"Do not have access to logon to this session"

  • Thread starter Thread starter Gregg
  • Start date Start date
G

Gregg

Guest
Howdy!

I have a Windows 2003 R2 domain managed via Group Policy with something over
100 client machines as members. We've recently implemented VPN access and
the long term plan is to implement a solid Terminal Server infrustructure.
In the mean time, though, I'm attempting to get access for folks working
from
home to Remote Desktop on their Windows XP Pro SP2 machines here at the
office. I do have Windows Firewall enabled on the clients here in the
office, which is also managed via Group Policy. I've double and triple
checked policy settings (ports for the firewall, user account flags, & the
policy for Remote desktop itself) but I must be missing something somewhere.

Here's the problem - Users (standard Domain Users in Active Directory) can
connect to the VPN, fire up Remote Desktop and connect\logon to their
machines here at the office on the first try, no problems at all. Upon
finishing up and selecting the "Logoff" option, the Remote Desktop session
on
their end closes as expected - But when any of them attempt to reconnect to
their machines via Remote Desktop again later they get an error stating,
"You
do not have access to logon to this Session". This persists until their
machine here at the office is rebooted. I enabled the "Disconnect" option
via Group Policy and they are then able to disconnect and reconnect for a
period of time - But I really need them to log off the machines when they
are
done so this is a band-aid solution at best.

Checking the process list on the machines when a user logs off remotely
shows that there are two WinLogon.exe processes running afterward - Is this
causing the Remote Desktop software to get confused in some way? There is
no
"session" I can see beyond this second instance, unless the user uses the
disconnect option - But then they can reconnect just fine.

Any thoughts on the problem would be most welcome!
Thanks!

Gregg Knapp
 
Re: "Do not have access to logon to this session"

So the logoff is not complete, it seems. Have you checked the
EventLog on these clients? Are there any errors or warnings, maybe
related to profile unloading?
Does this also happen when they connect from one XP client to
another inside the office? Just want to rule out the VPN connection
as a factor.

I would enable extra logging on one of these clients:

232575 - How to trace Winlogon activity in Windows Server 2003,
Windows XP, Windows 2000, and Windows NT
http://support.microsoft.com/?kbid=232575

221833 - How to enable user environment debug logging in retail
builds of Windows
http://support.microsoft.com/?kbid=221833

And if that doesn't solve it, maybe install UPHClean as well.
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-
8912-4E18-B570-42470E2F3582
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

"Gregg" <none@fake.com> wrote on 05 nov 2007 in
microsoft.public.windows.terminal_services:

> Howdy!
>
> I have a Windows 2003 R2 domain managed via Group Policy with
> something over 100 client machines as members. We've recently
> implemented VPN access and the long term plan is to implement a
> solid Terminal Server infrustructure. In the mean time, though,
> I'm attempting to get access for folks working from
> home to Remote Desktop on their Windows XP Pro SP2 machines here
> at the office. I do have Windows Firewall enabled on the
> clients here in the office, which is also managed via Group
> Policy. I've double and triple checked policy settings (ports
> for the firewall, user account flags, & the policy for Remote
> desktop itself) but I must be missing something somewhere.
>
> Here's the problem - Users (standard Domain Users in Active
> Directory) can connect to the VPN, fire up Remote Desktop and
> connect\logon to their machines here at the office on the first
> try, no problems at all. Upon finishing up and selecting the
> "Logoff" option, the Remote Desktop session on
> their end closes as expected - But when any of them attempt to
> reconnect to their machines via Remote Desktop again later they
> get an error stating, "You
> do not have access to logon to this Session". This persists
> until their machine here at the office is rebooted. I enabled
> the "Disconnect" option via Group Policy and they are then able
> to disconnect and reconnect for a period of time - But I really
> need them to log off the machines when they are
> done so this is a band-aid solution at best.
>
> Checking the process list on the machines when a user logs off
> remotely shows that there are two WinLogon.exe processes running
> afterward - Is this causing the Remote Desktop software to get
> confused in some way? There is no
> "session" I can see beyond this second instance, unless the user
> uses the disconnect option - But then they can reconnect just
> fine.
>
> Any thoughts on the problem would be most welcome!
> Thanks!
>
> Gregg Knapp
 
Re: "Do not have access to logon to this session"

I haven't noticed anything unusual in the Event Logs on any of
the clients as of yet, but it is a problem on all of them - For
troubleshooting purposes I tried having different users logon to
different machines and ended up with the same results. I'll
make a point to poke through the logs on a number of machines
again today\tomorrow just to be sure.

The UPHClean utility is actually a good idea - I'll try that out
tomorrow and post the results back here. Hopefully that'll
fix me up. Thanks for the reply! I appriciate the assist.

Gregg
Web\Systems Admin
U.S. Courts

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
news:Xns99DFE1108889Everanoesthemutforsse@207.46.248.16...
> So the logoff is not complete, it seems. Have you checked the
> EventLog on these clients? Are there any errors or warnings, maybe
> related to profile unloading?
> Does this also happen when they connect from one XP client to
> another inside the office? Just want to rule out the VPN connection
> as a factor.
>
> I would enable extra logging on one of these clients:
>
> 232575 - How to trace Winlogon activity in Windows Server 2003,
> Windows XP, Windows 2000, and Windows NT
> http://support.microsoft.com/?kbid=232575
>
> 221833 - How to enable user environment debug logging in retail
> builds of Windows
> http://support.microsoft.com/?kbid=221833
>
> And if that doesn't solve it, maybe install UPHClean as well.
> http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-
> 8912-4E18-B570-42470E2F3582
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> "Gregg" <none@fake.com> wrote on 05 nov 2007 in
> microsoft.public.windows.terminal_services:
>
>> Howdy!
>>
>> I have a Windows 2003 R2 domain managed via Group Policy with
>> something over 100 client machines as members. We've recently
>> implemented VPN access and the long term plan is to implement a
>> solid Terminal Server infrustructure. In the mean time, though,
>> I'm attempting to get access for folks working from
>> home to Remote Desktop on their Windows XP Pro SP2 machines here
>> at the office. I do have Windows Firewall enabled on the
>> clients here in the office, which is also managed via Group
>> Policy. I've double and triple checked policy settings (ports
>> for the firewall, user account flags, & the policy for Remote
>> desktop itself) but I must be missing something somewhere.
>>
>> Here's the problem - Users (standard Domain Users in Active
>> Directory) can connect to the VPN, fire up Remote Desktop and
>> connect\logon to their machines here at the office on the first
>> try, no problems at all. Upon finishing up and selecting the
>> "Logoff" option, the Remote Desktop session on
>> their end closes as expected - But when any of them attempt to
>> reconnect to their machines via Remote Desktop again later they
>> get an error stating, "You
>> do not have access to logon to this Session". This persists
>> until their machine here at the office is rebooted. I enabled
>> the "Disconnect" option via Group Policy and they are then able
>> to disconnect and reconnect for a period of time - But I really
>> need them to log off the machines when they are
>> done so this is a band-aid solution at best.
>>
>> Checking the process list on the machines when a user logs off
>> remotely shows that there are two WinLogon.exe processes running
>> afterward - Is this causing the Remote Desktop software to get
>> confused in some way? There is no
>> "session" I can see beyond this second instance, unless the user
>> uses the disconnect option - But then they can reconnect just
>> fine.
>>
>> Any thoughts on the problem would be most welcome!
>> Thanks!
>>
>> Gregg Knapp
 
Back
Top