Options
"Access Denied" through RDP
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
in Off-Topic
Anyone seen this before ? Fresh install, only windows updates applied, no domain, nothing in the eventlog .. happened to me now on Server 2008 R1 SP2 and R2 ...
My own knowledge base made public: http://open902.com
Comments
-
OptionsEssendon Member Posts: 4,546 ■■■■■■■■■■Rebuild. Period.
Something wrong with the install or some(one) of the updates killed it. -
OptionsMojo_666 Member Posts: 438If this has happened twice then I suspect something you have done during the intial config is causing it, what options are you selecting for remote access~? Maybe you have selected RDP with NLA only?
-
Optionsjibbajabba Member Posts: 4,317 ■■■■■■■■□□If this has happened twice then I suspect something you have done during the intial config is causing it, what options are you selecting for remote access~? Maybe you have selected RDP with NLA only?
No, any version of RDP is allowed. If a setting would cause this then surely I would never be able to login at all, but it just changes "something" for no reason which is quite annoying ...My own knowledge base made public: http://open902.com -
OptionsMojo_666 Member Posts: 438Are you using an admin account to rdp? and this server is a standalone right?
-
Optionsjibbajabba Member Posts: 4,317 ■■■■■■■■□□Are you using an admin account to rdp? and this server is a standalone right?
Yes, standalone and I am indeed using the Adminsitrator account.My own knowledge base made public: http://open902.com -
OptionsMojo_666 Member Posts: 438Very strange then seeing as you have done 2 seperate builds using 2008 and 2008 R2, not sure what to suggest, I cannot see how 2 installs with different media would cause the same issue, maybe it is related to an update? but I have installed 12 R2 servers in the last 2 weeks and run all currently available updates and not had a single problem.
Might be worth checking the local machines remote desktop users group to see if the admin account has been stripped out somehow? -
Optionsjibbajabba Member Posts: 4,317 ■■■■■■■■□□Very strange then seeing as you have done 2 seperate builds using 2008 and 2008 R2, not sure what to suggest, I cannot see how 2 installs with different media would cause the same issue, maybe it is related to an update? but I have installed 12 R2 servers in the last 2 weeks and run all currently available updates and not had a single problem.
Might be worth checking the local machines remote desktop users group to see if the admin account has been stripped out somehow?
Nah, it is part of the remote desptop users group.
Only thing I did on those boxes in addition to just "next next next" is
a. disable ipv6 through the registry
b. removed QoS
c. Disabled ipv6 in adapter settings
d. removed Link-Layer protocol
which I thought was the issue on the R2 server as I configured that as VPN / NAT server and had to revert all that because RRAS gave me issues.
But the 2008 R1 server is new for me which was installed for a customer who was responsible for its configuration ... Again, apart from next, next, next I did steps a-d but reverted that now too ...
What the customer said is that he tried to connect via
<server name>\Administrator
so I am not sure if that is the issue it caused the error, which it shouldn't really as the client would normally throw an error about wrong credentials rather than the login screen of the server .. And it wasn't all the time, just every now and then ...
I am almost tempted, if it happens again, to vmotion the virtual machine to a development cluster, give the customer a new VM and call Microsoft .. that is driving me nuts ..My own knowledge base made public: http://open902.com -
OptionsMojo_666 Member Posts: 438He won't to need to specify servername as it should default anyways, but that should not cause an issue but you never know, you certainly have an odd one. I also disable and IPV6 and reg hack it as you have done so I know it won't be that.
Is it possible that you try this yourself rather than taking thier word for it? -
Optionsjibbajabba Member Posts: 4,317 ■■■■■■■■□□He won't to need to specify servername as it should default anyways, but that should not cause an issue but you never know, you certainly have an odd one. I also disable and IPV6 and reg hack it as you have done so I know it won't be that.
Is it possible that you try this yourself rather than taking thier word for it?
Oh I am not just taking their word for it .. He received the details of the server (we are a hosting company) and that was it .. Then he sent an email complaining about it and I saw it myself as I tried to login myself without luck .. I had to login to the console and reboot the server in order to be able to login myself ... Plus the 2008R2 server is my own personal RRAS box with only me using it so it makes me think that SOMETHING I do is causing it, I just don't know what.My own knowledge base made public: http://open902.com -
OptionsMojo_666 Member Posts: 438Oh I am not just taking their word for it .. He received the details of the server (we are a hosting company) and that was it .. Then he sent an email complaining about it and I saw it myself as I tried to login myself without luck .. I had to login to the console and reboot the server in order to be able to login myself ... Plus the 2008R2 server is my own personal RRAS box with only me using it so it makes me think that SOMETHING I do is causing it, I just don't know what.
Maybe build up a box and do 1 change at a time trying to rdp in after each change to see what it could be? -
Optionsjibbajabba Member Posts: 4,317 ■■■■■■■■□□Maybe build up a box and do 1 change at a time trying to rdp in after each change to see what it could be?
Was thinking that, but it only happens once / twice a day so it could be a looooooooooong testMy own knowledge base made public: http://open902.com -
OptionsMrAgent Member Posts: 1,310 ■■■■■■■■□□Look in the Local Computer Policy>Computer Configuration>Windows Settings>Security Settings>User Rights Assignments and check the settings for Allow log on through Terminal Services.
-
OptionsDevilsbane Member Posts: 4,214 ■■■■■■■■□□Look in the Local Computer Policy>Computer Configuration>Windows Settings>Security Settings>User Rights Assignments and check the settings for Allow log on through Terminal Services.
Are you in the administrator group?Decide what to be and go be it. -
OptionsMojo_666 Member Posts: 438Look in the Local Computer Policy>Computer Configuration>Windows Settings>Security Settings>User Rights Assignments and check the settings for Allow log on through Terminal Services.
I think he would know if this had been messed with tbh. -
Optionsjibbajabba Member Posts: 4,317 ■■■■■■■■□□Look in the Local Computer Policy>Computer Configuration>Windows Settings>Security Settings>User Rights Assignments and check the settings for Allow log on through Terminal Services.Devilsbane wrote: »Are you in the administrator group?
As mentioned above - this is a fresh install with JUST the administrator as user and the Administrator is indeed in the administrator group
Also as mentioned, the problem appears only every now and then .. An error in the policy settings would affect every single login and not random logins once / twice per dayI think he would know if this had been messed with tbh.
Yea Although sometimes you never know - I am sure everybody had really nasty facepalm moments lol
But again, this is different as this is an install as clean as a whistle ....Would be a lot easier if I could just reproduce the problem. I might really have to do one thing at a time and HOPE I run into the same issue.My own knowledge base made public: http://open902.com -
Optionsshampy_garg Registered Users Posts: 4 ■□□□□□□□□□Read this link
Windows Server 2008 R2 Remote Desktop - The requested session access is denied
Just check out RDP properties and goto security tab and see if admin user and Remote user has the access to it
Have you tried to run mstsc /admin /v:<servername> or <Server ip address> to do an RDP console login?
mstsc /admin replaces the old mstsc /console -
OptionsDevilsbane Member Posts: 4,214 ■■■■■■■■□□As mentioned above - this is a fresh install with JUST the administrator as user and the Administrator is indeed in the administrator group
Which one is the fresh install? The computer you are sitting at or the one you wish to get into?Decide what to be and go be it.