Cannot rdp into Domain controllers

  • Thread starter Thread starter Mike Bannister
  • Start date Start date
M

Mike Bannister

Guest
I had a 2003 domain with a 2003 & 2000 domain controller. I ran dcpromo on
the 2000 box and demoted it to a member server. I then ran adprep /forestprep
on the 2003 domain controller and then I ran dcpromo on a Windows 2003 R2 box
and made it a domain controller.

I can no longer rdp into either domain controller with domain administrator
credentials. I see a security event 534 when I try and I also get this
message interactively:

"To log on to this remote computer, you must be granted the Allow log on
through Terminal Services right. By default, members of the Remote Desktop
Users group have this right. If you are not a member of the Remote Desktop
Users group or another group that has this right, or if the Remote Desktop
User group does not have this right you must be granted this right manually."

--
Mike Bannister
 
Re: Cannot rdp into Domain controllers

Hello Mike,

See inline

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I had a 2003 domain with a 2003 & 2000 domain controller. I ran
> dcpromo on the 2000 box and demoted it to a member server. I then ran
> adprep /forestprep on the 2003 domain controller and then I ran
> dcpromo on a Windows 2003 R2 box and made it a domain controller.

Both DC's where domain controller on the same domainname? Normally it is
not possible to add 2003 DC to 2000 without running adprep /forestprep BEFORE,
so please give more details in which order you started for this. Sound s
for me a bit strange the way you described.

> I can no longer rdp into either domain controller with domain
> administrator credentials.

If the DC was added to the 2000 domain, i assume, before correctly it should
still work. See my other comment above, something strange.

> I see a security event 534 when I try and I
> also get this message interactively:
>
> "To log on to this remote computer, you must be granted the Allow log
> on through Terminal Services right. By default, members of the Remote
> Desktop Users group have this right. If you are not a member of the
> Remote Desktop Users group or another group that has this right, or if
> the Remote Desktop User group does not have this right you must be
> granted this right manually."

Seems that the domain administrator is not able, because of some problems
in the domain configuration.
 
Re: Cannot rdp into Domain controllers

It was and is a 2003 domain which had a 2003 domain controller as well as a
2000 domain controller. I demoted the 2000 box to a member server.

I then ran adprep /forestprep in order to add a Windows 2003 R2 server to
the Windows 2003 domain as a domain controller. It is my understanding that
some schema changes were necessary in order to add an R2 to a 2003 domain.

One other curious side effect is that OWA is not working on the R2 domain
controller which is also running Exchange 2003? When you point browser to
http://servername/exchange it returns an partially constructed page?


--
Mike Bannister


"Meinolf Weber" wrote:

> Hello Mike,
>
> See inline
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > I had a 2003 domain with a 2003 & 2000 domain controller. I ran
> > dcpromo on the 2000 box and demoted it to a member server. I then ran
> > adprep /forestprep on the 2003 domain controller and then I ran
> > dcpromo on a Windows 2003 R2 box and made it a domain controller.
>
> Both DC's where domain controller on the same domainname? Normally it is
> not possible to add 2003 DC to 2000 without running adprep /forestprep BEFORE,
> so please give more details in which order you started for this. Sound s
> for me a bit strange the way you described.
>
> > I can no longer rdp into either domain controller with domain
> > administrator credentials.
>
> If the DC was added to the 2000 domain, i assume, before correctly it should
> still work. See my other comment above, something strange.
>
> > I see a security event 534 when I try and I
> > also get this message interactively:
> >
> > "To log on to this remote computer, you must be granted the Allow log
> > on through Terminal Services right. By default, members of the Remote
> > Desktop Users group have this right. If you are not a member of the
> > Remote Desktop Users group or another group that has this right, or if
> > the Remote Desktop User group does not have this right you must be
> > granted this right manually."
>
> Seems that the domain administrator is not able, because of some problems
> in the domain configuration.
>
>
>
 
Re: Cannot rdp into Domain controllers

Hello Mike,

see inline

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> It was and is a 2003 domain which had a 2003 domain controller as well
> as a 2000 domain controller. I demoted the 2000 box to a member
> server.
>
> I then ran adprep /forestprep in order to add a Windows 2003 R2 server
> to the Windows 2003 domain as a domain controller. It is my
> understanding that some schema changes were necessary in order to add
> an R2 to a 2003 domain.

Didn't realize that you added R2 as DC, you are right, the schema has to
be upgraded to version 31 before. I assume you did also run adprep /domainprep?

> One other curious side effect is that OWA is not working on the R2
> domain controller which is also running Exchange 2003? When you point
> browser to http://servername/exchange it returns an partially
> constructed page?

First, it is not recommended from MS to run Exchange on DC's:
http://technet.microsoft.com/en-us/library/aa997407.aspx

With outlook web access i have no experience, better ask to exchange NG about
this.

> "Meinolf Weber" wrote:
>
>> Hello Mike,
>>
>> See inline
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I had a 2003 domain with a 2003 & 2000 domain controller. I ran
>>> dcpromo on the 2000 box and demoted it to a member server. I then
>>> ran adprep /forestprep on the 2003 domain controller and then I ran
>>> dcpromo on a Windows 2003 R2 box and made it a domain controller.
>>>
>> Both DC's where domain controller on the same domainname? Normally it
>> is not possible to add 2003 DC to 2000 without running adprep
>> /forestprep BEFORE, so please give more details in which order you
>> started for this. Sound s for me a bit strange the way you described.
>>
>>> I can no longer rdp into either domain controller with domain
>>> administrator credentials.
>>>
>> If the DC was added to the 2000 domain, i assume, before correctly it
>> should still work. See my other comment above, something strange.
>>
>>> I see a security event 534 when I try and I
>>> also get this message interactively:
>>> "To log on to this remote computer, you must be granted the Allow
>>> log on through Terminal Services right. By default, members of the
>>> Remote Desktop Users group have this right. If you are not a member
>>> of the Remote Desktop Users group or another group that has this
>>> right, or if the Remote Desktop User group does not have this right
>>> you must be granted this right manually."
>>>
>> Seems that the domain administrator is not able, because of some
>> problems in the domain configuration.
>>
 
Back
Top