Cannot rdp into Domain controllers

Tutorials Win: Microsoft Windows Forum

I had a 2003 domain with a 2003 & 2000 domain controller. I ran dcpromo on
the 2000 box and demoted it to a member server. I then ran adprep /forestprep
on the 2003 domain controller and then I ran dcpromo on a Windows 2003 R2 box
and made it a domain controller.

I can no longer rdp into either domain controller with domain administrator
credentials. I see a security event 534 when I try and I also get this
message interactively:

"To log on to this remote computer, you must be granted the Allow log on
through Terminal Services right. By default, members of the Remote Desktop
Users group have this right. If you are not a member of the Remote Desktop
Users group or another group that has this right, or if the Remote Desktop
User group does not have this right you must be granted this right manually."

--
Mike Bannister
Top

Re: Cannot rdp into Domain controllers by Meinolf

Meinolf
Fri May 02 11:12:20 PDT 2008

Hello Mike,

See inline

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I had a 2003 domain with a 2003 & 2000 domain controller. I ran
> dcpromo on the 2000 box and demoted it to a member server. I then ran
> adprep /forestprep on the 2003 domain controller and then I ran
> dcpromo on a Windows 2003 R2 box and made it a domain controller.

Both DC's where domain controller on the same domainname? Normally it is
not possible to add 2003 DC to 2000 without running adprep /forestprep BEFORE,
so please give more details in which order you started for this. Sound s
for me a bit strange the way you described.

> I can no longer rdp into either domain controller with domain
> administrator credentials.

If the DC was added to the 2000 domain, i assume, before correctly it should
still work. See my other comment above, something strange.

> I see a security event 534 when I try and I
> also get this message interactively:
>
> "To log on to this remote computer, you must be granted the Allow log
> on through Terminal Services right. By default, members of the Remote
> Desktop Users group have this right. If you are not a member of the
> Remote Desktop Users group or another group that has this right, or if
> the Remote Desktop User group does not have this right you must be
> granted this right manually."

Seems that the domain administrator is not able, because of some problems
in the domain configuration.


Top

Re: Cannot rdp into Domain controllers by mbannist

mbannist
Fri May 02 11:28:00 PDT 2008

It was and is a 2003 domain which had a 2003 domain controller as well as a
2000 domain controller. I demoted the 2000 box to a member server.

I then ran adprep /forestprep in order to add a Windows 2003 R2 server to
the Windows 2003 domain as a domain controller. It is my understanding that
some schema changes were necessary in order to add an R2 to a 2003 domain.

One other curious side effect is that OWA is not working on the R2 domain
controller which is also running Exchange 2003? When you point browser to
http://servername/exchange it returns an partially constructed page?


--
Mike Bannister


"Meinolf Weber" wrote:

> Hello Mike,
>
> See inline
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > I had a 2003 domain with a 2003 & 2000 domain controller. I ran
> > dcpromo on the 2000 box and demoted it to a member server. I then ran
> > adprep /forestprep on the 2003 domain controller and then I ran
> > dcpromo on a Windows 2003 R2 box and made it a domain controller.
>
> Both DC's where domain controller on the same domainname? Normally it is
> not possible to add 2003 DC to 2000 without running adprep /forestprep BEFORE,
> so please give more details in which order you started for this. Sound s
> for me a bit strange the way you described.
>
> > I can no longer rdp into either domain controller with domain
> > administrator credentials.
>
> If the DC was added to the 2000 domain, i assume, before correctly it should
> still work. See my other comment above, something strange.
>
> > I see a security event 534 when I try and I
> > also get this message interactively:
> >
> > "To log on to this remote computer, you must be granted the Allow log
> > on through Terminal Services right. By default, members of the Remote
> > Desktop Users group have this right. If you are not a member of the
> > Remote Desktop Users group or another group that has this right, or if
> > the Remote Desktop User group does not have this right you must be
> > granted this right manually."
>
> Seems that the domain administrator is not able, because of some problems
> in the domain configuration.
>
>
>
Top