Just administrator can access TS

[Guest Rene B]

Hello everybody,

 

I have problem accessing TS with RDC as any other user diferent than

administrator even if the user is part of the administrators group.

 

This is my configuration:

MDC Server1 (TS License Server)

member server Server2 TS Application mode

Licensing: Per User (5 cals installed)

Local Policy: Allow log on through Terminal Services = Administrators,

Remote Desktop Users

 

User1: member of Domain Users, Remote Desktop User, Administrators

User2: member of Domain Users, Remote Desktop User

 

non of the users can access TS remotely, users can login locally on TS

 

What else should I do?

[Guest Jeff Pitsch]

Re: Just administrator can access TS

 

This is a win2k3 server correct? is it a domain controller? What error

message are they receiving when they try to connect? What do the event

logs show when they connect?

 

Jeff Pitsch

Microsoft MVP - Terminal Server

Citrix Technology Professional

Provision Networks VIP

 

Forums not enough?

Get support from the experts at your business

http://jeffpitschconsulting.com

 

Rene B wrote:

> Hello everybody,

>

> I have problem accessing TS with RDC as any other user diferent than

> administrator even if the user is part of the administrators group.

>

> This is my configuration:

> MDC Server1 (TS License Server)

> member server Server2 TS Application mode

> Licensing: Per User (5 cals installed)

> Local Policy: Allow log on through Terminal Services = Administrators,

> Remote Desktop Users

>

> User1: member of Domain Users, Remote Desktop User, Administrators

> User2: member of Domain Users, Remote Desktop User

>

> non of the users can access TS remotely, users can login locally on TS

>

> What else should I do?

>

>

[Guest Rene B]

Re: Just administrator can access TS

 

it is win2k3 server

It is not a DC

error: "To log on this remote computer, you must be granted the Allow Log on

through Terminal Services rigtht. By default , members of the Remote Desktop

Users group have ....."

 

Event Log after try to connect to TS:

just secuity shows events

Security:

--- LOG 1: ---

Event Type: Success Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 576

Date: 7/24/2007

Time: 10:43:06 AM

User: NT AUTHORITY\SYSTEM

Computer: TPISAPPSVR01

Description:

Special privileges assigned to new logon:

User Name: TPISAPPSVR01$

Domain: TPIS

Logon ID: (0x0,0x98CDE)

Privileges: SeSecurityPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeTakeOwnershipPrivilege

SeDebugPrivilege

SeSystemEnvironmentPrivilege

SeLoadDriverPrivilege

SeImpersonatePrivilege

 

--- LOG 2 --

Event Type: Success Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 540

Date: 7/24/2007

Time: 10:43:06 AM

User: NT AUTHORITY\SYSTEM

Computer: TPISAPPSVR01

Description:

Successful Network Logon:

User Name: TPISAPPSVR01$

Domain: TPIS

Logon ID: (0x0,0x98CDE)

Logon Type: 3

Logon Process: Kerberos

Authentication Package: Kerberos

Workstation Name:

Logon GUID: {31757886-c57c-2b85-f649-1f4648bf9e0d}

Caller User Name: -

Caller Domain: -

Caller Logon ID: -

Caller Process ID: -

Transited Services: -

Source Network Address: -

Source Port: -

 

-- LOG 3 --

Event Type: Success Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 538

Date: 7/24/2007

Time: 10:43:06 AM

User: NT AUTHORITY\SYSTEM

Computer: TPISAPPSVR01

Description:

User Logoff:

User Name: TPISAPPSVR01$

Domain: TPIS

Logon ID: (0x0,0x98CDE)

Logon Type: 3

 

Thanks Jeff

 

 

"Jeff Pitsch" <Jeff@Jeffpitschconsulting.com> wrote in message

news:e5jV6zfzHHA.464@TK2MSFTNGP02.phx.gbl...

> This is a win2k3 server correct? is it a domain controller? What error

> message are they receiving when they try to connect? What do the event

> logs show when they connect?

