RE: Remote Desktop not working after SP1
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Wed, 05 Apr 2006 08:06:26 GMT
Hi John,
Thanks for using the SBS newsgroup.
From your description, I understand the issue to be: remote users can notaccess domain computers through RWW sit with error message "local policy of
this system does not permit you to logon interactively". If I am off base,
please don't hesitate to let me know.
Can I confirm with you that you have follow KB 886620 to add the Remote
Desktop Users group to the "Allow log on through Terminal Services" right?
"The local policy does not permit you to logon interactively" error message
when users try to connect to a Windows Small Business Server 2003-based
computer by using the Remote Desktop client
http://support.microsoft.com/?id=886620
Let us perform the following tests to isolate the issue:
I. Please verify the RWW site settings:
1. Open IIS snap-in.
2. Go to Default Web Site/Remote.
3. Right click Remote and click Properties.
4. Click Directory Security tab.
5. Click Edit under "Authentication and access control".
6. Make sure that the "Enable anonymous access" and "Integrated Windows
Authentication" have been checked.
7. Click Edit under "IP address and domain name restriction".
8. Make sure that "Granted access" has been selected.
9. Click Edit under "Secure communications".
10. Make sure that "Require secure channel (SSL)" and "Require 128-bit
encryption" have been checked.
For RWW, please also check the following settings:
1. On the server, open Server Management console, locate Users node, right
click the user account and click Properties
2. Under Terminal Services profile tab, make sure that the "Deny this user
permissions to logon to terminal server" option is uncheck.
3. Under Member Of tab, make sure that the "Remote Web Workplace Users"
group is in the list.
Then please run command "iisreset" (no quotation marks) to restart the IIS
server, then please test to connect one computer from RWW site. What is the
result?
II. If the issue persists, please check the following article to see if it
helps.
841188 "The local policy of this system does not permit you to logon
interactively" error message when you try to log on to a computer that is
running Windows Small Business Server 2003 by using an Administrator account
http://support.microsoft.com/?id=841188
III. If the issue persists, please double check the following group policy
settings:
1. Run command "gpmc.msc" (no quotation marks) to launch the Group Policy
Management, locate the Default Domain Policy, right click to choose Edit
item to open the Group Policy Object Editor.
2. Go to Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment.
3. Double click the "Access this computer from the network" policy and make
sure the following groups are listed:
Administrators
Everyone
Power Users
Users
4. Double click the "Allow logon through Terminal Services" policy and make
sure the following groups are listed:
Administrators
Remote Desktop Users
5. Check the "Deny access to this computer from the network" policy and
make sure the groups mentioned above are NOT listed.
6. Check the "Deny logon locally" policy and make sure the groups mentioned
above are NOT listed.
7. Check the "Deny logon through Terminal Services" policy and make sure
the groups mentioned above are NOT listed.
8. Check the "Log on locally" policy and make sure the following groups are
listed:
Administrators
Guest
Power Users
Users
9. Close the "Gourp Policy" window.
If you change any settings, you need run command to refresh group policy:
10. Click Start->Run, type "gpupdate /force" (without the quotes) and click
OK.
Then please test the issue again, what is the result?
If the issue persists, please help me collect ISA info and firewall log for
analyze.
Use the ISAinfo utility to collect the ISA configuration information:
a. Download the file from the following URL:
http://www.isatools.org/isainfo/ISAInfo.zip
b. Extract all files to a folder on ISA server
c. Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
d. Please send these files to me at v-yanniw@xxxxxxxxxxxxx
Gather the ISA Web Proxy and Firewall service logs when reproducing the
problem:
1). Enable the full Web Proxy/firewall logging option:
a. Open ISA 2004 management console.
b. Expand the server node and highlight ''Monitoring''.
c. In the right pane, switch to the ''Logging'' tab, make sure the ''Task
Pane'' is showed there.
d. In the ''Task Pane'', click ''Configure Web Proxy Logging'' under
''Logging Tasks'', and then switch the ''log storage format'' from ''MSDE
database'' (default) to ''File''.
e. Switch to the ''Fields'' tab, and then click ''Select All''.
f. Click OK, and then click ''Apply'' to save changes and update the
configuration.
g. Click ''Configure Firewall Logging''. Do step d~f to enable the full
logging options for firewall logging.
2). Prepare to take the trace:
a. Temporarily stop the Firewall service to clear the current existing W3C
logs: Monitoring->Services tab, and then right click ''Microsoft Firewall''
to choose ''Stop''.
b. Go to the log saving directory and clean any existing .W3C logs. By
default, the logs will be saved to ''C:\Program Files\Microsoft ISA
Server\ISALogs''. (Some MDF may not be able to deleted, that''s normal.)
c. Go back to the ISA 2004 management console, and then Start the stopped
''Microsoft Firewall'' service.
Reproduce the problem:
a. Go to the external client computer. Try to access the RWW web site.
b. Go back to the ISA server. Stop the ''Microsoft Firewall'' service. Open
Windows Explorer, navigate to the ISA log file folder. Collect the recent
w3c files. Save them to a zip package as ''isalogs.zip''. Start the
''Microsoft Firewall'' Service.
c. Send the zip packages to me at v-yanniw@xxxxxxxxxxxxx
Please compress the files and mail to my working mailbox:
v-yanniw@xxxxxxxxxxxxx
More information:
289289 Remote Desktop Connection "The Local Policy of This System Does Not
http://support.microsoft.com/?id=289289
Hope above information helps! I am happy to be of assistance to you and
look forward to your reply.
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Remote Desktop not working after SP1(except
thread-index: AcZX6+C8cpCDItx/Sl+cWWUDcdIFIw==
X-WBNR-Posting-Host: 81.187.166.185
From: =?Utf-8?B?Sm9obiBIaXJzdA==?= <John Hirst@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Remote Desktop not working after SP1
Date: Tue, 4 Apr 2006 06:30:02 -0700
Lines: 20
Message-ID: <92DF64BA-77E0-4F96-8192-56DD453CD5C7@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:257970
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.sbs
Hi,
I have just put all the compoents of SBS 2003 service pack 1 premium
the SQL, as we don't run SQL).space.
However we can't access the remote desktops now, through remote work
We can logon to the remote workspace, and choose which client PC topconnect
to, but when the user logs we get an error: "local policy of this systemdoes
not permit you to logon interactively".
I re ran the Internet connection wizard, and confirmed that it is set to
allow remote desktop & remote web wrokspace.
I have checked to make sure the remote desktop users group is in the
security settings "allow logon through terminal services" (as KB ID 88620)
which it is, buit the problem is still there.
The administrator can access the remote desktops.
This has only started after installing the updates.
.
- Follow-Ups:
- RE: Remote Desktop not working after SP1
- From: John Hirst
- RE: Remote Desktop not working after SP1
- Prev by Date: RE: Can ISA be configured to block all outbound SMTP except from SBS server?
- Next by Date: Re: RWW Disconnecting
- Previous by thread: Re: Server Management
- Next by thread: RE: Remote Desktop not working after SP1
- Index(es):
Relevant Pages
|
