TS Configuration Permission

Discussion:

(too old to reply)

Mike

2005-10-28 16:09:10 UTC

I have recently built a 2003 TS.
To allow users to connect, I added a security group to the Remote Desktop
Users group. This allowed users to connect initially, then later they could
not connect. To overcome this I removed the group from the Remote desktop
Users group and added it directly to the permissions tab in the Terminal
Services configuration tab. Again this worked initially, but stops working
after a reboot of the server. By removing the group, from the Terminal
Services Configuration tab, clicking apply and re-adding the group it starts
to work again! But only until another reboot.
The server is registered with a licence server, per device.
What am I doing wrong?

Vera Noest [MVP]

2005-10-28 20:15:43 UTC

Permalink

I have a vague recollection of one single other post with the exact
same issue. But of course, I don't remember the details, and there
are no easy keywords to search for.
Seem to remember that there was some strange trust / AD structure /
low level domains problem involved.

How is your domain setup?
Is there anything in the EventLog?

Have you checked if you have a GPO in place which makes the Remote
Desktop Users group a restricted group? Although then the users
would have lost their membership completely, on the next refresh of
the GPO, so this is unlikely to be the cause

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

Post by Mike
I have recently built a 2003 TS.
To allow users to connect, I added a security group to the
Remote Desktop Users group. This allowed users to connect
initially, then later they could not connect. To overcome this I
removed the group from the Remote desktop Users group and added
it directly to the permissions tab in the Terminal Services
configuration tab. Again this worked initially, but stops
working after a reboot of the server. By removing the group,
from the Terminal Services Configuration tab, clicking apply and
re-adding the group it starts to work again! But only until
another reboot. The server is registered with a licence server,
per device. What am I doing wrong?

Mike

2005-10-31 10:33:16 UTC

Permalink

Although there is a two way trust with a legacy NT4 domain the users and
group in question are in the AD domain which is very simple.
There are no restricted groups in the domain.
The server in question is a member server.
The licence server appears to be issuing temporary licences instead of the
built-in licences?

Post by Vera Noest [MVP]
I have a vague recollection of one single other post with the exact
same issue. But of course, I don't remember the details, and there
are no easy keywords to search for.
Seem to remember that there was some strange trust / AD structure /
low level domains problem involved.
How is your domain setup?
Is there anything in the EventLog?
Have you checked if you have a GPO in place which makes the Remote
Desktop Users group a restricted group? Although then the users
would have lost their membership completely, on the next refresh of
the GPO, so this is unlikely to be the cause
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

Vera Noest [MVP]

2005-10-31 15:16:12 UTC

Permalink

OK, I should have asked this immediately:
what exactly do you mean with "stopped working"? Is there an error
message? Is there anything in the EventLog?

An about the Licensing Server: did you install permanent TS CALs
on it? If so, which type, Per User or Per Device?
If Per User, is the Terminal Server (not the Licensing Server!)
set to use "Per User" licensing? The default is "Per Device".
You can check this from Administrative Tools - Terminal Services
Configuration - Server Settings - Licensing Mode
If it's set to Per Device mode, it will look for a Device TS CAL
and will not issue your Per User TS CALs.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*

Post by Mike
Although there is a two way trust with a legacy NT4 domain the
users and group in question are in the AD domain which is very
simple. There are no restricted groups in the domain.
The server in question is a member server.
The licence server appears to be issuing temporary licences
instead of the built-in licences?

Post by Vera Noest [MVP]
I have a vague recollection of one single other post with the
exact same issue. But of course, I don't remember the details,
and there are no easy keywords to search for.
Seem to remember that there was some strange trust / AD
structure / low level domains problem involved.
How is your domain setup?
Is there anything in the EventLog?
Have you checked if you have a GPO in place which makes the
Remote Desktop Users group a restricted group? Although then
the users would have lost their membership completely, on the
next refresh of the GPO, so this is unlikely to be the cause
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

Post by Mike
I have recently built a 2003 TS.
To allow users to connect, I added a security group to the
Remote Desktop Users group. This allowed users to connect
initially, then later they could not connect. To overcome
this I removed the group from the Remote desktop Users group
and added it directly to the permissions tab in the Terminal
Services configuration tab. Again this worked initially, but
stops working after a reboot of the server. By removing the
group, from the Terminal Services Configuration tab, clicking
apply and re-adding the group it starts to work again! But
only until another reboot. The server is registered with a
licence server, per device. What am I doing wrong?

