LKBEN10636: Problems for users trying to log on to a Terminal Server / Presentation Server
Symptom
Error messages upon logging on
Cause
Several Settings and Permissions
Solution
If you try to logon to a Citrix Presentation Server or a MS Terminalserver with a non-administrative account and you get the following message:
"To log on to this remote computer, you must have Terminal Server User Access permissions on this computer. By default, members of the Remote Desktop Users group have these permissions. If you are no a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually."
This can have several causes:
1) The Terminalserver does not operate in Applicationserver Mode.
Windows Server 2003 runs Terminalservices for Adminstration purposes by default. This is limited by max. 2 Connections per server (+ the console session) for only local administrators.
--> Install Terminalservices. This can be done via the "configure your server" wizard or through "add / remove programs" - "windows components" in control panel.
2) Although it should not cause the above message, check also if a Terminalserver license server exists in the network an that it's functional.
3) Check your local group "Remote Desktop Users" (right click "My Computer" --> "Manage" - "Local users and groups" - "Groups"):
it must contain (non-administrative-) group- or user accounts which should be allowed to connect via Terminalservices. This could be done by using a domain group.
Administrators need not to be listed here, since administrators are allowed to connect via rdp anyway.
4) Check "Local Security Policy" - "Local Policies" - "User Rights Assignment" - Allow "Log on locally" and "Allow Log on through Terminal Services" must be enabled for the account/group in question.
For W2k3 Server the "Log on Locally" right should not be necessary, since it's needed for connection to the console - but check on it, if you're not sure.
5) The local policy mentioned in 4) might be locked / configured through a domain policy. In this case, you need to configure the same settings in the according domain policy or make sure, the GPO is not applied to your server.
6) In an Active Directory environment, make sure, the users are not denied "user permissions to log on to any Terminal Server" in "Terminal Services Profile" Tab of the user properties.
7) Check your security event log settings; if the event log is full, it might prohibit further user-logons.
-------- This should suffice a MS Terminal Server; the following part refers to a Citrix Presentation Server ----------------
8) Make sure, a Citrix License Server is installed, operational and connection licenses are installed.
The corresponding error message might be "You require to install Citrix license before connect to Server. Only Administrator can connect to server without Citrix licenses"...
9) Open "Terminalserviceconfiguration" Tool (tscc.msc) - "Connections" - Edit ICA-TCP connection - Select "Advanced" - Make sure "Only Run Published Applications" option is unchecked. Repeat the same for RDP-TCP connection, it will have a "Citrix"-Tab after Installation of Citrix Presentation Server.
Disclaimer:
The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!About the Author
Author: - Keskon GmbH & Co. KG
Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.