Event 1219 errors on Windows 2003 for terminal services

[JM]

Hi,

I installed terminal services on a windows 2003 member server. The users who
are members of the administrators group can log in successfully.However
members of the remote desktop group cannot log in and then I keep getting
the following error in the event log on the a Windows 2003 box:
Logon rejected for DOMAIN/USERNAME. Unable to obtain Terminal Server User
Configuration. Error: The specified domain either does not exist or could
not
be contacted.
Any idead what I might be doing wrong?

 

[Vera Noest [MVP]]

Check this error on EventID.net:

http://www.eventid.net/display.asp?eventid=1219&eventno=2848
&source=Winlogon&phase=1

I believe that this error occurs when the profile can not be
located or read.

 

[Guest]

Hi Vera,

The profiles are not roaming , they are all local.
It works perfectly when I add these users to the administrator group.the
moment i remove them, they cannot access the terminal server. Is there any
additional right that I need to give. I cannot grant admin access to all the
users.

Thanks for all your help,vera!!

 

[Vera Noest [MVP]]

Strange. Have you checked the permissions on the C:\Documents and
Settings folder on the TS? Are users able to create their local
profile there?

I would download FileMon and RegMon from
http://www.sysinternals.com/. Run them as administrator and try to
start a TS session as a normal user.

FileMon and RegMon will show you all "access denied" errors
that occur, maybe that will show you the cause of the problem.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

 

[Guest]

Hi Vera,

Checked the permission on c:\docs and settings. Gave the "remote desktop
users" group modify access to it.
I installed filemon and regmon.The error says "access denied to domain\user
for a registry key
the key is HKLM/System/CurrentControlSet001/Control/ComputerName
It says
11206 2:53:24
PM winlogon.exe:2688 OpenKey HKLM\SYSTEM\ControlSet001\Control\ComputerName ACCDENIED domain\usename

Do i need to make any registry entry? There were no related entries in
filemon.

I had a normal user log on and the same error mesage on logon "system cannot
log you on.access is denied.please try again and contact your sys admin".The
event log has the same id 1219.

Its amazing how these problems vanish the moment i add them to the
administrator group.

 

[Vera Noest [MVP]]

There is no such thing as CurrentControlSet001

ControlSet001 is the last ControlSet you booted the server with.
CurrentControlSet is usually a pointer to ControlSet001 (if you
didn't boot from LastKnownGood).

The HKLM/System/ControlSet001/Control/ComputerName
registry key contains the computername, and the standard
permissions give normal users Read permissions on this key. And
that's all they should have.
Have you checked the permissions on the registry key?
If users can't Read this key, it would explain your problem. But
the question then becomes: how and why has the permissions been
changed on the registry key?

--
Vera Noest
MCSE,CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
*----------- Please reply in newsgroup -------------*

 

[Guest]

Vera,

The registry permission seemed fine but just to check it out, I added a user
to it and had him log on.Then he got a new error about system procedure.

Then I checked the users local groups and found that no one was there, so I
added these users in.It worked !!!!

Vera, thanks for all your help!!!

 

[Vera Noest [MVP]]

Aaah! A less-than-obvious cause for the problem. Glad you got it
solved!

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---