>

> Jeff Pitsch

> Microsoft MVP - Terminal Server

> Citrix Technology Professional

> Provision Networks VIP

>

> Forums not enough?

> Get support from the experts at your business

> http://jeffpitschconsulting.com

>

> Rene B wrote:

>> Hello everybody,

>>

>> I have problem accessing TS with RDC as any other user diferent than

>> administrator even if the user is part of the administrators group.

>>

>> This is my configuration:

>> MDC Server1 (TS License Server)

>> member server Server2 TS Application mode

>> Licensing: Per User (5 cals installed)

>> Local Policy: Allow log on through Terminal Services = Administrators,

>> Remote Desktop Users

>>

>> User1: member of Domain Users, Remote Desktop User, Administrators

>> User2: member of Domain Users, Remote Desktop User

>>

>> non of the users can access TS remotely, users can login locally on TS

>>

>> What else should I do?

[Guest Jeff]

RE: Just administrator can access TS

 

When you say "member server" are these two servers in NLB as a farm? If so,

I ran into an odd issue too that I found an answer for. If not, then I'm not

sure

 

"Rene B" wrote:

> Hello everybody,

>

> I have problem accessing TS with RDC as any other user diferent than

> administrator even if the user is part of the administrators group.

>

> This is my configuration:

> MDC Server1 (TS License Server)

> member server Server2 TS Application mode

> Licensing: Per User (5 cals installed)

> Local Policy: Allow log on through Terminal Services = Administrators,

> Remote Desktop Users

>

> User1: member of Domain Users, Remote Desktop User, Administrators

> User2: member of Domain Users, Remote Desktop User

>

> non of the users can access TS remotely, users can login locally on TS

>

> What else should I do?

>

>

>

[Guest Jeff]

RE: Just administrator can access TS

 

Verify that the local Remote Desktop Users group is authenticated in the TS

listener in your TS Configuration on both servers

 

"Rene B" wrote:

> Hello everybody,

>

> I have problem accessing TS with RDC as any other user diferent than

> administrator even if the user is part of the administrators group.

>

> This is my configuration:

> MDC Server1 (TS License Server)

> member server Server2 TS Application mode

> Licensing: Per User (5 cals installed)

> Local Policy: Allow log on through Terminal Services = Administrators,

> Remote Desktop Users

>

> User1: member of Domain Users, Remote Desktop User, Administrators

> User2: member of Domain Users, Remote Desktop User

>

> non of the users can access TS remotely, users can login locally on TS

>

> What else should I do?

>

>

>

[Guest Rene B]

Re: Just administrator can access TS

 

I'm not sure what NLB means, but I setup the first server as a Domain

Controller, DNS Server, TS License Server, file Server and Application

server. After that I create under computers the new server, then I install

the new server as a member of a domain where I enter the domain name of the

fist server.

 

Did I did something wrong?

 

"Jeff" <Jeff@discussions.microsoft.com> wrote in message

news:C68F1DAA-4D47-4B2E-BC05-19733C5B396F@microsoft.com...

> When you say "member server" are these two servers in NLB as a farm? If

> so,

> I ran into an odd issue too that I found an answer for. If not, then I'm

> not

> sure

>

> "Rene B" wrote:

>

>> Hello everybody,

>>

>> I have problem accessing TS with RDC as any other user diferent than

>> administrator even if the user is part of the administrators group.

>>

>> This is my configuration:

>> MDC Server1 (TS License Server)

>> member server Server2 TS Application mode

>> Licensing: Per User (5 cals installed)

>> Local Policy: Allow log on through Terminal Services = Administrators,

>> Remote Desktop Users

>>

>> User1: member of Domain Users, Remote Desktop User, Administrators

>> User2: member of Domain Users, Remote Desktop User

>>

>> non of the users can access TS remotely, users can login locally on TS

>>

>> What else should I do?

