required users \ groups in Remote Desktop users local group on same server.
So in reality you need to make "Allow users to connect remotely using Remote Desktop Services" GPO setting mentioned in question to "Not Configured"
Then run gpupdate /force on terminal server and run change logon command from elevated command prompt, it should work.
If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet.
Taken from GPO setting description.
0
 
janhoedtAuthor Commented:
So changing this policy to not configured won t impact production servers (terminal servers and their connections€ not at all?
Don t get it since the policy need to be there to make terminal services work at all.
0
 
MaheshArchitectCommented:
U need to ensure that Remote Desktop is enabled on all RD Session Host Servers and  required users (Domain users built-in group) is added in Remote Desktop Users local group on each server
Then above GPO setting is not required
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now