Prev: Server stuck on "Installing update 1 of 3...Please do not power off"
Next: Windows 2008 R2 Loading
From: Selçuk Hüner on 16 Sep 2009 21:45
Hello,

I am running SBS 2008 Premium with 50 clients XP Pro. All latest service
pack installed on two server.
first Server SBS 2008, Second Server windows 2008 additional dc and SQL
Server and added terminal server role.
We need to use our branch office Line of business application on Terminal
Server on second server.
i have to configure second server follow this procedures.
http://technet.microsoft.com/tr-tr/library/dd469602(en-us,WS.10).aspx

Now i need to allow some user have access to terminal server. But i cant do
it.
i try to add user Remote Desktop User group, could not login
i try to add user Terminal Server Configuration properties, could not login
i try to add user System Properties Remote Tab, could not login....
when i try to connect Terminal Server (Second Server) with
domain\terminal.test user
the message appears: you need to have a logon terminal server right on
terminal service,
Remote desktop user group have a access by default, ..... (i translate it
from turkish)
I Get error on Event viewer id 4625

But when i add "terminal.test" user "administrators" group, user can login
terminal server.
so this is very high risk for me but its running,
i want to add remote desktop group and allow user login terminal server.
how can i do this ?


Best Regards...


Here is Event ID Details

Event's Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2009-09-17T01:34:55.492Z" />
<EventRecordID>1136778</EventRecordID>
<Correlation />
<Execution ProcessID="632" ThreadID="1272" />
<Channel>Security</Channel>
<Computer>SQLSERVER.domain.local</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">SQLSERVER$</Data>
<Data Name="SubjectDomainName">DOMAIN</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">terminal.test</Data>
<Data Name="TargetDomainName">DOMAIN</Data>
<Data Name="Status">0xc000015b</Data>
<Data Name="FailureReason">%%2308</Data>
<Data Name="SubStatus">0x0</Data>
<Data Name="LogonType">10</Data>
<Data Name="LogonProcessName">User32 </Data>
<Data Name="AuthenticationPackageName">Negotiate</Data>
<Data Name="WorkstationName">SQLSERVER</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x460</Data>
<Data Name="ProcessName">C:\Windows\System32\winlogon.exe</Data>
<Data Name="IpAddress">fe80::4026:935c:26d7:3b04</Data>
<Data Name="IpPort">40131</Data>
</EventData>
</Event>

From: Merv Porter [SBS-MVP] on 16 Sep 2009 22:44
I believe this is what you want...

Add the domain users to the Remote Desktop Users Group on the Terminal
Server. Alternately, create a security group on the SBS server that
includes the domain user accounts who need access to the TS and then add
that group to the Remote Desktop Users Group on the Terminal Server

Adding Users to the Remote Desktop Users Group
http://www.techotopia.com/index.php/Windows_Server_2008_Terminal_Services#Adding_Users_to_the_Remote_Desktop_Users_Group

