HELP !!! User cannot log into the Terminal Server

G

Guest

Hi,
We got 3 Servers. one Domain controller (win2k), one Terminal Server 1
(win2k), and one Terminal Server 2 (w2k3).

This is my question:
I created a new user (A) in AD, with all permission for terminal services.
when i use user A to log into TS1 (win2k), it will give me an error message
said "The system could not log you on. Make sure your User name and domain
are correct..."

But when i try to use the same username and password to log into TS2 (W2k3),
he can login successfully.

I did check the TS1 (w2k) event logs, and it gave me event ID 529 (unknown
username and password).

I did try to copy / create a new user to test, but it still gave me the same
result.

Does anyone know what causing this problem and how to fix it? I cant create
a new user to use TS1 anymore.

Thank you.
 
S

Steven L Umbach

Make sure that the user has the user right for logon locally in the security
policy of the Windows 2000 Server either explicitly or by group membership
and is not a member of any group that has deny logon locally for that
Windows 2000 Server. Logon locally user right is needed in Windows 2000 as
Windows 2000 does use the user right allow logon through terminal services
like Windows 2003 does. Enabling auditing of privilege use for failure on
the Windows 2000 TS should also show if there are problems with user rights
via security log entries for failure when the user tries to logon to the TS.
I would also check to make sure that the Windows 2000 TS is still a domain
member in good standing by running the support tool netdiag on it to see if
any problems are reported for DNS, dc discovery, secure channel/trust, etc
because if it is not then is can not authenticate domain user accounts. Can
any user logon to that Windows 2000 TS?? Another possibility is to check the
RDP permissions via administrative tools/terminal services
configuration/right click RDP-tcp and select properties/permissions to see
if the needed users/groups have the proper permisisons.

Steve
 
R

Roger Abell [MVP]

I agree with Steve's advice

check to make sure that the Windows 2000 TS is still a domain
member in good standing by running the support tool netdiag on it

as the error message you report indicates that, if the login attempt
was done correctly indicating domain, the TS cannot access its DCs
for authentication.

Can any domain account log into that TS server?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain authentication issues ... 9
Logon Scripts _ Urgent Help! 1
Is this a bug in ?: Operator, the addition does not perform as expected 8
Domain Admin cannot log on interactively 5
Terminal Services (Administration mode) Security 3
IP address in security event log? 2
terminal services log 1
Windows 2003 terminal server 1

Top