1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Terminal Server Nightmare!!

Discussion in 'Windows Server 2003 / 2008 / 2012 / 2016' started by hayden101, Mar 16, 2012.

Click here to banish ads and support Certforums by becoming a Premium Member
  1. hayden101

    hayden101 Bit Poster

    Evening guys and gals!!!

    I’m studying for the 70-290 exam and I have a question I’d like to pick your teccy minds about. But I don’t want you to tell me the answer.

    I have Terminal Server installed on a member server and I am using a domain user account to attempt to connect to TS on the member server...problem is I keep receiving:

    "To log on to this remote computer, you must have Terminal Server User Access Permissions on this computer. By default, members of the Remote Desktop group have these permissions. If you are not a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually."

    Lab set up as follows:
    1 X Domain Controller (Server01)
    1 X Member Server (Server02)
    1 X XP Client (XP)
    I have installed Terminal Server on the member server.

    The domain user account I am using to log on through TS is a member of:
    • Domain “Remote Desktop User Group”
    • Member Servers local “Remote Desktop User Group”

    I have edited the domain GP “User Rights Assignment”, “Allow log on through Terminal Services” as shown:


    I also have a Domain admin user account that also receives the same error.

    I have spent a good 10 hours this week trying to resolve this issue in different ways by creating different groups and adding user accounts to them etc all to no avail. I am starting to get a bit wound up by it. I would like to know if I have missed a key step in setting this up or if there is some bug that needs an update. Also I have not download any updates from MS as this lab is a clean setup with no internet access and i don’t want to do any updates yet.

    Have i missed anything?
    Last edited: Mar 16, 2012
    Certifications: MCP, MCDST
    WIP: 70-290, 70-291
  2. hayden101

    hayden101 Bit Poster

    The picture that will not upload should show the following groups that are members of the "Allow log on through Terminal Services":

    CONTOSO\Domain Admins
    Remote Desktop Users
    Certifications: MCP, MCDST
    WIP: 70-290, 70-291
  3. ade1982

    ade1982 Megabyte Poster

    Had the same problem in work. If you don't want the actual answer, looking through various Group Policy options would help you :)

    edit: just read you have done that. Try explicitly stating an account you want to work, and see what happens.
  4. hayden101

    hayden101 Bit Poster

    I've just realised something. The member server (server2) was installed back in August 2011. Microsoft let's you TS for a 120 days before asking for a TS licensing server and from my understanding that 120 days start the day you install TS on the server. Now I only installed TS on the member server about 7 days ago so I should still have 113 days left. I am wondering if the 120 starts from the day I installed the OS and not the day I installed TS. Is there anyway to check how many days I have left in using TS before the 120 days are up? Also if I have passed the 120 day grace period, would I not receive an error message stating that when I attempt to connect to TS on the member server?
    Certifications: MCP, MCDST
    WIP: 70-290, 70-291
  5. dales

    dales Terabyte Poster

    The 120 days starts from the day you install the TS server role, If I'm reading this right then the groups are dangling .......
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  6. hayden101

    hayden101 Bit Poster

    Thank you ade1982 and dales for the comments, it really is appreciated!!

    Well...it’s now working...not sure how which is rather worrying!

    What did I do? Well I started over again:

    • Clean install of Server 2003 on the member server.
    • Installed TS
    • Checked the member server's local security policy to make sure the “Remote Desktop User” group is in the “Allow log on through Terminal Services”, which it is as it’s managed by the domain security policy which had the “Remote Desktop User” group in it.
    • Added one basic domain user account to the member server’s local “Remote Desktop User” group.

    After this I managed to log on to the member server without any problems.

    Now I carried out these exact steps before with the only difference being a 6 month gap between installing the OS and then installing TS.

    The mind boggles!!!!!
    Last edited: Mar 18, 2012
    Certifications: MCP, MCDST
    WIP: 70-290, 70-291

Share This Page