--
Merv Porter [SBS-MVP]
============================

"Sel�uk H�ner" <selcuk(a)selcukhuner.com> wrote in message
news:5BF1B481-FDE6-43E5-9302-E28C6831BCF0(a)microsoft.com...
> Hello,
>
> I am running SBS 2008 Premium with 50 clients XP Pro. All latest service
> pack installed on two server.
> first Server SBS 2008, Second Server windows 2008 additional dc and SQL
> Server and added terminal server role.
> We need to use our branch office Line of business application on Terminal
> Server on second server.
> i have to configure second server follow this procedures.
> http://technet.microsoft.com/tr-tr/library/dd469602(en-us,WS.10).aspx
>
> Now i need to allow some user have access to terminal server. But i cant
> do it.
> i try to add user Remote Desktop User group, could not login
> i try to add user Terminal Server Configuration properties, could not
> login
> i try to add user System Properties Remote Tab, could not login....
> when i try to connect Terminal Server (Second Server) with
> domain\terminal.test user
> the message appears: you need to have a logon terminal server right on
> terminal service,
> Remote desktop user group have a access by default, ..... (i translate it
> from turkish)
> I Get error on Event viewer id 4625
>
> But when i add "terminal.test" user "administrators" group, user can login
> terminal server.
> so this is very high risk for me but its running,
> i want to add remote desktop group and allow user login terminal server.
> how can i do this ?
>
>
> Best Regards...
>
>
> Here is Event ID Details
>
> Event's Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> <System>
> <Provider Name="Microsoft-Windows-Security-Auditing"
> Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
> <EventID>4625</EventID>
> <Version>0</Version>
> <Level>0</Level>
> <Task>12544</Task>
> <Opcode>0</Opcode>
> <Keywords>0x8010000000000000</Keywords>
> <TimeCreated SystemTime="2009-09-17T01:34:55.492Z" />
> <EventRecordID>1136778</EventRecordID>
> <Correlation />
> <Execution ProcessID="632" ThreadID="1272" />
> <Channel>Security</Channel>
> <Computer>SQLSERVER.domain.local</Computer>
> <Security />
> </System>
> <EventData>
> <Data Name="SubjectUserSid">S-1-5-18</Data>
> <Data Name="SubjectUserName">SQLSERVER$</Data>
> <Data Name="SubjectDomainName">DOMAIN</Data>
> <Data Name="SubjectLogonId">0x3e7</Data>
> <Data Name="TargetUserSid">S-1-0-0</Data>
> <Data Name="TargetUserName">terminal.test</Data>
> <Data Name="TargetDomainName">DOMAIN</Data>
> <Data Name="Status">0xc000015b</Data>
> <Data Name="FailureReason">%%2308</Data>
> <Data Name="SubStatus">0x0</Data>
> <Data Name="LogonType">10</Data>
> <Data Name="LogonProcessName">User32 </Data>
> <Data Name="AuthenticationPackageName">Negotiate</Data>
> <Data Name="WorkstationName">SQLSERVER</Data>
> <Data Name="TransmittedServices">-</Data>
> <Data Name="LmPackageName">-</Data>
> <Data Name="KeyLength">0</Data>
> <Data Name="ProcessId">0x460</Data>
> <Data Name="ProcessName">C:\Windows\System32\winlogon.exe</Data>
> <Data Name="IpAddress">fe80::4026:935c:26d7:3b04</Data>
> <Data Name="IpPort">40131</Data>
> </EventData>
> </Event>


From: Miles Li [MSFT] on 17 Sep 2009 06:42


Hello,

Thank you for posting here.

According to your description, I understand that:

The domain users cannot login TS on the SBS 2008 second server.

If I have misunderstood the problem, please don't hesitate to let me know.

First of all, I'd like to know how users in the branch office connect to
the TS on the SBS 2008 second server.

If remote users connect to the TS via RWW, please make sure that the Domain
Users Group (default setting) is granted properly permission in
CAP(connection authorization policies) and RAP(resource authorization
policies) in the TS gateway manager.

If remote users connect to the TS via MSTSC directly, please collect the
following information for further investigation:
1. On the TS server, export the settings in User Right Assignment that
contains the "Allow logon through Terminal Services" and "Deny logon
through Terminal Services".
2. On the TS server, run "Whoami /groups" to list the group membership of
the test user account.
3. You may send the output to me at v-mileli(a)microsoft.com.

If you have any questions or concerns, please do not hesitate to let me
know.




Best regards,

Miles Li

Microsoft Online Newsgroup Support

==================================================================
Please post your SBS 2008 related questions to the SBS newsgroup on Connect
website:
https://connect.microsoft.com/sbs08/community/discussion/richui/default.aspx


Please post your EBS related questions to the EBS newsgroup on Connect
website:
https://connect.microsoft.com/ebs08/community/discussion/richui/default.aspx


If you want to use a newsreader other than a web forum to access these
newsgroups,
please refer to the following blog to apply NNTP password and configure a
newsreader:
http://msmvps.com/blogs/bradley/archive/2008/11/02/signing-up-for-the-sbs-20
08-newsgroups.aspx
==================================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
==================================================================

 | 
Pages: 1
Prev: Server stuck on "Installing update 1 of 3...Please do not power off"
Next: Windows 2008 R2 Loading