Guest Rene B Posted July 24, 2007 Posted July 24, 2007 Hello everybody, I have problem accessing TS with RDC as any other user diferent than administrator even if the user is part of the administrators group. This is my configuration: MDC Server1 (TS License Server) member server Server2 TS Application mode Licensing: Per User (5 cals installed) Local Policy: Allow log on through Terminal Services = Administrators, Remote Desktop Users User1: member of Domain Users, Remote Desktop User, Administrators User2: member of Domain Users, Remote Desktop User non of the users can access TS remotely, users can login locally on TS What else should I do?
Guest Jeff Pitsch Posted July 24, 2007 Posted July 24, 2007 Re: Just administrator can access TS This is a win2k3 server correct? is it a domain controller? What error message are they receiving when they try to connect? What do the event logs show when they connect? Jeff Pitsch Microsoft MVP - Terminal Server Citrix Technology Professional Provision Networks VIP Forums not enough? Get support from the experts at your business http://jeffpitschconsulting.com Rene B wrote: > Hello everybody, > > I have problem accessing TS with RDC as any other user diferent than > administrator even if the user is part of the administrators group. > > This is my configuration: > MDC Server1 (TS License Server) > member server Server2 TS Application mode > Licensing: Per User (5 cals installed) > Local Policy: Allow log on through Terminal Services = Administrators, > Remote Desktop Users > > User1: member of Domain Users, Remote Desktop User, Administrators > User2: member of Domain Users, Remote Desktop User > > non of the users can access TS remotely, users can login locally on TS > > What else should I do? > >
Guest Rene B Posted July 24, 2007 Posted July 24, 2007 Re: Just administrator can access TS it is win2k3 server It is not a DC error: "To log on this remote computer, you must be granted the Allow Log on through Terminal Services rigtht. By default , members of the Remote Desktop Users group have ....." Event Log after try to connect to TS: just secuity shows events Security: --- LOG 1: --- Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 576 Date: 7/24/2007 Time: 10:43:06 AM User: NT AUTHORITY\SYSTEM Computer: TPISAPPSVR01 Description: Special privileges assigned to new logon: User Name: TPISAPPSVR01$ Domain: TPIS Logon ID: (0x0,0x98CDE) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege --- LOG 2 -- Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 7/24/2007 Time: 10:43:06 AM User: NT AUTHORITY\SYSTEM Computer: TPISAPPSVR01 Description: Successful Network Logon: User Name: TPISAPPSVR01$ Domain: TPIS Logon ID: (0x0,0x98CDE) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {31757886-c57c-2b85-f649-1f4648bf9e0d} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: - Source Port: - -- LOG 3 -- Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 538 Date: 7/24/2007 Time: 10:43:06 AM User: NT AUTHORITY\SYSTEM Computer: TPISAPPSVR01 Description: User Logoff: User Name: TPISAPPSVR01$ Domain: TPIS Logon ID: (0x0,0x98CDE) Logon Type: 3 Thanks Jeff "Jeff Pitsch" <Jeff@Jeffpitschconsulting.com> wrote in message news:e5jV6zfzHHA.464@TK2MSFTNGP02.phx.gbl... > This is a win2k3 server correct? is it a domain controller? What error > message are they receiving when they try to connect? What do the event > logs show when they connect? > > Jeff Pitsch > Microsoft MVP - Terminal Server > Citrix Technology Professional > Provision Networks VIP > > Forums not enough? > Get support from the experts at your business > http://jeffpitschconsulting.com > > Rene B wrote: >> Hello everybody, >> >> I have problem accessing TS with RDC as any other user diferent than >> administrator even if the user is part of the administrators group. >> >> This is my configuration: >> MDC Server1 (TS License Server) >> member server Server2 TS Application mode >> Licensing: Per User (5 cals installed) >> Local Policy: Allow log on through Terminal Services = Administrators, >> Remote Desktop Users >> >> User1: member of Domain Users, Remote Desktop User, Administrators >> User2: member of Domain Users, Remote Desktop User >> >> non of the users can access TS remotely, users can login locally on TS >> >> What else should I do?
