Login Failure Remote Desktop Services

New server 2012 installation. Terminal Services (unlicensed) for now but will be later. I can login as the user locally but not remotely. I have "log on control" in active directory setup with the new server as well as the old ones. If I remove this restriction and not prevent logon using this I can login fine. The name is set correctly for both the new and old. I get the following showing in the event log:

Failure Information:
      Failure Reason:            User not allowed to logon at this computer.
      Status:                  0xC000006E
      Sub Status:            0xC0000070

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -


Has anyone seen this before?
LVL 1
Ryan RoodAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Can you specify where this setting is in Active Directory that you are talking about?

Will.
Ryan RoodAuthor Commented:
In Active Directory Users and Computers, User properties, Account tab, "Log On To...". I specify specific computers certain users are allowed to log on to.
Will SzymkowskiSenior Solution ArchitectCommented:
Ahh ok that setting.

So when you add a machine to a specific users account they are still denied access?

Does this happen for any users you create? Do you also have Log on Hours restriction enabled?

Will.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Ryan RoodAuthor Commented:
It is happening to non administrative users/users that do not have a logon restriction configured. Yes hours of use are in place but the users can logon to the current server (2008 TS).
Will SzymkowskiSenior Solution ArchitectCommented:
Users that want to remote in to a server and they are NOT administrators they need to be part of the Remote Desktop Users Group on the local server. Once they are added to this group they will be able to logon remotely to this server.

Will.
Ryan RoodAuthor Commented:
Yes - that is correct. All users are already a member of this group.
Will SzymkowskiSenior Solution ArchitectCommented:
Does this happen for all computers that the user is logging into? Have you checked Group Policy to see what is being applied for this user?

Will.
Ryan RoodAuthor Commented:
The user is a generic user that is only allowed to log on to one computer. I am prepping the next generation of computer that it will be logging in to. The new "computer" is in the same OU as the previous one. The user is able to log in to the previous server but not the new one. The user can log in locally to the "computer" but not remotely. If I disable the restrictions in Active Directory it will allow the user to log on remotely.
Will SzymkowskiSenior Solution ArchitectCommented:
Very weird. I cannot say that i have seen this. I will see if i can re-produce this in my lab and post back.

Will.
Ryan RoodAuthor Commented:
As it turns out ... there is a known issue in Windows Server 2012 and the host names it uses to control logins. It would appear that I needed to add my personal PC name that I was connecting from in order to allow this login to occur. This makes no sense but it is known. It is discussed here: https://social.technet.microsoft.com/Forums/windows/en-US/fab6f026-86c2-47e0-b485-2ac40623051f/remote-desktop-denies-login?forum=w8itprosecurity

At this time I am not sure what the fix is ... I am working around the issue by ensuring the PC/Terminal names are all proper and will be added to each users that is logging in.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ryan RoodAuthor Commented:
No real resolution, just a work around.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.