Weird RDP issue

Django x2 · 25 Mar 2013 at 11:55

When I try and RDP to my boxes now I get the "To log on to this computer you must be granted the allow log on through terminal services right. By default, etc, etc"

Now, nothing has changed, it doesn't matter what user I choose, even god mode domain admin. If I'm at the box all is fine, and all the GPO stuff is fine too, the relevant groups are all in the remote desktop users group so I'm actually at a bit of a loss here now.

Any ideas?

DiscoDave · 25 Mar 2013 at 13:10

For the security profile of the machine check:

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\ for the "Allow log on through Terminal Services" setting.

I know you've said the GPO/Security config seems fine but considering you're experiencing this issue across multiple machines I'm willing to bet someone has made a GPO/Security policy error.

Does the event log on the box shed any light?

Armageus · 25 Mar 2013 at 16:40

has Windows Firewall turned back on - following a reboot or windows update?

DiscoDave · 25 Mar 2013 at 16:48

Armageus said:
has Windows Firewall turned back on - following a reboot or windows update?

If the firewall was blocking RDP access you wouldn't even get to the logon screen. For this issue Django is able to establish a RDP session but gets a permission-related error when logging on.

Django x2 · 25 Mar 2013 at 19:45

Well, that setting in GPO wasn't set, at all. So I've set it, and forced a gpupdate on all the boxes but still not working, yet.

HarryPainful · 25 Mar 2013 at 22:37

Run a gpresult /Z and make sure that the GPO is being applied and not filtered out.

Django x2 · 2 Apr 2013 at 23:01

i'm still having this issue, now with one particular box. The policy is being applied and I've even specified the user in the local RDP user group, still no joy. No firewall on either

olibb · 3 Apr 2013 at 11:17

Might be worth looking under Computer > Properties > Remote Settings > Select Users - try adding a security group and seeing if this then allows access.

Vince · 3 Apr 2013 at 15:23

Had this exact problem with one of our servers over the last few days. Fixed it with the suggestion above but that doesn't explain why it lost all of its normal settings.

Caged · 3 Apr 2013 at 23:48

What's the time set to?

Django x2 · 4 Apr 2013 at 08:43

I thought that, but all the servers are correct (well, time at least). I've run a w32tm /update /force on all the boxes. As I say, this seemed to just appear recently for this box. The last two ideas haven't worked either, and even more worrying, I know the local admin password for this box too and that generates the same error....