Apologies for the cross post, but on reflection I think my issue would be better served in General Windows rather than RDP since it would not appear to be an RDP issue at heart. One of my clients Win2008R2 servers has decided to act rather strangely this morning and I'm struggling to make sense of it. This server is a Member server on an SBS2003 domain. Its primarily used as a Terminal Server for Remote Web Access and Remote Desktop Access. All has been working well until now. We are unable to connect to any shared resources remotely. Remote App's via the Remote Desktop Services Webpage still log in and run fine. Also cannot login directly to a domain pc via the rdp client with the rd gateway details all setup. The event log shows constant 4625 errors (NULL SID 0xc000018d). I tried removing and setting up new RD CAP/RAP policies and here is where it gets interesting, it will not let me add Domain user groups. I go through the process, select the group etc but when I click OK the group does not go into the box as selected. I ended up selecting the local Remote Desktop Users Group. Same goes with the RAP Policy, I could bring up and select domain computer groups fine but when clicking OK it would not add to the policy. I setup a local resources group instead adding PC's manually as a test. Acting on a hunch I checked out the Remote Desktop Users group on the 2008R2 Member server and saw that instead of the Domain\Mobile Users Group being a member of that group it displayed the SID number instead. I manually re-added a particular user and saw domain\username (SID) come up. I added another user and not only did I get domain\username (SID) but the previous user I added became just a SID and lost the domain\username. So, I think all my issues on this Member server boil down to the fact it appears to be unable to enumerate the domain users and groups info....even though when you run through the wizard to add users and groups it comes up fine in there. I am pretty sure this is also why we get 4625 errors when trying to access local resources remotely. Any help would be greatly appreciated as this is driving me nuts ;)

What was the functional level of of the domain and forest when the 2008 R2 server was added? I hate to say this, but if it was a 2000 domain when joined, I would try disjointng the 2008 R2 member server from the domain, raising the forest and domain functional levels to 2003 server, and joining the domain again.

Hi, Thank you for your post here. Like what you have suspected, it seems that there are issues on Active Directory. To troubleshoot the issue: 1. First of all, please make sure the SBS 2003 domain works as expected without any error. You may run DCdiag and NetDiag on the SBS server verify the AD functionality. Do any other client computer\member servers exprience the same issue in the domain? 2. If the AD domain works well, please check how it works if you reset the security channel between the server and the DC. Or have test to re-join the server.

All good now people. As suggested the solution was to remove the server from the Domain and re-add it. All working 100% now - cheers for all your suggestions ;)