unable to log onto a domain controller using RDP

I have tried the suggestion form  the forums and nothing has worked. I was able to RDP to the domain controller with no issues a couple of days ago.
now I am getting this error
"To log on to this remote computer, you must be granted the allow log on through Terminal Services right. By default, members of the Remote Desktop User group have this right."

modifying the group policy and the local security policy has not corrected the issue.

Please advise.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NVITEnd-user supportCommented:
after modifying the gp, have you run GPUPDATE /F on the server you are trying to access?
Will SzymkowskiSenior Solution ArchitectCommented:
Have you been removed from the domain admins group? Is RDP configured on the server?

Do you get this issues trying to remote into any other DC's?

SCFHPAuthor Commented:
I have not been removed from the DA group as I am able to RDP into one of the 3 DC's also RDP has been configured on the server as I was able to rdp a few days ago with no issues.

DC1 and DC3 are physical DC2 is virtual and I can log into DC2 with no issues.

I even tried adding the RDS config Host role and although not recommended it did not make a difference. the other thing that is interesting is no patches or changes have been performed on these 2 DC's. I have removed the RDSH role from the DC. to put things back the way they were
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Will SzymkowskiSenior Solution ArchitectCommented:
Are all of the appropriate services running/started on the Domain controllers? Have you checked replication and the DC health?

Also have you been able to reboot the DC's to see if that makes any difference?

SCFHPAuthor Commented:

thank you for the replies. I was able to resolve the issue. I am not sure how this happened but the deny RDP login local secpol setting had domain users listed there on both DC's. I removed that and put guests sec group there instead and I am able to now log into both DC's with no issues.. has anyone heard of this happening in their network if so do you know how that got changed. nopatches or any updates wee installed on the DC's that could have caused this. weird !!!!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
The only way you will be able to find out what changed this setting would be if you have auditing enabled. Otherwise you will not be able to find out.

SCFHPAuthor Commented:
I removed the domain users from the deny secpol setting under local policies - user rights assignment \deny log on through remote desktop and put the guests group there.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.