Re: HELP !!! User cannot log into the Terminal Server

From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 18 Feb 2007 11:41:52 -0600

Make sure that the user has the user right for logon locally in the security
policy of the Windows 2000 Server either explicitly or by group membership
and is not a member of any group that has deny logon locally for that
Windows 2000 Server. Logon locally user right is needed in Windows 2000 as
Windows 2000 does use the user right allow logon through terminal services
like Windows 2003 does. Enabling auditing of privilege use for failure on
the Windows 2000 TS should also show if there are problems with user rights
via security log entries for failure when the user tries to logon to the TS.
I would also check to make sure that the Windows 2000 TS is still a domain
member in good standing by running the support tool netdiag on it to see if
any problems are reported for DNS, dc discovery, secure channel/trust, etc
because if it is not then is can not authenticate domain user accounts. Can
any user logon to that Windows 2000 TS?? Another possibility is to check the
RDP permissions via administrative tools/terminal services
configuration/right click RDP-tcp and select properties/permissions to see
if the needed users/groups have the proper permisisons.

Steve

"Alvin Lau" <Alvin Lau@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:583C58A3-1AF7-4DE2-B799-C89D660B6EBF@xxxxxxxxxxxxxxxx

Hi,
We got 3 Servers. one Domain controller (win2k), one Terminal Server 1
(win2k), and one Terminal Server 2 (w2k3).

This is my question:
I created a new user (A) in AD, with all permission for terminal services.
when i use user A to log into TS1 (win2k), it will give me an error
message
said "The system could not log you on. Make sure your User name and domain
are correct..."

But when i try to use the same username and password to log into TS2
(W2k3),
he can login successfully.

I did check the TS1 (w2k) event logs, and it gave me event ID 529 (unknown
username and password).

I did try to copy / create a new user to test, but it still gave me the
same
result.

Does anyone know what causing this problem and how to fix it? I cant
create
a new user to use TS1 anymore.

Thank you.

Prev by Date: Re: display last login and unsuccessful login attempts
Next by Date: Re: HELP !!! User cannot log into the Terminal Server
Previous by thread: Re: Cannot open Windows Firewall
Next by thread: Re: HELP !!! User cannot log into the Terminal Server
Index(es):
- Date
- Thread

Relevant Pages

SecurityFocus Microsoft Newsletter #154
... MICROSOFT VULNERABILITY SUMMARY ... ISS RealSecure Server Sensor SSL Denial Of Service Vulnerabi... ... Roger Wilco Remote Server Side Buffer Overrun Vulnerability ... available for Microsoft Windows operating systems. ...
(Focus-Microsoft)
Re: KRB Error
... I'm heading out the door for the day, but there is something tickling the back of my brain about differences with Authenticated Users from Windows 2000 to 2003. ... server of Domain A) as an Domain Administrator. ... Member servers on Domain A cannot access resources on Domain B. ...
(microsoft.public.win2000.active_directory)
Re: Log on Interactively
... The server is a Windows 2003 Enterprise Edition Server ... I added the Remote Desktop Users group to the permissions tab with the User ... I then added the Terminal Services User group that I had ...
(microsoft.public.windows.terminal_services)
SecurityFocus Microsoft Newsletter #49
... Subject: SecurityFocus Microsoft Newsletter #49 ... Microsoft Windows NNTP Denial of Service Vulnerability ... Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability ... Microsoft ISA Server H.323 Memory Leak Denial of Service... ...
(Focus-Microsoft)
Re: Please Help!
... Windows 2000 Terminal Services Licensing FAQ ... Q. What licenses are required to run Terminal Services in Windows ... required to run applications on a Windows 2000 Server via Terminal ...
(microsoft.public.win2000.termserv.apps)