I have server 2003 and use remote desktop connection every day to log into it from different locations. But yesterday all of a suddern it wont let me. I get the error message:To log on to this remote computer, you must have Terminal Server User Access permissions on this computer. By default, members of the Remote Desktop Users group have these permissions. If you are not a member of the Remote Desktop Users Group or another group that has these permissions, or if the Remote Desktop Users group does not have these permissions, you must be granted these permissions manuallyI did find someone else who had the same problem. They suggested this: First, add the user to the "Remote Desktop Users" group, and retry. If that does not solve it, try this, adding the "Remote Desktop Users" group to the permission tab of TS Configuration: -From Administrative Tools, select Terminal Services Configuration. -Click on the Connections folder. -Right-click on RDP-Tcp connection, -select properties and click on the Permission tab. -Add the "Remote Desktop Users" group and click OK. But this did not work either.Can any one help?

Hello,is the server domain member, then use the remote desktop user group in AD. Also you have to set user right assignment setting "Allow logon through Terminal Services"Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Hi SteveT79, Thanks for hosting here, Based on your description, I understand that you have a problem with accessing to Windows server 2003 through remote desktop. For your reference, here is some checkpoints for the server to help you troubleshoot this issue. Double check the user is in servers remote access list. Click Control Panel, System, select Remote option. To see if the user is in Select Remote Users. Type "Secpol.msc" into "Start Menu"- > "Run". - Navigate to [Local Security Settings\Local Policies\User rights Assignments\Allow log on through Terminal Services Properties] control. - Check the policy whether it contains the "Remote Desktop Users" group. By default, The "Remote Desktop Users" group should be exist except its a domain controller. Type "Rsop.msc" into "Start Menu" -> "Run". This will open "Resultant Set of Policy" which will show you the Group Policy settings that have been applied to the machine and user. - Navigate to [Computer Configuration\Windows Settings\Security Settings\Local Policies\User rights Assignments\Allow log on through Terminal Services Properties] control. - Check the policy whether it contains the "Remote Desktop Users" group. If a domain group policy has configured this right and your account is not granted the permission, please open the corresponding domain group policy in Group Policy Editor and grant your account or group that you are a member this right. If the issue persistsyou may run GPMCs group policy result report for and send the report to us for analyzing.1.Download GPMC snap-in from the following link. http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887 2.Install GPMC snap-in on your domain controller.3.Start GPMC via typing gpmc.msc into Start Menu Run, right click the Group Policy Results, chose Group Policy Results Wizard, select which server name and user name that you want to run. 4.Save the report file to a html file. Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file and then give us the download address. Wilson Jia - MSFT

Hello, I have exactly the same problem, and am unable to solve it with all methods you suggested... :( Here is the link of Group Policy Results exported report, for the user and the server concerned: http://cid-cd4568e190313c8b.skydrive.live.com/self.aspx/Public/eskelqawin%20on%20ma-preprod.htm Would you have any explanation ? Thanks for your help, Regards. Rmi

Hi Remi, Thank you for your update. Could you provide the error message youve got? If you got the same error message as Steve which is To log on to this remote computer, you must have Terminal Server User Access permissions on this computer. By default, members of the Remote Desktop Users group have these permissions. If you are not a member of the Remote Desktop Users Group or another group that has these permissions, or if the Remote Desktop Users group does not have these permissions, you must be granted these permissions manually. Its better to double check whether the logon users are in the remote desktop users group of TS servers Local Users and Groups. Because the Remote desktop Users group is a Local user group for the computer, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer using Terminal Services. In addition, you can also add the AD security group into it.Wilson Jia - MSFT

Hello Wilson, Thanks for your answer. The user was in the local Remote desktop Users group. A GPO applied this setting, and I could verified it by connecting a MMC 'Computer Management' to the server, remotely. I also authorized users to connect to this server by Terminal Services, in the same GPO. Still the same error. After thaht, I disabled the GPO and tried to add directly the user in the local Remote desktop Users group with the remote MMC 'Computer Management'. Still the same thing... Any idea ? Thanks for your help Rmi

Hi Rmi, Thanks for your response. According to your description, please answer the following questions to narrow down the root cause of this issue. 1.Did your TS GPO setting work for these users before?2.Did you install any Service Pack recently on the problematic server? If yes, please uninstall and reinstall it, then try the remote desktop again. You can also add the following settings into your TS GPO settings. - Enabled "Allow login using Terminal Services" for Administrators & Authenticated Users.- Enabled "Allow logon locally" for Administrators & Authenticated Users. Hope this will help you solve the issue.

Wilson, 1. My GPO settings used to work before the TS role installation 2. No service pack were installed before TS role installation : the server has always been Windows Server 2003 Standard R2 with Service Pack2 I added the settings you suggest, and will tell you in a moment if it's OK, but last time I already added Administrators in these 2 policies, without any success :(

I had problem of licenses. Not finding the licences server A Windows Server 2003-based terminal server in a forest cannot obtain a license from a license server in a different forest.View: http://support.microsoft.com/kb/279561To select a specific license server, follow these steps, and then quit Registry Editor. Click Start, click Run, type regedit, and then click OK. Locate and then click the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters On the Edit menu, point to New, and then click Key. Name the new key "LicenseServers" Locate and then click the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters\LicenseServers For each licensing server to which you would like to point the Terminal Services server, point to New on the Edit menu, and then click Key. Name the new key "ServerName" where ServerName is the NetBIOS name of the license server that you want to use, and then press ENTER. Note The new key name can be any of the following designations that represent the license server: The NetBIOS name of the server The fully qualified domain name (FQDN) of the server The IP Address of the server Restart your computer

I finally found what was the problem when I opened a remote "Computer management" MMC to view event logs of the server: somebody already installed the Terminal Services role and the 120 days of grace period licensing was over...So I had no more licenses... The error message was really unclear, but everything is OK now it's the most important :) Thanks all for your help ;)