>>

>>

>>

[Guest Jeff Pitsch]

Re: Just administrator can access TS

 

Check RDP-TCP in the TS Config snap-in and confirm that Remote Desktop

Users is there and has appropriate rights.

 

Jeff Pitsch

Microsoft MVP - Terminal Server

Citrix Technology Professional

Provision Networks VIP

 

Forums not enough?

Get support from the experts at your business

http://jeffpitschconsulting.com

 

Rene B wrote:

> it is win2k3 server

> It is not a DC

> error: "To log on this remote computer, you must be granted the Allow Log on

> through Terminal Services rigtht. By default , members of the Remote Desktop

> Users group have ....."

>

> Event Log after try to connect to TS:

> just secuity shows events

> Security:

> --- LOG 1: ---

> Event Type: Success Audit

> Event Source: Security

> Event Category: Logon/Logoff

> Event ID: 576

> Date: 7/24/2007

> Time: 10:43:06 AM

> User: NT AUTHORITY\SYSTEM

> Computer: TPISAPPSVR01

> Description:

> Special privileges assigned to new logon:

> User Name: TPISAPPSVR01$

> Domain: TPIS

> Logon ID: (0x0,0x98CDE)

> Privileges: SeSecurityPrivilege

> SeBackupPrivilege

> SeRestorePrivilege

> SeTakeOwnershipPrivilege

> SeDebugPrivilege

> SeSystemEnvironmentPrivilege

> SeLoadDriverPrivilege

> SeImpersonatePrivilege

>

> --- LOG 2 --

> Event Type: Success Audit

> Event Source: Security

> Event Category: Logon/Logoff

> Event ID: 540

> Date: 7/24/2007

> Time: 10:43:06 AM

> User: NT AUTHORITY\SYSTEM

> Computer: TPISAPPSVR01

> Description:

> Successful Network Logon:

> User Name: TPISAPPSVR01$

> Domain: TPIS

> Logon ID: (0x0,0x98CDE)

> Logon Type: 3

> Logon Process: Kerberos

> Authentication Package: Kerberos

> Workstation Name:

> Logon GUID: {31757886-c57c-2b85-f649-1f4648bf9e0d}

> Caller User Name: -

> Caller Domain: -

> Caller Logon ID: -

> Caller Process ID: -

> Transited Services: -

> Source Network Address: -

> Source Port: -

>

> -- LOG 3 --

> Event Type: Success Audit

> Event Source: Security

> Event Category: Logon/Logoff

> Event ID: 538

> Date: 7/24/2007

> Time: 10:43:06 AM

> User: NT AUTHORITY\SYSTEM

> Computer: TPISAPPSVR01

> Description:

> User Logoff:

> User Name: TPISAPPSVR01$

> Domain: TPIS

> Logon ID: (0x0,0x98CDE)

> Logon Type: 3

>

> Thanks Jeff

>

>

> "Jeff Pitsch" <Jeff@Jeffpitschconsulting.com> wrote in message

> news:e5jV6zfzHHA.464@TK2MSFTNGP02.phx.gbl...

>> This is a win2k3 server correct? is it a domain controller? What error

>> message are they receiving when they try to connect? What do the event

>> logs show when they connect?

>>

>> Jeff Pitsch

>> Microsoft MVP - Terminal Server

>> Citrix Technology Professional

>> Provision Networks VIP

>>

>> Forums not enough?

>> Get support from the experts at your business

>> http://jeffpitschconsulting.com

>>

>> Rene B wrote:

>>> Hello everybody,

>>>

>>> I have problem accessing TS with RDC as any other user diferent than

>>> administrator even if the user is part of the administrators group.

>>>

>>> This is my configuration:

>>> MDC Server1 (TS License Server)

>>> member server Server2 TS Application mode

>>> Licensing: Per User (5 cals installed)

>>> Local Policy: Allow log on through Terminal Services = Administrators,

>>> Remote Desktop Users

>>>

>>> User1: member of Domain Users, Remote Desktop User, Administrators

>>> User2: member of Domain Users, Remote Desktop User

>>>

>>> non of the users can access TS remotely, users can login locally on TS

>>>

>>> What else should I do?

