Re: Trouble with TS Admin over RDP

I was finally able to solve my own problem. It seems I thought it would be a
good idea to set the Terminal Services service to automatic inside my Group
Policy instead of configuring it manually on all my servers. I noticed that
every time GP would update, the RDP Listener would disappear. When I
configured the Group Policy setting for Terminal Services to Not Configured,
the problem resolved itself.

Still not sure what the deal is with that behavior, but figured I'd post my
results in case anyone else has the same "bright idea" I did.

"Saint027" wrote:

I can wait 'till monday. Unless the problem miraculously disappears. Either
way, its all good, right? :)

I've already removed the network service rights. I did notice a drop in the
number of Event 560 Failure Audits when I did that though. Interesting ...

"Trust No One®" wrote:


"Saint027" <Saint027@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6C5CABE0-F648-46A2-B9B8-0DA1A8EC658A@xxxxxxxxxxxxxxxx
OK, I granted Full Control access to the Terminal Services Service to the
Network Service account. Still no joy. It works temporarily, but does
not
survive the reboot.

Darn!

The reason I said hmmm.. in my previous post ns that we been through a
similar problem with our Windows 2003 SP1 DMZ servers, which as it happens
are locked down via the High Security baseline policy. I posted about this a
few weeks back and had planned to raise a fault with Microsoft PSS. None of
the servers in our internal network exhibited the problem and I'm sure it is
related to the High Security GPO.

The terminal services listener refused to start up on rebooting the server.
It could be re-instated (until the next reboot) by simply running the
"gpupdate" command. I devised a temporary workaround of implementing a
start-up script on each server which contained the gpupdate command.

I spent ages looking into this and eventually got it all working and so did
not need to contact PSS. Unfortunately I committed the cardinal sin of not
fully documenting my troubleshooting steps :( my bad!

If you can wait until Monday when I'm next into work I'll go through my
notes and collate the changes I made.

BTW I wouldn't recommend granting the Network Service full control to the
terminal services service. Read access should be sufficient.

--
Peter <X-Files fan>




.

Relevant Pages

  • Re: Trouble with TS Admin over RDP
    ... the servers in our internal network exhibited the problem and I'm sure it is ... It could be re-instated (until the next reboot) by simply running the ... start-up script on each server which contained the gpupdate command. ... BTW I wouldn't recommend granting the Network Service full control to the ...
    (microsoft.public.windows.terminal_services)
  • Re: Anyone having TS problems since the latest round of Security Hotfixes?
    ... server not listening after reboot). ... Windows 2003 SP1 servers in our DMZ. ... on reboot of the server Terminal Services does not ... Microsoft High Security Baseline Member server policy. ...
    (microsoft.public.windows.terminal_services)
  • Re: Auto-Updates for production servers
    ... the servers up to date. ... the 'you need to reboot your server now' ... to terminal services, we are prompted to reboot because of auto-updates. ... on for production servers, but rather they should push them out with admin ...
    (microsoft.public.windows.server.general)
  • Re: Restarting Windows 2003 server via terminal server connection
    ... This issue started for me after I had been using the Remote Desktops MMC snap ... Servers reboots ok and the terminal server connection is fine. ... is crucial to SBS functionality--I patch and reboot my SBS ... Your Terminal Services Security Website ...
    (microsoft.public.windows.terminal_services)
  • Re: terminal server that hands out licenese to other servers..
    ... I have 100 servers. ... And I have 19 Terminal Services licenses. ... No CALs ...
    (microsoft.public.windows.terminal_services)