Guest Mike Bannister Posted May 2, 2008 Posted May 2, 2008 I had a 2003 domain with a 2003 & 2000 domain controller. I ran dcpromo on the 2000 box and demoted it to a member server. I then ran adprep /forestprep on the 2003 domain controller and then I ran dcpromo on a Windows 2003 R2 box and made it a domain controller. I can no longer rdp into either domain controller with domain administrator credentials. I see a security event 534 when I try and I also get this message interactively: "To log on to this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop User group does not have this right you must be granted this right manually." -- Mike Bannister
Guest Meinolf Weber Posted May 2, 2008 Posted May 2, 2008 Re: Cannot rdp into Domain controllers Hello Mike, See inline Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I had a 2003 domain with a 2003 & 2000 domain controller. I ran > dcpromo on the 2000 box and demoted it to a member server. I then ran > adprep /forestprep on the 2003 domain controller and then I ran > dcpromo on a Windows 2003 R2 box and made it a domain controller. Both DC's where domain controller on the same domainname? Normally it is not possible to add 2003 DC to 2000 without running adprep /forestprep BEFORE, so please give more details in which order you started for this. Sound s for me a bit strange the way you described. > I can no longer rdp into either domain controller with domain > administrator credentials. If the DC was added to the 2000 domain, i assume, before correctly it should still work. See my other comment above, something strange. > I see a security event 534 when I try and I > also get this message interactively: > > "To log on to this remote computer, you must be granted the Allow log > on through Terminal Services right. By default, members of the Remote > Desktop Users group have this right. If you are not a member of the > Remote Desktop Users group or another group that has this right, or if > the Remote Desktop User group does not have this right you must be > granted this right manually." Seems that the domain administrator is not able, because of some problems in the domain configuration.
Guest Mike Bannister Posted May 2, 2008 Posted May 2, 2008 Re: Cannot rdp into Domain controllers It was and is a 2003 domain which had a 2003 domain controller as well as a 2000 domain controller. I demoted the 2000 box to a member server. I then ran adprep /forestprep in order to add a Windows 2003 R2 server to the Windows 2003 domain as a domain controller. It is my understanding that some schema changes were necessary in order to add an R2 to a 2003 domain. One other curious side effect is that OWA is not working on the R2 domain controller which is also running Exchange 2003? When you point browser to http://servername/exchange it returns an partially constructed page? -- Mike Bannister "Meinolf Weber" wrote: > Hello Mike, > > See inline > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > I had a 2003 domain with a 2003 & 2000 domain controller. I ran > > dcpromo on the 2000 box and demoted it to a member server. I then ran > > adprep /forestprep on the 2003 domain controller and then I ran > > dcpromo on a Windows 2003 R2 box and made it a domain controller. > > Both DC's where domain controller on the same domainname? Normally it is > not possible to add 2003 DC to 2000 without running adprep /forestprep BEFORE, > so please give more details in which order you started for this. Sound s > for me a bit strange the way you described. > > > I can no longer rdp into either domain controller with domain > > administrator credentials. > > If the DC was added to the 2000 domain, i assume, before correctly it should > still work. See my other comment above, something strange. > > > I see a security event 534 when I try and I > > also get this message interactively: > > > > "To log on to this remote computer, you must be granted the Allow log > > on through Terminal Services right. By default, members of the Remote > > Desktop Users group have this right. If you are not a member of the > > Remote Desktop Users group or another group that has this right, or if > > the Remote Desktop User group does not have this right you must be > > granted this right manually." > > Seems that the domain administrator is not able, because of some problems > in the domain configuration. > > >
Guest Meinolf Weber Posted May 2, 2008 Posted May 2, 2008 Re: Cannot rdp into Domain controllers Hello Mike, see inline Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > It was and is a 2003 domain which had a 2003 domain controller as well > as a 2000 domain controller. I demoted the 2000 box to a member > server. > > I then ran adprep /forestprep in order to add a Windows 2003 R2 server > to the Windows 2003 domain as a domain controller. It is my > understanding that some schema changes were necessary in order to add > an R2 to a 2003 domain. Didn't realize that you added R2 as DC, you are right, the schema has to be upgraded to version 31 before. I assume you did also run adprep /domainprep? > One other curious side effect is that OWA is not working on the R2 > domain controller which is also running Exchange 2003? When you point > browser to http://servername/exchange it returns an partially > constructed page? First, it is not recommended from MS to run Exchange on DC's: http://technet.microsoft.com/en-us/library/aa997407.aspx With outlook web access i have no experience, better ask to exchange NG about this. > "Meinolf Weber" wrote: > >> Hello Mike, >> >> See inline >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> I had a 2003 domain with a 2003 & 2000 domain controller. I ran >>> dcpromo on the 2000 box and demoted it to a member server. I then >>> ran adprep /forestprep on the 2003 domain controller and then I ran >>> dcpromo on a Windows 2003 R2 box and made it a domain controller. >>> >> Both DC's where domain controller on the same domainname? Normally it >> is not possible to add 2003 DC to 2000 without running adprep >> /forestprep BEFORE, so please give more details in which order you >> started for this. Sound s for me a bit strange the way you described. >> >>> I can no longer rdp into either domain controller with domain >>> administrator credentials. >>> >> If the DC was added to the 2000 domain, i assume, before correctly it >> should still work. See my other comment above, something strange. >> >>> I see a security event 534 when I try and I >>> also get this message interactively: >>> "To log on to this remote computer, you must be granted the Allow >>> log on through Terminal Services right. By default, members of the >>> Remote Desktop Users group have this right. If you are not a member >>> of the Remote Desktop Users group or another group that has this >>> right, or if the Remote Desktop User group does not have this right >>> you must be granted this right manually." >>> >> Seems that the domain administrator is not able, because of some >> problems in the domain configuration. >>
Recommended Posts