Mike

2005-11-04 15:34:03 UTC

Permalink

My fault,

This was a GPO at a higher level OU.

Post by Vera Noest [MVP]
what exactly do you mean with "stopped working"? Is there an error
message? Is there anything in the EventLog?
An about the Licensing Server: did you install permanent TS CALs
on it? If so, which type, Per User or Per Device?
If Per User, is the Terminal Server (not the Licensing Server!)
set to use "Per User" licensing? The default is "Per Device".
You can check this from Administrative Tools - Terminal Services
Configuration - Server Settings - Licensing Mode
If it's set to Per Device mode, it will look for a Device TS CAL
and will not issue your Per User TS CALs.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*

Post by Vera Noest [MVP]
I have a vague recollection of one single other post with the
exact same issue. But of course, I don't remember the details,
and there are no easy keywords to search for.
Seem to remember that there was some strange trust / AD
structure / low level domains problem involved.
How is your domain setup?
Is there anything in the EventLog?
Have you checked if you have a GPO in place which makes the
Remote Desktop Users group a restricted group? Although then
the users would have lost their membership completely, on the
next refresh of the GPO, so this is unlikely to be the cause
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

Post by Mike
I have recently built a 2003 TS.
To allow users to connect, I added a security group to the
Remote Desktop Users group. This allowed users to connect
initially, then later they could not connect. To overcome
this I removed the group from the Remote desktop Users group
and added it directly to the permissions tab in the Terminal
Services configuration tab. Again this worked initially, but
stops working after a reboot of the server. By removing the
group, from the Terminal Services Configuration tab, clicking
apply and re-adding the group it starts to work again! But
only until another reboot. The server is registered with a
licence server, per device. What am I doing wrong?

Vera Noest [MVP]

2005-11-04 20:38:54 UTC

Permalink

OK, no problem. Glad you got it solved.
Case closed, then.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

Post by Mike
My fault,
This was a GPO at a higher level OU.

Post by Vera Noest [MVP]
what exactly do you mean with "stopped working"? Is there an
error message? Is there anything in the EventLog?
An about the Licensing Server: did you install permanent TS
CALs on it? If so, which type, Per User or Per Device?
If Per User, is the Terminal Server (not the Licensing Server!)
set to use "Per User" licensing? The default is "Per Device".
You can check this from Administrative Tools - Terminal
Services Configuration - Server Settings - Licensing Mode
If it's set to Per Device mode, it will look for a Device TS
CAL and will not issue your Per User TS CALs.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*

Post by Mike
Although there is a two way trust with a legacy NT4 domain
the users and group in question are in the AD domain which is
very simple. There are no restricted groups in the domain.
The server in question is a member server.
The licence server appears to be issuing temporary licences
instead of the built-in licences?

Post by Vera Noest [MVP]
I have a vague recollection of one single other post with
the exact same issue. But of course, I don't remember the
details, and there are no easy keywords to search for.
Seem to remember that there was some strange trust / AD
structure / low level domains problem involved.
How is your domain setup?
Is there anything in the EventLog?
Have you checked if you have a GPO in place which makes the
Remote Desktop Users group a restricted group? Although then
the users would have lost their membership completely, on
the next refresh of the GPO, so this is unlikely to be the
cause
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
wrote on 28 okt 2005 in

Post by Mike
I have recently built a 2003 TS.
To allow users to connect, I added a security group to the
Remote Desktop Users group. This allowed users to connect
initially, then later they could not connect. To overcome
this I removed the group from the Remote desktop Users
group and added it directly to the permissions tab in the
Terminal Services configuration tab. Again this worked
initially, but stops working after a reboot of the server.
By removing the group, from the Terminal Services
Configuration tab, clicking apply and re-adding the group
it starts to work again! But only until another reboot.
The server is registered with a licence server, per
device. What am I doing wrong?