Guest Jeff Posted July 25, 2007 Posted July 25, 2007 RE: Just administrator can access TS When you say "member server" are these two servers in NLB as a farm? If so, I ran into an odd issue too that I found an answer for. If not, then I'm not sure "Rene B" wrote: > Hello everybody, > > I have problem accessing TS with RDC as any other user diferent than > administrator even if the user is part of the administrators group. > > This is my configuration: > MDC Server1 (TS License Server) > member server Server2 TS Application mode > Licensing: Per User (5 cals installed) > Local Policy: Allow log on through Terminal Services = Administrators, > Remote Desktop Users > > User1: member of Domain Users, Remote Desktop User, Administrators > User2: member of Domain Users, Remote Desktop User > > non of the users can access TS remotely, users can login locally on TS > > What else should I do? > > >
Guest Jeff Posted July 25, 2007 Posted July 25, 2007 RE: Just administrator can access TS Verify that the local Remote Desktop Users group is authenticated in the TS listener in your TS Configuration on both servers "Rene B" wrote: > Hello everybody, > > I have problem accessing TS with RDC as any other user diferent than > administrator even if the user is part of the administrators group. > > This is my configuration: > MDC Server1 (TS License Server) > member server Server2 TS Application mode > Licensing: Per User (5 cals installed) > Local Policy: Allow log on through Terminal Services = Administrators, > Remote Desktop Users > > User1: member of Domain Users, Remote Desktop User, Administrators > User2: member of Domain Users, Remote Desktop User > > non of the users can access TS remotely, users can login locally on TS > > What else should I do? > > >
Guest Rene B Posted July 25, 2007 Posted July 25, 2007 Re: Just administrator can access TS I'm not sure what NLB means, but I setup the first server as a Domain Controller, DNS Server, TS License Server, file Server and Application server. After that I create under computers the new server, then I install the new server as a member of a domain where I enter the domain name of the fist server. Did I did something wrong? "Jeff" <Jeff@discussions.microsoft.com> wrote in message news:C68F1DAA-4D47-4B2E-BC05-19733C5B396F@microsoft.com... > When you say "member server" are these two servers in NLB as a farm? If > so, > I ran into an odd issue too that I found an answer for. If not, then I'm > not > sure > > "Rene B" wrote: > >> Hello everybody, >> >> I have problem accessing TS with RDC as any other user diferent than >> administrator even if the user is part of the administrators group. >> >> This is my configuration: >> MDC Server1 (TS License Server) >> member server Server2 TS Application mode >> Licensing: Per User (5 cals installed) >> Local Policy: Allow log on through Terminal Services = Administrators, >> Remote Desktop Users >> >> User1: member of Domain Users, Remote Desktop User, Administrators >> User2: member of Domain Users, Remote Desktop User >> >> non of the users can access TS remotely, users can login locally on TS >> >> What else should I do? >> >> >>
Guest Jeff Pitsch Posted July 25, 2007 Posted July 25, 2007 Re: Just administrator can access TS Check RDP-TCP in the TS Config snap-in and confirm that Remote Desktop Users is there and has appropriate rights. Jeff Pitsch Microsoft MVP - Terminal Server Citrix Technology Professional Provision Networks VIP Forums not enough? Get support from the experts at your business http://jeffpitschconsulting.com Rene B wrote: > it is win2k3 server > It is not a DC > error: "To log on this remote computer, you must be granted the Allow Log on > through Terminal Services rigtht. By default , members of the Remote Desktop > Users group have ....." > > Event Log after try to connect to TS: > just secuity shows events > Security: > --- LOG 1: --- > Event Type: Success Audit > Event Source: Security > Event Category: Logon/Logoff > Event ID: 576 > Date: 7/24/2007 > Time: 10:43:06 AM > User: NT AUTHORITY\SYSTEM > Computer: TPISAPPSVR01 > Description: > Special privileges assigned to new logon: > User Name: TPISAPPSVR01$ > Domain: TPIS > Logon ID: (0x0,0x98CDE) > Privileges: SeSecurityPrivilege > SeBackupPrivilege > SeRestorePrivilege > SeTakeOwnershipPrivilege > SeDebugPrivilege > SeSystemEnvironmentPrivilege > SeLoadDriverPrivilege > SeImpersonatePrivilege > > --- LOG 2 -- > Event Type: Success Audit > Event Source: Security > Event Category: Logon/Logoff > Event ID: 540 > Date: 7/24/2007 > Time: 10:43:06 AM > User: NT AUTHORITY\SYSTEM > Computer: TPISAPPSVR01 > Description: > Successful Network Logon: > User Name: TPISAPPSVR01$ > Domain: TPIS > Logon ID: (0x0,0x98CDE) > Logon Type: 3 > Logon Process: Kerberos > Authentication Package: Kerberos > Workstation Name: > Logon GUID: {31757886-c57c-2b85-f649-1f4648bf9e0d} > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: - > Source Port: - > > -- LOG 3 -- > Event Type: Success Audit > Event Source: Security > Event Category: Logon/Logoff > Event ID: 538 > Date: 7/24/2007 > Time: 10:43:06 AM > User: NT AUTHORITY\SYSTEM > Computer: TPISAPPSVR01 > Description: > User Logoff: > User Name: TPISAPPSVR01$ > Domain: TPIS > Logon ID: (0x0,0x98CDE) > Logon Type: 3 > > Thanks Jeff > > > "Jeff Pitsch" <Jeff@Jeffpitschconsulting.com> wrote in message > news:e5jV6zfzHHA.464@TK2MSFTNGP02.phx.gbl... >> This is a win2k3 server correct? is it a domain controller? What error >> message are they receiving when they try to connect? What do the event >> logs show when they connect? >> >> Jeff Pitsch >> Microsoft MVP - Terminal Server >> Citrix Technology Professional >> Provision Networks VIP >> >> Forums not enough? >> Get support from the experts at your business >> http://jeffpitschconsulting.com >> >> Rene B wrote: >>> Hello everybody, >>> >>> I have problem accessing TS with RDC as any other user diferent than >>> administrator even if the user is part of the administrators group. >>> >>> This is my configuration: >>> MDC Server1 (TS License Server) >>> member server Server2 TS Application mode >>> Licensing: Per User (5 cals installed) >>> Local Policy: Allow log on through Terminal Services = Administrators, >>> Remote Desktop Users >>> >>> User1: member of Domain Users, Remote Desktop User, Administrators >>> User2: member of Domain Users, Remote Desktop User >>> >>> non of the users can access TS remotely, users can login locally on TS >>> >>> What else should I do? > >
Guest Jeff Posted July 26, 2007 Posted July 26, 2007 Re: Just administrator can access TS NLB means Network Load Balanced, which from what you replied isn't the case. If you go into Administrative Tools on your Terminal server and to to Terminal Configuration, click in the left pane Connections. On the Right you will see the RDP-Tcp Listener. Right-click on it and go to Properties. Go to the Permissions tab and make sure that the Remote Desktop Users group is listed with the appropriate permissions. If it is listed and your users or usergroup with Remote permissions is in the Local Remote Desktop Users group, then they should be able to connect. You can find the Local Remote Desktop Users group by right-clicking on My Computer and going to Manage and finding the Groups folder on the terminal server "Rene B" wrote: > I'm not sure what NLB means, but I setup the first server as a Domain > Controller, DNS Server, TS License Server, file Server and Application > server. After that I create under computers the new server, then I install > the new server as a member of a domain where I enter the domain name of the > fist server. > > Did I did something wrong? > > "Jeff" <Jeff@discussions.microsoft.com> wrote in message > news:C68F1DAA-4D47-4B2E-BC05-19733C5B396F@microsoft.com... > > When you say "member server" are these two servers in NLB as a farm? If > > so, > > I ran into an odd issue too that I found an answer for. If not, then I'm > > not > > sure > > > > "Rene B" wrote: > > > >> Hello everybody, > >> > >> I have problem accessing TS with RDC as any other user diferent than > >> administrator even if the user is part of the administrators group. > >> > >> This is my configuration: > >> MDC Server1 (TS License Server) > >> member server Server2 TS Application mode > >> Licensing: Per User (5 cals installed) > >> Local Policy: Allow log on through Terminal Services = Administrators, > >> Remote Desktop Users > >> > >> User1: member of Domain Users, Remote Desktop User, Administrators > >> User2: member of Domain Users, Remote Desktop User > >> > >> non of the users can access TS remotely, users can login locally on TS > >> > >> What else should I do? > >> > >> > >> > > >
Guest Rene B Posted July 26, 2007 Posted July 26, 2007 Re: Just administrator can access TS should I install TS on both servers? for now I have just installed on server2, while server1 still configured as Remote Desktop for Administration everything was in the way that you told me to. "Jeff" <Jeff@discussions.microsoft.com> wrote in message news:94160F70-0A87-4724-BD6D-B219318CE7C7@microsoft.com... > Verify that the local Remote Desktop Users group is authenticated in the > TS > listener in your TS Configuration on both servers > > "Rene B" wrote: > >> Hello everybody, >> >> I have problem accessing TS with RDC as any other user diferent than >> administrator even if the user is part of the administrators group. >> >> This is my configuration: >> MDC Server1 (TS License Server) >> member server Server2 TS Application mode >> Licensing: Per User (5 cals installed) >> Local Policy: Allow log on through Terminal Services = Administrators, >> Remote Desktop Users >> >> User1: member of Domain Users, Remote Desktop User, Administrators >> User2: member of Domain Users, Remote Desktop User >> >> non of the users can access TS remotely, users can login locally on TS >> >> What else should I do? >> >> >>
