"Do not have access to logon to this session"


G

Guest

Howdy!

I have a Windows 2003 R2 domain managed via Group Policy with something over
100 client machines as members. We've recently implemented VPN access and
the long term plan is to implement a solid Terminal Server infrustructure.
In the mean time, though, I'm attempting to get access for folks working from
home to Remote Desktop on their Windows XP Pro SP2 machines here at the
office. I do have Windows Firewall enabled on the clients here in the
office, which is also managed via Group Policy. I've double and triple
checked policy settings (ports for the firewall, user account flags, & the
policy for Remote desktop itself) but I must be missing something somewhere.

Here's the problem - Users (standard Domain Users in Active Directory) can
connect to the VPN, fire up Remote Desktop and connect\logon to their
machines here at the office on the first try, no problems at all. Upon
finishing up and selecting the "Logoff" option, the Remote Desktop session on
their end closes as expected - But when any of them attempt to reconnect to
their machines via Remote Desktop again later they get an error stating, "You
do not have access to logon to this Session". This persists until their
machine here at the office is rebooted. I enabled the "Disconnect" option
via Group Policy and they are then able to disconnect and reconnect for a
period of time - But I really need them to log off the machines when they are
done so this is a band-aid solution at best.

Checking the process list on the machines when a user logs off remotely
shows that there are two WinLogon.exe processes running afterward - Is this
causing the Remote Desktop software to get confused in some way? There is no
"session" I can see beyond this second instance, unless the user uses the
disconnect option - But then they can reconnect just fine.

Any thoughts on the problem would be most welcome!
Thanks!

Gregg Knapp
 
Ad

Advertisements

S

Sooner Al [MVP]

Gregg Knapp said:
Howdy!

I have a Windows 2003 R2 domain managed via Group Policy with something
over
100 client machines as members. We've recently implemented VPN access and
the long term plan is to implement a solid Terminal Server infrustructure.
In the mean time, though, I'm attempting to get access for folks working
from
home to Remote Desktop on their Windows XP Pro SP2 machines here at the
office. I do have Windows Firewall enabled on the clients here in the
office, which is also managed via Group Policy. I've double and triple
checked policy settings (ports for the firewall, user account flags, & the
policy for Remote desktop itself) but I must be missing something
somewhere.

Here's the problem - Users (standard Domain Users in Active Directory) can
connect to the VPN, fire up Remote Desktop and connect\logon to their
machines here at the office on the first try, no problems at all. Upon
finishing up and selecting the "Logoff" option, the Remote Desktop session
on
their end closes as expected - But when any of them attempt to reconnect
to
their machines via Remote Desktop again later they get an error stating,
"You
do not have access to logon to this Session". This persists until their
machine here at the office is rebooted. I enabled the "Disconnect" option
via Group Policy and they are then able to disconnect and reconnect for a
period of time - But I really need them to log off the machines when they
are
done so this is a band-aid solution at best.

Checking the process list on the machines when a user logs off remotely
shows that there are two WinLogon.exe processes running afterward - Is
this
causing the Remote Desktop software to get confused in some way? There is
no
"session" I can see beyond this second instance, unless the user uses the
disconnect option - But then they can reconnect just fine.

Any thoughts on the problem would be most welcome!
Thanks!

Gregg Knapp

I suggest posting this to the microsoft.public.windows.terminal_services
news group.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375
 
Ad

Advertisements

G

Guest

Will do - Thanks.

Gregg

Sooner Al said:
I suggest posting this to the microsoft.public.windows.terminal_services
news group.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top