admin cannot log on remotely sbs2003 r2

Discussion in 'Windows Small Business Server' started by robc, Jun 29, 2011.

  1. robc


    Jun 29, 2011
    Likes Received:
    A few weeks ago I replaced a couple of workstations with new computers. Afterwards I needed to enable remote connections on them. However before I figured out that was the actual root cause of the problem I was having logging on via RDP, I made several changes late at night and did not take careful notes so I could back out the changes not needed. I wanted to be able to log on as one of the user accounts remotely on his office workstation to know exactly what he was seeing if other problems arose.

    After a few days I rebooted the server (sbs2003 r2) and found I could no longer RDP as administrator to the server or any of the client computers though I can RDP using any of the standard user accounts including one that has local admin on one of the workstations. I can still log on to the server from the server console itself but when I try to log on remotely, say from home, I get this message:
    To log on to this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop User group or another group that has this right, or if the Remote Desktop User group does not have this right, you must be granted
    this right manually

    Because it did not show up until after a reboot a few days later (via RDP) and then I couldn't log on without receiving the message above. And today I went in and rebooted the server from its console so I'm pretty sure this related to the server not fully booting when done via RDP as I've heard can happen.

    Really think it's one of the changes I made while groping for a solution to the original problem. I am thinking I added Administrator to a group (maybe Remote Desktop Users another one) - have to check this in person. I also recall trying to change something to do with TS licensing (maybe adding the server's ip address as the licensing server) when that isn't needed when we need only the number of TS/RDP connections that come with SBS.

    Finally, I may have made a change to a GPO and that may be the root of this issue - could the above changes been made via GPO instead of ADUC and that could account for the effect showing up following a reboot? It's a very small shop that was setup by someone else years ago with what were probably pretty much out of the box defaults. Is there any way to get a picture of the difference between the defaults and what I have, both GPO and Users/Groups?

    Fortunately nothing else seems to have been broken by this elephant in the china shop but I would really like to be able to administer things remotely as I could previously. Any help or clues you can offer would be much appreciated!

    robc, Jun 29, 2011
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.