Re: Non-Admins can't logon to 2kServer in App-Svr mode

From: Aimme Lirette MSFT (alirette_at_online.microsoft.com)
Date: 04/12/04


Date: Mon, 12 Apr 2004 10:41:05 -0500

Do you know if there was a security template or anything locking down the
system applied?

You can run security configuration and analysis to determine the current
system security settings, and reset any default settings that have been
changed by using this tool as well:
http://support.microsoft.com/?id=266118

It appears this is most likely some type of permission problem on the
machine, if you have another terminal server that works compare permissions
on the two and see if that makes a difference.

Thank you!
Aimme Lirette

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
"AerinsDad" <anonymous@discussions.microsoft.com> wrote in message
news:80E3F97C-5B70-4F9B-B0FC-9F2514B4C82D@microsoft.com...
> I have not been able to connect to my Win2000 Terminal Server unless I use
an admin account.
>
> This error is diplayed in the GUI:
> The system can not log you on. The specified module could not be found.
>
> This error appears in my *Application* Event properties
> Login rejected for SERVERNAME\username. Unable to obtain Terminal  Server
User Configuration. Error: The specified module could not be found.
>
> The Security log reports a successful login.
>
> MY CONFIGURATION:
> Server = Win2000, workgroup mode
>
> Terminal Server
>  Mode = Application Mode
>  Permission Compatiability = Win2000 users
>  License pack installed
>
> Clients = XP, 2000, Mac OSX (same result)
> username = TEST
> TEST is member of TermServUsers, account is active
> TermServUsers can "Log on Locally"
> TermServUSers have "Permissions" via RDP-Tcp Properties
>
> Ad nauseum...
> Terminal Services = Started, Auto
> Terminal Services Licensing = Started, Auto
> RDP-Tcp Properties
>   Client settings = use connection settings from user settings
>   Logon settings =use client provided logon information
>   Remote control = no remote control
> Security Log Succes log =
> Account Used for Logon by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>  Account Name: test
>  Workstation: servername
> LAN Manager Authentication Level = Send NTLMv2 response only\refuse LM.
> Firewalls disabled for testing.
> reviewed GPO's, nothing seems to conflict.
>
> I have tried multiple configurations options wherever possible, same
result.  I heard that only admins can connect while in Remote Access mode,
but I haven't seen any documention, plus I am running in App Server mode
anyway.
>
> Anyone know what I am missing here???
>
>
>