Guest Rene B Posted July 26, 2007 Posted July 26, 2007 Re: Just administrator can access TS Got it, now is working, this was the problem: > You can find the Local Remote Desktop Users group by right-clicking on My > Computer and going to Manage and finding the Groups folder on the terminal > server Thanks Jeff for all the time spent on this issue "Jeff" <Jeff@discussions.microsoft.com> wrote in message news:4CAA8B1D-6E71-4801-89A3-1A56FEABAE50@microsoft.com... > NLB means Network Load Balanced, which from what you replied isn't the > case. > If you go into Administrative Tools on your Terminal server and to to > Terminal Configuration, click in the left pane Connections. On the Right > you > will see the RDP-Tcp Listener. Right-click on it and go to Properties. > Go > to the Permissions tab and make sure that the Remote Desktop Users group > is > listed with the appropriate permissions. If it is listed and your users > or > usergroup with Remote permissions is in the Local Remote Desktop Users > group, > then they should be able to connect. > > You can find the Local Remote Desktop Users group by right-clicking on My > Computer and going to Manage and finding the Groups folder on the terminal > server > > "Rene B" wrote: > >> I'm not sure what NLB means, but I setup the first server as a Domain >> Controller, DNS Server, TS License Server, file Server and Application >> server. After that I create under computers the new server, then I >> install >> the new server as a member of a domain where I enter the domain name of >> the >> fist server. >> >> Did I did something wrong? >> >> "Jeff" <Jeff@discussions.microsoft.com> wrote in message >> news:C68F1DAA-4D47-4B2E-BC05-19733C5B396F@microsoft.com... >> > When you say "member server" are these two servers in NLB as a farm? >> > If >> > so, >> > I ran into an odd issue too that I found an answer for. If not, then >> > I'm >> > not >> > sure >> > >> > "Rene B" wrote: >> > >> >> Hello everybody, >> >> >> >> I have problem accessing TS with RDC as any other user diferent than >> >> administrator even if the user is part of the administrators group. >> >> >> >> This is my configuration: >> >> MDC Server1 (TS License Server) >> >> member server Server2 TS Application mode >> >> Licensing: Per User (5 cals installed) >> >> Local Policy: Allow log on through Terminal Services = Administrators, >> >> Remote Desktop Users >> >> >> >> User1: member of Domain Users, Remote Desktop User, Administrators >> >> User2: member of Domain Users, Remote Desktop User >> >> >> >> non of the users can access TS remotely, users can login locally on TS >> >> >> >> What else should I do? >> >> >> >> >> >> >> >> >>
Guest Rene B Posted July 26, 2007 Posted July 26, 2007 Re: Just administrator can access TS Got it, now is working, this was the problem: > You can find the Local Remote Desktop Users group by right-clicking on My > Computer and going to Manage and finding the Groups folder on the terminal > server Thanks Jeff for all the time spent on this issue "Rene B" <R-E-N-E-B-esto-no-va@beckerstaxservice.com> wrote in message news:OFnrv36zHHA.1204@TK2MSFTNGP03.phx.gbl... > should I install TS on both servers? for now I have just installed on > server2, while server1 still configured as Remote Desktop for > Administration > > everything was in the way that you told me to. > > > > "Jeff" <Jeff@discussions.microsoft.com> wrote in message > news:94160F70-0A87-4724-BD6D-B219318CE7C7@microsoft.com... >> Verify that the local Remote Desktop Users group is authenticated in the >> TS >> listener in your TS Configuration on both servers >> >> "Rene B" wrote: >> >>> Hello everybody, >>> >>> I have problem accessing TS with RDC as any other user diferent than >>> administrator even if the user is part of the administrators group. >>> >>> This is my configuration: >>> MDC Server1 (TS License Server) >>> member server Server2 TS Application mode >>> Licensing: Per User (5 cals installed) >>> Local Policy: Allow log on through Terminal Services = Administrators, >>> Remote Desktop Users >>> >>> User1: member of Domain Users, Remote Desktop User, Administrators >>> User2: member of Domain Users, Remote Desktop User >>> >>> non of the users can access TS remotely, users can login locally on TS >>> >>> What else should I do? >>> >>> >>> > >
Recommended Posts