RDP Issue with Domain Admin Account on A Domain Controller

  • Thread starter Thread starter Rashid
  • Start date Start date
R

Rashid

Guest
I was using a tool "fix" vulnerabilities on my system. Normally, on member
servers, I back out the tools terminal server related "fixes" with changes to
the registry. However, this time, it doesn't appear to be working.

I am unable to logon to one domain controller using RDP with THE domain
admin account. The local registry settings are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"Shadow"=dword:00000000
"fAllowToGetHelp"=dword:00000000
"fWritableTSCCPermTab"=dword:00000000
"MinEncryptionLevel"=dword:00000003
"DeleteTempDirsOnExit"=dword:00000001
"fResetBroken"=dword:00000001
"fAllowUnsolicited"=dword:00000000
"fEncryptRPCTraffic"=dword:00000001

The Default Domain Controller Security Policy for Terminal Serives is Not
Defined for both Allow and Deny. I did try to specifically set an Allow but
it had no effect so I backed it out. The Domain Security Policy is also Not
Defined and has never been touched.

I have looked over other similair posts but none seem to be 100% relevant or
work for me. Any suggestions?
 
Re: RDP Issue with Domain Admin Account on A Domain Controller

What error message do you get when you try to connect?
Can you logon to the console of the DC?
Are there any errors or warnings in the EventLog on the server?
Is the server still configured to allow Remote Desktop for
Administration connections?
Have you checked the security settings on the rdp-tcp connection,
in Terminal Services Configuration?
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?UmFzaGlk?= <Rashid@discussions.microsoft.com> wrote on
11 jun 2008 in microsoft.public.windows.terminal_services:

> I was using a tool "fix" vulnerabilities on my system.
> Normally, on member servers, I back out the tools terminal
> server related "fixes" with changes to the registry. However,
> this time, it doesn't appear to be working.
>
> I am unable to logon to one domain controller using RDP with THE
> domain admin account. The local registry settings are:
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
> NT\Terminal Services] "Shadow"=dword:00000000
> "fAllowToGetHelp"=dword:00000000
> "fWritableTSCCPermTab"=dword:00000000
> "MinEncryptionLevel"=dword:00000003
> "DeleteTempDirsOnExit"=dword:00000001
> "fResetBroken"=dword:00000001
> "fAllowUnsolicited"=dword:00000000
> "fEncryptRPCTraffic"=dword:00000001
>
> The Default Domain Controller Security Policy for Terminal
> Serives is Not Defined for both Allow and Deny. I did try to
> specifically set an Allow but it had no effect so I backed it
> out. The Domain Security Policy is also Not Defined and has
> never been touched.
>
> I have looked over other similair posts but none seem to be 100%
> relevant or work for me. Any suggestions?
 
Re: RDP Issue with Domain Admin Account on A Domain Controller

I apologize for not replying sooner. An even bigger issue took me away from
this one. Now I am returning to it. Good ideas but so far, nothing is
checking out. See my responses below:

> What error message do you get when you try to connect?

Warning Box Title: Logon Message
Warning Box Body: To log on to this remote computer, you must be granted the
Allw log on through Terminal Services right. By default, members of the
Remote Desktop Users group have this right. If youa re not a member of the
Remote Desktop Users group or another group that has this right, or if the
Remote Desktop User group does not have this right, you must be granted this
right manually.

> Can you logon to the console of the DC?

Yes

> Are there any errors or warnings in the EventLog on the server?

There is nothing specific in the System/Application EventLogs. The security
logs of course are full of information because there is extensive auditing
going on but nothing that I can specifically find.

> Is the server still configured to allow Remote Desktop for
> Administration connections?

Yes

> Have you checked the security settings on the rdp-tcp connection,
> in Terminal Services Configuration?

I am not finding any differences in all of the settings for the RDP-TCP
connection that is different from other servers that are working. The
users/rights in the permissions the tab are a match.
 

Similar threads

M
Windows 10 Remote Desktop Not Listening
Replies
0
Views
488
megatc101
M
A
Windows 10 PIN and Fingerprint Sign-in options unavailable (greyed out) in Windows 10 1709 Enterprise.
Replies
0
Views
153
Aamir Siddiqui
A
M
Uac On Windows 2008 : Local Vs Domain
Replies
3
Views
832
ICTCity
ICTCity
M
Windows 2003 Domain Controller Won't Sync Time w/ External Clock
Replies
0
Views
180
Marks70
M
J
Problem with KB article 555540 - Setup strong password policy in Windows XP
Replies
0
Views
88
j-braden@tamu.edu
J
Back
Top