Guest Rashid Posted June 10, 2008 Posted June 10, 2008 I was using a tool "fix" vulnerabilities on my system. Normally, on member servers, I back out the tools terminal server related "fixes" with changes to the registry. However, this time, it doesn't appear to be working. I am unable to logon to one domain controller using RDP with THE domain admin account. The local registry settings are: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services] "Shadow"=dword:00000000 "fAllowToGetHelp"=dword:00000000 "fWritableTSCCPermTab"=dword:00000000 "MinEncryptionLevel"=dword:00000003 "DeleteTempDirsOnExit"=dword:00000001 "fResetBroken"=dword:00000001 "fAllowUnsolicited"=dword:00000000 "fEncryptRPCTraffic"=dword:00000001 The Default Domain Controller Security Policy for Terminal Serives is Not Defined for both Allow and Deny. I did try to specifically set an Allow but it had no effect so I backed it out. The Domain Security Policy is also Not Defined and has never been touched. I have looked over other similair posts but none seem to be 100% relevant or work for me. Any suggestions?
Guest Vera Noest [MVP] Posted June 11, 2008 Posted June 11, 2008 Re: RDP Issue with Domain Admin Account on A Domain Controller What error message do you get when you try to connect? Can you logon to the console of the DC? Are there any errors or warnings in the EventLog on the server? Is the server still configured to allow Remote Desktop for Administration connections? Have you checked the security settings on the rdp-tcp connection, in Terminal Services Configuration? _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ =?Utf-8?B?UmFzaGlk?= <Rashid@discussions.microsoft.com> wrote on 11 jun 2008 in microsoft.public.windows.terminal_services: > I was using a tool "fix" vulnerabilities on my system. > Normally, on member servers, I back out the tools terminal > server related "fixes" with changes to the registry. However, > this time, it doesn't appear to be working. > > I am unable to logon to one domain controller using RDP with THE > domain admin account. The local registry settings are: > > [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows > NT\Terminal Services] "Shadow"=dword:00000000 > "fAllowToGetHelp"=dword:00000000 > "fWritableTSCCPermTab"=dword:00000000 > "MinEncryptionLevel"=dword:00000003 > "DeleteTempDirsOnExit"=dword:00000001 > "fResetBroken"=dword:00000001 > "fAllowUnsolicited"=dword:00000000 > "fEncryptRPCTraffic"=dword:00000001 > > The Default Domain Controller Security Policy for Terminal > Serives is Not Defined for both Allow and Deny. I did try to > specifically set an Allow but it had no effect so I backed it > out. The Domain Security Policy is also Not Defined and has > never been touched. > > I have looked over other similair posts but none seem to be 100% > relevant or work for me. Any suggestions?
Guest Rashid Posted July 11, 2008 Posted July 11, 2008 Re: RDP Issue with Domain Admin Account on A Domain Controller I apologize for not replying sooner. An even bigger issue took me away from this one. Now I am returning to it. Good ideas but so far, nothing is checking out. See my responses below: > What error message do you get when you try to connect? Warning Box Title: Logon Message Warning Box Body: To log on to this remote computer, you must be granted the Allw log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If youa re not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop User group does not have this right, you must be granted this right manually. > Can you logon to the console of the DC? Yes > Are there any errors or warnings in the EventLog on the server? There is nothing specific in the System/Application EventLogs. The security logs of course are full of information because there is extensive auditing going on but nothing that I can specifically find. > Is the server still configured to allow Remote Desktop for > Administration connections? Yes > Have you checked the security settings on the rdp-tcp connection, > in Terminal Services Configuration? I am not finding any differences in all of the settings for the RDP-TCP connection that is different from other servers that are working. The users/rights in the permissions the tab are a match.
Recommended Posts