>

>

[Guest Jeff]

Re: Just administrator can access TS

 

NLB means Network Load Balanced, which from what you replied isn't the case.

If you go into Administrative Tools on your Terminal server and to to

Terminal Configuration, click in the left pane Connections. On the Right you

will see the RDP-Tcp Listener. Right-click on it and go to Properties. Go

to the Permissions tab and make sure that the Remote Desktop Users group is

listed with the appropriate permissions. If it is listed and your users or

usergroup with Remote permissions is in the Local Remote Desktop Users group,

then they should be able to connect.

 

You can find the Local Remote Desktop Users group by right-clicking on My

Computer and going to Manage and finding the Groups folder on the terminal

server

 

"Rene B" wrote:

> I'm not sure what NLB means, but I setup the first server as a Domain

> Controller, DNS Server, TS License Server, file Server and Application

> server. After that I create under computers the new server, then I install

> the new server as a member of a domain where I enter the domain name of the

> fist server.

>

> Did I did something wrong?

>

> "Jeff" <Jeff@discussions.microsoft.com> wrote in message

> news:C68F1DAA-4D47-4B2E-BC05-19733C5B396F@microsoft.com...

> > When you say "member server" are these two servers in NLB as a farm? If

> > so,

> > I ran into an odd issue too that I found an answer for. If not, then I'm

> > not

> > sure

> >

> > "Rene B" wrote:

> >

> >> Hello everybody,

> >>

> >> I have problem accessing TS with RDC as any other user diferent than

> >> administrator even if the user is part of the administrators group.

> >>

> >> This is my configuration:

> >> MDC Server1 (TS License Server)

> >> member server Server2 TS Application mode

> >> Licensing: Per User (5 cals installed)

> >> Local Policy: Allow log on through Terminal Services = Administrators,

> >> Remote Desktop Users

> >>

> >> User1: member of Domain Users, Remote Desktop User, Administrators

> >> User2: member of Domain Users, Remote Desktop User

> >>

> >> non of the users can access TS remotely, users can login locally on TS

> >>

> >> What else should I do?

> >>

> >>

> >>

>

>

>

[Guest Rene B]

Re: Just administrator can access TS

 

should I install TS on both servers? for now I have just installed on

server2, while server1 still configured as Remote Desktop for Administration

 

everything was in the way that you told me to.

 

 

 

"Jeff" <Jeff@discussions.microsoft.com> wrote in message

news:94160F70-0A87-4724-BD6D-B219318CE7C7@microsoft.com...

> Verify that the local Remote Desktop Users group is authenticated in the

> TS

> listener in your TS Configuration on both servers

>

> "Rene B" wrote:

>

>> Hello everybody,

>>

>> I have problem accessing TS with RDC as any other user diferent than

>> administrator even if the user is part of the administrators group.

>>

>> This is my configuration:

>> MDC Server1 (TS License Server)

>> member server Server2 TS Application mode

>> Licensing: Per User (5 cals installed)

>> Local Policy: Allow log on through Terminal Services = Administrators,

>> Remote Desktop Users

>>

>> User1: member of Domain Users, Remote Desktop User, Administrators

>> User2: member of Domain Users, Remote Desktop User

>>

>> non of the users can access TS remotely, users can login locally on TS

>>

>> What else should I do?

>>

>>

>>

[Guest Rene B]

Re: Just administrator can access TS

 

Got it, now is working, this was the problem:

> You can find the Local Remote Desktop Users group by right-clicking on My

> Computer and going to Manage and finding the Groups folder on the terminal

> server

 

Thanks Jeff for all the time spent on this issue

 

 

"Jeff" <Jeff@discussions.microsoft.com> wrote in message

news:4CAA8B1D-6E71-4801-89A3-1A56FEABAE50@microsoft.com...

