Jump to content

"Do not have access to logon to this session"

Guest Gregg

By Guest Gregg
in Windows NT Server

 Share

Recommended Posts

Guest Gregg

Guest Gregg

Posted
Posted

Howdy!

 

I have a Windows 2003 R2 domain managed via Group Policy with something over

100 client machines as members. We've recently implemented VPN access and

the long term plan is to implement a solid Terminal Server infrustructure.

In the mean time, though, I'm attempting to get access for folks working

from

home to Remote Desktop on their Windows XP Pro SP2 machines here at the

office. I do have Windows Firewall enabled on the clients here in the

office, which is also managed via Group Policy. I've double and triple

checked policy settings (ports for the firewall, user account flags, & the

policy for Remote desktop itself) but I must be missing something somewhere.

 

Here's the problem - Users (standard Domain Users in Active Directory) can

connect to the VPN, fire up Remote Desktop and connect\logon to their

machines here at the office on the first try, no problems at all. Upon

finishing up and selecting the "Logoff" option, the Remote Desktop session

on

their end closes as expected - But when any of them attempt to reconnect to

their machines via Remote Desktop again later they get an error stating,

"You

do not have access to logon to this Session". This persists until their

machine here at the office is rebooted. I enabled the "Disconnect" option

via Group Policy and they are then able to disconnect and reconnect for a

period of time - But I really need them to log off the machines when they

are

done so this is a band-aid solution at best.

 

Checking the process list on the machines when a user logs off remotely

shows that there are two WinLogon.exe processes running afterward - Is this

causing the Remote Desktop software to get confused in some way? There is

no

"session" I can see beyond this second instance, unless the user uses the

disconnect option - But then they can reconnect just fine.

 

Any thoughts on the problem would be most welcome!

Thanks!

 

Gregg Knapp

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: "Do not have access to logon to this session"

 

So the logoff is not complete, it seems. Have you checked the

EventLog on these clients? Are there any errors or warnings, maybe

related to profile unloading?

Does this also happen when they connect from one XP client to

another inside the office? Just want to rule out the VPN connection

as a factor.

 

I would enable extra logging on one of these clients:

 

232575 - How to trace Winlogon activity in Windows Server 2003,

Windows XP, Windows 2000, and Windows NT

http://support.microsoft.com/?kbid=232575

 

221833 - How to enable user environment debug logging in retail

builds of Windows

http://support.microsoft.com/?kbid=221833

 

And if that doesn't solve it, maybe install UPHClean as well.

http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-

8912-4E18-B570-42470E2F3582

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Gregg" <none@fake.com> wrote on 05 nov 2007 in

microsoft.public.windows.terminal_services:

> Howdy!

>

> I have a Windows 2003 R2 domain managed via Group Policy with

> something over 100 client machines as members. We've recently

> implemented VPN access and the long term plan is to implement a

> solid Terminal Server infrustructure. In the mean time, though,

> I'm attempting to get access for folks working from

> home to Remote Desktop on their Windows XP Pro SP2 machines here

> at the office. I do have Windows Firewall enabled on the

> clients here in the office, which is also managed via Group

> Policy. I've double and triple checked policy settings (ports

> for the firewall, user account flags, & the policy for Remote

> desktop itself) but I must be missing something somewhere.

>

> Here's the problem - Users (standard Domain Users in Active

> Directory) can connect to the VPN, fire up Remote Desktop and

> connect\logon to their machines here at the office on the first

> try, no problems at all. Upon finishing up and selecting the

> "Logoff" option, the Remote Desktop session on

> their end closes as expected - But when any of them attempt to

> reconnect to their machines via Remote Desktop again later they

> get an error stating, "You

> do not have access to logon to this Session". This persists

> until their machine here at the office is rebooted. I enabled

> the "Disconnect" option via Group Policy and they are then able

> to disconnect and reconnect for a period of time - But I really

> need them to log off the machines when they are

> done so this is a band-aid solution at best.

