Jump to content

TS NLB name problem

Guest Jeff

By Guest Jeff
in Windows NT Server

 Share

Recommended Posts

Guest Jeff

Guest Jeff

Posted
Posted

I have a NLB cluster name like tsfarm.domain.com with ip of 192.168.1.5 (not

real ip's hehe) that has 4 nodes that are tsfarmA, tsfarmB, etc. A user can

login to each of the nodes without issue since the group the user is in

resides in the Remote Desktop Users in the local group of each node. When

the user tries to log into the tsfarm.domain.com virtual it says that the

user has to be granted remote terminal access and shuts down. As a domain

admin I can connect to the virtual without issue.

 

Why can't the user authenticate to the farm name when the same user can

authenticate without incident on each of the nodes in the farm?? Is there

permissions I can set on the virtual??

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Jeff

Guest Jeff

Posted
Posted

RE: TS NLB name problem

 

OK, I found the answer. Not only do you have to add the users, as usual, to

the local Remote Desktop Users but you ALSO have to manually add the local

Remote Desktop Users group to the actual Terminal Services RDP Listener

permissions as users on all nodes for the farm to respond normally.

 

 

 

"Jeff" wrote:

> I have a NLB cluster name like tsfarm.domain.com with ip of 192.168.1.5 (not

> real ip's hehe) that has 4 nodes that are tsfarmA, tsfarmB, etc. A user can

> login to each of the nodes without issue since the group the user is in

> resides in the Remote Desktop Users in the local group of each node. When

> the user tries to log into the tsfarm.domain.com virtual it says that the

> user has to be granted remote terminal access and shuts down. As a domain

> admin I can connect to the virtual without issue.

>

> Why can't the user authenticate to the farm name when the same user can

> authenticate without incident on each of the nodes in the farm?? Is there

> permissions I can set on the virtual??

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

RE: TS NLB name problem

 

In normal cases, this isn't necessary, because the Remote Desktop

Users group has this permission by default.

But I'm glad that you have solved your problem!

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

=?Utf-8?B?SmVmZg==?= <Jeff@discussions.microsoft.com> wrote on 19

jul 2007 in microsoft.public.windows.terminal_services:

> OK, I found the answer. Not only do you have to add the users,

> as usual, to the local Remote Desktop Users but you ALSO have to

> manually add the local Remote Desktop Users group to the actual

> Terminal Services RDP Listener permissions as users on all nodes

> for the farm to respond normally.

>

>

>

> "Jeff" wrote:

>

>> I have a NLB cluster name like tsfarm.domain.com with ip of

>> 192.168.1.5 (not real ip's hehe) that has 4 nodes that are

>> tsfarmA, tsfarmB, etc. A user can login to each of the nodes

>> without issue since the group the user is in resides in the

>> Remote Desktop Users in the local group of each node. When

>> the user tries to log into the tsfarm.domain.com virtual it

>> says that the user has to be granted remote terminal access and

>> shuts down. As a domain admin I can connect to the virtual

>> without issue.

>>

>> Why can't the user authenticate to the farm name when the same

>> user can authenticate without incident on each of the nodes in

>> the farm?? Is there permissions I can set on the virtual??

Guest Jeff

Guest Jeff

Posted
Posted

RE: TS NLB name problem

 

Vera,

You are correct on this. What is odd is that this wasn't necessary when

users were using RDP 5.1 or 5.2 but when I implemented RDP 6 all stopped

working until I made this change. It was quite odd I thought.

 

I noticed my listener on my nodes is 5.2, is there a version 6 listener? or

if there is could this possibly be an issue?

 

"Vera Noest [MVP]" wrote:

> In normal cases, this isn't necessary, because the Remote Desktop

> Users group has this permission by default.

> But I'm glad that you have solved your problem!

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> =?Utf-8?B?SmVmZg==?= <Jeff@discussions.microsoft.com> wrote on 19

> jul 2007 in microsoft.public.windows.terminal_services:

>

> > OK, I found the answer. Not only do you have to add the users,

> > as usual, to the local Remote Desktop Users but you ALSO have to

> > manually add the local Remote Desktop Users group to the actual

> > Terminal Services RDP Listener permissions as users on all nodes

> > for the farm to respond normally.

> >

> >

> >

> > "Jeff" wrote:

> >

> >> I have a NLB cluster name like tsfarm.domain.com with ip of

> >> 192.168.1.5 (not real ip's hehe) that has 4 nodes that are

> >> tsfarmA, tsfarmB, etc. A user can login to each of the nodes

> >> without issue since the group the user is in resides in the

> >> Remote Desktop Users in the local group of each node. When

> >> the user tries to log into the tsfarm.domain.com virtual it

> >> says that the user has to be granted remote terminal access and

> >> shuts down. As a domain admin I can connect to the virtual

> >> without issue.

> >>

> >> Why can't the user authenticate to the farm name when the same

> >> user can authenticate without incident on each of the nodes in

> >> the farm?? Is there permissions I can set on the virtual??

>

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

RE: TS NLB name problem

 

No, you can't update Terminal Services on a Windows 2003 server to

use rdp version 6. You'll have to wait for Server 2008 (aka

Longhorn).

 

It's beyond me how using an rdp 6 client can remove the "Remote

Desktop Users" group from the rdp-tcp permissions on the server,

but I guess that stranger things have happened... :-)

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

=?Utf-8?B?SmVmZg==?= <Jeff@discussions.microsoft.com> wrote on 20

jul 2007 in microsoft.public.windows.terminal_services:

> Vera,

> You are correct on this. What is odd is that this wasn't

> necessary when users were using RDP 5.1 or 5.2 but when I

> implemented RDP 6 all stopped working until I made this change.

> It was quite odd I thought.

>

> I noticed my listener on my nodes is 5.2, is there a version 6

> listener? or if there is could this possibly be an issue?

>

> "Vera Noest [MVP]" wrote:

>

>> In normal cases, this isn't necessary, because the Remote

>> Desktop Users group has this permission by default.

>> But I'm glad that you have solved your problem!

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> =?Utf-8?B?SmVmZg==?= <Jeff@discussions.microsoft.com> wrote on

>> 19 jul 2007 in microsoft.public.windows.terminal_services:

>>

>> > OK, I found the answer. Not only do you have to add the

>> > users, as usual, to the local Remote Desktop Users but you

>> > ALSO have to manually add the local Remote Desktop Users

>> > group to the actual Terminal Services RDP Listener

>> > permissions as users on all nodes for the farm to respond

>> > normally.

>> >

>> >

>> >

>> > "Jeff" wrote:

>> >

>> >> I have a NLB cluster name like tsfarm.domain.com with ip of

>> >> 192.168.1.5 (not real ip's hehe) that has 4 nodes that are

>> >> tsfarmA, tsfarmB, etc. A user can login to each of the

>> >> nodes without issue since the group the user is in resides

>> >> in the Remote Desktop Users in the local group of each node.

>> >> When the user tries to log into the tsfarm.domain.com

>> >> virtual it says that the user has to be granted remote

>> >> terminal access and shuts down. As a domain admin I can

>> >> connect to the virtual without issue.

>> >>

>> >> Why can't the user authenticate to the farm name when the

>> >> same user can authenticate without incident on each of the

>> >> nodes in the farm?? Is there permissions I can set on the

>> >> virtual??

 Share
Go to topic listing
×
×
  • Create New...