SOLVED

Remote Desktop Connection from RDS Broken

Copper Contributor

We have an 2012 R2 Remote Desktop Services setup.  One RDWEB Broker with three RDS servers.  We have had a connection for vendors to connect to the RDS session and then RDC to a 2012 server with SQL on it.  It has worked fine up until March 14 2017.  Since then the users are receiving;

 

"To sign in remotely, you need the right to sign in through Remote Desktop Services.  By default, members of the Remote Desktop Users group have this right.  If the group you're in doesn't have this right, or of the right has been removed from the Remote Desktop Users group, you need to be granted this right manually."

 

The users are in a Security Group to allow them access to the SQL server.  That group is in the Remote Desktop Users group on the server hosting SQL.  Again, nothing has changed as for as group or it's members.

 

In event viewer on the server hosting SQL says;

Event ID: 1149

Remote Desktop Services: User authentication succeeded:

 

User: xxxxxxx

Domain: xxx

Source Network Address:

 

There are no other event viewer entries of failure or rejection.

 

However, the users that were in the "Allow log on through Remote Desktop Services" local security policy on the server hosting SQL, before the Server joined the domain, can get through.

4 Replies

Hello,

 

If i am correct you are using a RDS connection broker? Did you check the events on the connection broker (Applications and Services logs\Microsoft\Windows\TerminalServices-RemoteConnectionManager)?

 

Regards,

 

Erwin

Erwin,

 

Thanks for your response.  At your suggestion I checked the broker server Event Viewer and the last entry for that connection was;

 

Event ID: 818

This connection request has resulted in a successful session logon (User successfully logged on to the end point). Remote Desktop Connection Broker will stop monitoring this connection request.

 

There is a follow up entry on the SQL that sequences just like any connection with no errors that ends the same way.  Then the user gets the error in the first post.

 

Thanks for taking the time to respond.

 

Craig 

best response confirmed by Service Department (Copper Contributor)
Solution
Found the answer. Ended up being a Group Policy for a drive mapping that controlled the SQL's hosted server's local remote "Allow log on through Remote Desktop Services" local security policy. Ran a RSoP and did the troubleshooting from there.

Again, thank you Erwin for taking the time to respond.

Good to hear you found the problem, and no problem always nice to help someone.

 

Have a nice weekend,

 

Erwin

1 best response

Accepted Solutions
best response confirmed by Service Department (Copper Contributor)
Solution
Found the answer. Ended up being a Group Policy for a drive mapping that controlled the SQL's hosted server's local remote "Allow log on through Remote Desktop Services" local security policy. Ran a RSoP and did the troubleshooting from there.

Again, thank you Erwin for taking the time to respond.

View solution in original post