Domain Controllers no longer acceptioning RDP sessions

  • Thread starter Thread starter jaredhattaway
  • Start date Start date
J

jaredhattaway

Guest
Since last weeks set of patches none of the Domain Admins have been able to
log onto any of the 15 domain controllers using RDP.

The error message when trying to logon:

"To log on to this remote computer, you must be granted the Allow log on
through Terminal Services right. By default, members of the Remote Desktop
Users group have this right. If you are not a member of the Remote Desktop
Users group or another group that has this right, or if the Remote Desktop
User group does not have this right, you must be granted this right manually"

Remote Desktop is enabled.

I have disabled and re-enabled the service as well as manually added the
Domain Admins group and then individual accounts to the Remote Desktop Users
group nothing.

No firewall changes have happened either.

I have not yet rolled back any patches to see if that fixes the problem.

Any ideas?

Thanks,

Jared
 
Re: Domain Controllers no longer acceptioning RDP sessions

Does this happen on DC's only? Did you patch any member servers
(which are not Terminal Servers), and can you still connect to them
with rdp?
Have you checked the permissions on the rdp-tcp connection, in
Terminal Services Connection Configuration?
You could try on one of these DC's to delete the rdp-tcp connection
completely, and then create a new one, since they sometimes become
corrupt (but hardly on 15 servers simultaneously). That should give
you the default permissions.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?amFyZWRoYXR0YXdheQ==?=
<jaredhattaway@discussions.microsoft.com> wrote on 19 nov 2007 in
microsoft.public.windows.terminal_services:

> Since last weeks set of patches none of the Domain Admins have
> been able to log onto any of the 15 domain controllers using
> RDP.
>
> The error message when trying to logon:
>
> "To log on to this remote computer, you must be granted the
> Allow log on through Terminal Services right. By default,
> members of the Remote Desktop Users group have this right. If
> you are not a member of the Remote Desktop Users group or
> another group that has this right, or if the Remote Desktop User
> group does not have this right, you must be granted this right
> manually"
>
> Remote Desktop is enabled.
>
> I have disabled and re-enabled the service as well as manually
> added the Domain Admins group and then individual accounts to
> the Remote Desktop Users group nothing.
>
> No firewall changes have happened either.
>
> I have not yet rolled back any patches to see if that fixes the
> problem.
>
> Any ideas?
>
> Thanks,
>
> Jared
 
RE: Domain Controllers no longer acceptioning RDP sessions

My apologies... this was not a Microsoft problem.

A new admin made a change to the Default DC Policy preventing access.

I will go back to putting salve on my forehead from hitting it against the
wall.

-Jared
 
Back
Top