I have a brand new Remote Desktop Server running on a Windows 2012 R2 server.  I followed the instructions on this site https://msfreaks.wordpress.com/2013/12/09/windows-2012-r2-remote-desktop-services-part-1\ to configure.  So far it works great when I connect from a machine inside our network.  I can connect with any user account.  However, when I connect from a remote machine, whether on the internet or from a machine connected with the sonicwall VPN client, only the administrator can log in.  I know that it is not a firewall issue because if it was, the administrator would not be able to log in either.

I have created a security group called RemoteDesktopUsers (without spaces to differentiate from the built in group) and made that group a member of the built in Remote Desktop Users.  I have added the correct people to the group RemoteDesktopUsers.  This allows them to log in from a local machine, but they still cannot log in from a remote machine.  I have tried everything I can think of, and nothing seems to work.  Any help will be greatly appreciated.

Phil Goldwasser

Hi Phil,

How may user you want to get access simultaneously?
Does this issue happens with all users?
Do you have enough CAL to get access to user?

For remote desktop to any server for normal user, need to have RDS Cal configured to get access (either Per User or Per Device) depends on your requirement. Server can only allow 2 remote connection for administration purpose only. Apart also see whether there is any option selected for limiting number of simultaneous connection. 

You can go through point 1 from below article.
Remote Desktop disconnected or cant connect to remote computer or to Remote Desktop server (Terminal Server) that is running Windows Server 2008 R2
http://support.microsoft.com/en-us/kb/2477176

Hope it helps!

Thanks.

Hi.  Thanks for responding.  Unfortunately these issues I have dealt with already.  I have 15 CALs installed so that is not the issue.  I created a group in AD called RemoteDesktopUsers (without spaces) and added all of the users to that group.  Then I added that group to the local RD server's Remote Desktop Users Group, and I checked in system > remote tab > to make sure everything was listed there as well.  It all checks out.  The AD group policy does not limit connections and the AD group above is the only group that the GPO is applied to.

Here is some more data that I have put together in trying to solve this:

More info on this. I CAN connect to the RD server from other locations. Not everywhere, but somewhere. I was at another client office and I was able to connect from there without issue. Then I did a test. While I was connected from the other office, I connected to my home pc via LogMeIn and then I was able to connect tot this RD server from home, but only with the same user who I logged in from this other office! Very weird. I could then log any user in from this other office and after that log in, I could log that user in from my home. However, from my home I could still not log in any other user. Once I switch to a different user (first from the other office and then from my home) then no other user could log in from my home. Finally I did a test from the location that this will be used.

This is a NYC showroom for a company based in NJ. There is a site to site VPN running and the NY people can log into the old 2003 terminal server without issue. When they try to log into the new RD server, they have the same problem I have from home, despite them being on a site to site VPN and using the internal ip address of the RD server.

I can RDP from a Windows 2003 server (I have tried multiple servers and they all work) but I CANNOT RDP from an XP machine. With the XP machine, I can RDP and get to the login screen of the RD server but I get an error saying that the username or password is incorrect.

Any help you can give will be most appreciated!

Phil

Hi Phil,

It seems facing issue with XP machine to remote session server 2012 R2. Please verify which version of RDP you are using, we need to have RDP 7.1 for windows XP. Also if you cant connect from outside office with specific network, then check whether the required RDP port is opened or not used by other application. 

Also please follow the below registry setting for enabling NLA on client side.
1. Click Start, click Run, type regedit, and then press ENTER.
2.  In the navigation pane, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Exit Registry Editor.
9. Restart the computer.

More information.
a. Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3
b. Windows XP RDP Clients Cant Connect to RDS on Server 2012

Hope it helps!

Thanks.

Hi,

Thanks for posting in Windows Server Forum.

As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as Answered as the previous steps should be helpful for many similar scenarios.If the issue still persists, please feel free to  reply this post directly so we will be notified to follow it up.

BTW,  wed love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

Thanks for your Support & understanding.

Regards.