Cannot Login : Must be a member of RDU

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Guys,

I cannot figure out whats going here...or what had happened. I have a test
TS Server with TS (Application Server Mode) installed and running on grace
period. I believe it is still within grace period and I get no errors in
event logs....

Now for some strange reason, the only way I can log onto this machine today
is intiating mstsc /console.

If I try and do a normal RDP to it... no go... i get the 'you must be a
member of the remote desktop users group to be able to logon and this must be
done manually'.. thats fine.... so I I have a couple groups in their anyway
(including domain admins not that I need it because domains admins is part
of local admins group... please correct me if i;m wrong?). My user account is
a memeber of these groups... I have even added my domain account directly to
the Remote Desktop Users group... done a gpudate... rebooted as well...

Nothing else i believe going on here. I have checked local policy to ensure
allow logon via terminal services and its set to Administrators and Remote
Desktop Users. I have checked the Deny policy also... and no one in there...

There is a single domain level gpo configured which runs an addAdmin script
which puts a certain AD group into all Servers Local Admins groups... nothing
else going on there...

All i know is, a couple of months ago, this was fine... and today I cant
seem to get into it. Its not used much so not sure when this issue started
happening. It isn't critical to get it back so quick (and I can always
rebuild it!)... but its simply annoying me as to why this machine will not
allow TS Sessions to connect in and only the one console connections. Somehow
need to backtrack what has happened and fix it... and would like understand
whats going on...

Any pointers would be great?

Lozza...
.

Relevant Pages

  • Re: Domain Admins Group -- Trying to trim membership
    ... very trusted and competent people being domain admins. ... a qualified regular domain user by managing AD object permissions. ... server, installing a Certificate Authority, etc. usually are not done every ... controllers are only domain controllers running DNS and not also a print, ...
    (microsoft.public.win2000.security)
  • Re: Password Problem with Server Login
    ... We periodically reboot our server and had ... login with the Administrator account like we usually do and the ... We also tried an account ... however we have other users who are members of the "Domain Admins". ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain Admins Group -- Trying to trim membership
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... number of domain admins you have so it makes sense to have a rather small ... Such tasks could be creating and managing user and computers accounts, ... In a larger network I would think that domain controllers are ...
    (microsoft.public.win2000.security)
  • Re: Can not log on to domain controller remotely or locally.
    ... Be aware that the higher you place this setting within the domains group policy the possibility exists it is applied to machines you may not want it applied to. ... With this in mind you should try and avoid this setting at the domain level, with the exception on the domain admins group. ... policy since the default Server 2003 password policy is pretty harsh. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Logon Using Terminal Services GPO
    ... How to be administrator of the DC Server without being domain admins? ... I created a test account, only member of the builtin administrators groups. ... modify domain admins members & co. ...
    (microsoft.public.windows.server.security)