> NLB means Network Load Balanced, which from what you replied isn't the

> case.

> If you go into Administrative Tools on your Terminal server and to to

> Terminal Configuration, click in the left pane Connections. On the Right

> you

> will see the RDP-Tcp Listener. Right-click on it and go to Properties.

> Go

> to the Permissions tab and make sure that the Remote Desktop Users group

> is

> listed with the appropriate permissions. If it is listed and your users

> or

> usergroup with Remote permissions is in the Local Remote Desktop Users

> group,

> then they should be able to connect.

>

> You can find the Local Remote Desktop Users group by right-clicking on My

> Computer and going to Manage and finding the Groups folder on the terminal

> server

>

> "Rene B" wrote:

>

>> I'm not sure what NLB means, but I setup the first server as a Domain

>> Controller, DNS Server, TS License Server, file Server and Application

>> server. After that I create under computers the new server, then I

>> install

>> the new server as a member of a domain where I enter the domain name of

>> the

>> fist server.

>>

>> Did I did something wrong?

>>

>> "Jeff" <Jeff@discussions.microsoft.com> wrote in message

>> news:C68F1DAA-4D47-4B2E-BC05-19733C5B396F@microsoft.com...

>> > When you say "member server" are these two servers in NLB as a farm?

>> > If

>> > so,

>> > I ran into an odd issue too that I found an answer for. If not, then

>> > I'm

>> > not

>> > sure

>> >

>> > "Rene B" wrote:

>> >

>> >> Hello everybody,

>> >>

>> >> I have problem accessing TS with RDC as any other user diferent than

>> >> administrator even if the user is part of the administrators group.

>> >>

>> >> This is my configuration:

>> >> MDC Server1 (TS License Server)

>> >> member server Server2 TS Application mode

>> >> Licensing: Per User (5 cals installed)

>> >> Local Policy: Allow log on through Terminal Services = Administrators,

>> >> Remote Desktop Users

>> >>

>> >> User1: member of Domain Users, Remote Desktop User, Administrators

>> >> User2: member of Domain Users, Remote Desktop User

>> >>

>> >> non of the users can access TS remotely, users can login locally on TS

>> >>

>> >> What else should I do?

>> >>

>> >>

>> >>

>>

>>

>>

[Guest Rene B]

Re: Just administrator can access TS

 

Got it, now is working, this was the problem:

> You can find the Local Remote Desktop Users group by right-clicking on My

> Computer and going to Manage and finding the Groups folder on the terminal

> server

 

 

Thanks Jeff for all the time spent on this issue

 

 

"Rene B" <R-E-N-E-B-esto-no-va@beckerstaxservice.com> wrote in message

news:OFnrv36zHHA.1204@TK2MSFTNGP03.phx.gbl...

> should I install TS on both servers? for now I have just installed on

> server2, while server1 still configured as Remote Desktop for

> Administration

>

> everything was in the way that you told me to.

>

>

>

> "Jeff" <Jeff@discussions.microsoft.com> wrote in message

> news:94160F70-0A87-4724-BD6D-B219318CE7C7@microsoft.com...

>> Verify that the local Remote Desktop Users group is authenticated in the

>> TS

>> listener in your TS Configuration on both servers

>>

>> "Rene B" wrote:

>>

>>> Hello everybody,

>>>

>>> I have problem accessing TS with RDC as any other user diferent than

>>> administrator even if the user is part of the administrators group.

>>>

>>> This is my configuration:

>>> MDC Server1 (TS License Server)

>>> member server Server2 TS Application mode

>>> Licensing: Per User (5 cals installed)

>>> Local Policy: Allow log on through Terminal Services = Administrators,

>>> Remote Desktop Users

>>>

>>> User1: member of Domain Users, Remote Desktop User, Administrators

>>> User2: member of Domain Users, Remote Desktop User

>>>

>>> non of the users can access TS remotely, users can login locally on TS

>>>

>>> What else should I do?

>>>

>>>

>>>

>

>