>

> Checking the process list on the machines when a user logs off

> remotely shows that there are two WinLogon.exe processes running

> afterward - Is this causing the Remote Desktop software to get

> confused in some way? There is no

> "session" I can see beyond this second instance, unless the user

> uses the disconnect option - But then they can reconnect just

> fine.

>

> Any thoughts on the problem would be most welcome!

> Thanks!

>

> Gregg Knapp

Guest Gregg

Guest Gregg

Posted
Posted

Re: "Do not have access to logon to this session"

 

I haven't noticed anything unusual in the Event Logs on any of

the clients as of yet, but it is a problem on all of them - For

troubleshooting purposes I tried having different users logon to

different machines and ended up with the same results. I'll

make a point to poke through the logs on a number of machines

again today\tomorrow just to be sure.

 

The UPHClean utility is actually a good idea - I'll try that out

tomorrow and post the results back here. Hopefully that'll

fix me up. Thanks for the reply! I appriciate the assist.

 

Gregg

Web\Systems Admin

U.S. Courts

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns99DFE1108889Everanoesthemutforsse@207.46.248.16...

> So the logoff is not complete, it seems. Have you checked the

> EventLog on these clients? Are there any errors or warnings, maybe

> related to profile unloading?

> Does this also happen when they connect from one XP client to

> another inside the office? Just want to rule out the VPN connection

> as a factor.

>

> I would enable extra logging on one of these clients:

>

> 232575 - How to trace Winlogon activity in Windows Server 2003,

> Windows XP, Windows 2000, and Windows NT

> http://support.microsoft.com/?kbid=232575

>

> 221833 - How to enable user environment debug logging in retail

> builds of Windows

> http://support.microsoft.com/?kbid=221833

>

> And if that doesn't solve it, maybe install UPHClean as well.

> http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-

> 8912-4E18-B570-42470E2F3582

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Gregg" <none@fake.com> wrote on 05 nov 2007 in

> microsoft.public.windows.terminal_services:

>

>> Howdy!

>>

>> I have a Windows 2003 R2 domain managed via Group Policy with

>> something over 100 client machines as members. We've recently

>> implemented VPN access and the long term plan is to implement a

>> solid Terminal Server infrustructure. In the mean time, though,

>> I'm attempting to get access for folks working from

>> home to Remote Desktop on their Windows XP Pro SP2 machines here

>> at the office. I do have Windows Firewall enabled on the

>> clients here in the office, which is also managed via Group

>> Policy. I've double and triple checked policy settings (ports

>> for the firewall, user account flags, & the policy for Remote

>> desktop itself) but I must be missing something somewhere.

>>

>> Here's the problem - Users (standard Domain Users in Active

>> Directory) can connect to the VPN, fire up Remote Desktop and

>> connect\logon to their machines here at the office on the first

>> try, no problems at all. Upon finishing up and selecting the

>> "Logoff" option, the Remote Desktop session on

>> their end closes as expected - But when any of them attempt to

>> reconnect to their machines via Remote Desktop again later they

>> get an error stating, "You

>> do not have access to logon to this Session". This persists

>> until their machine here at the office is rebooted. I enabled

>> the "Disconnect" option via Group Policy and they are then able

>> to disconnect and reconnect for a period of time - But I really

>> need them to log off the machines when they are

>> done so this is a band-aid solution at best.

>>

>> Checking the process list on the machines when a user logs off

>> remotely shows that there are two WinLogon.exe processes running

>> afterward - Is this causing the Remote Desktop software to get

>> confused in some way? There is no

>> "session" I can see beyond this second instance, unless the user

>> uses the disconnect option - But then they can reconnect just

>> fine.

>>

>> Any thoughts on the problem would be most welcome!

>> Thanks!

>>

>> Gregg Knapp

 Share
Go to topic listing
×
×
  • Create New...