Terminal Services on Domain Controller

  • Thread starter Thread starter Jeff Yana
  • Start date Start date
J

Jeff Yana

Dear List-

I have two DCs in a root forest domain in which I have lost the ability to
connect using RDP. It all started when I mistakenly choose to modify User
Access Rights in the Default Domain Controller GPO. I have reset the Default
Domain Controller User Access Rights back to the defaults, but with no
results. I have even tried removing the DCs from their default OU, refreshing
their GPOs, but again with no results. As best as I can recall, the only
setting that I originally modified was adding the default Administrator user
to the Deny logon using TS setting.

Any suggestions on how best to troubleshoot this issue? As a non-MS user, I
find Window's poor logging functionality very frustrating and bewildering.

Thanks.
 
Since the cause of the problem has nothing to do with TS, you will
probably get better help in a GPO newsgroup, like
microsoft.public.windows.group_policy

I'm not sure what kind of logging you are looking for. From the OS
point of view, nothing is wrong, it's simply configuring the server
according to the settings in the GPO. So it won't log this as an
error. If you want to, you can check that this is true:

221833 - How to enable user environment debug logging in retail
builds of Windows
http://support.microsoft.com/?kbid=221833

Interpreting Userenv log files
http://technet2.microsoft.com/WindowsServer/en/Library/ccd7b430-
99a5-40fd-b68a-6c1979e565a21033.mspx

I expect that you will find an entry for your failed attempts to
logon in the Security part of the EventLog on the server (assuming
that you have enabled auditing of security events).

By the way, Windows administrators usually make a backup of a GPO
before modifying it :-)
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?SmVmZiBZYW5h?= <JeffYana@discussions.microsoft.com>
wrote on 01 jun 2008 in
microsoft.public.windows.terminal_services:

> Dear List-
>
> I have two DCs in a root forest domain in which I have lost the
> ability to connect using RDP. It all started when I mistakenly
> choose to modify User Access Rights in the Default Domain
> Controller GPO. I have reset the Default Domain Controller User
> Access Rights back to the defaults, but with no results. I have
> even tried removing the DCs from their default OU, refreshing
> their GPOs, but again with no results. As best as I can recall,
> the only setting that I originally modified was adding the
> default Administrator user to the Deny logon using TS setting.
>
> Any suggestions on how best to troubleshoot this issue? As a
> non-MS user, I find Window's poor logging functionality very
> frustrating and bewildering.
>
> Thanks.
 
Back
Top