We have an 2012 R2 Remote Desktop Services setup. One RDWEB Broker with three RDS servers. We have had a connection for vendors to connect to the RDS session and then RDC to a 2012 server with SQL on it. It has worked fine up until March 14 2017. Since then the users are receiving;
"To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you're in doesn't have this right, or of the right has been removed from the Remote Desktop Users group, you need to be granted this right manually."
The users are in a Security Group to allow them access to the SQL server. That group is in the Remote Desktop Users group on the server hosting SQL. Again, nothing has changed as for as group or it's members.
In event viewer on the server hosting SQL says;
Event ID: 1149
Remote Desktop Services: User authentication succeeded:
Source Network Address:
There are no other event viewer entries of failure or rejection.
However, the users that were in the "Allow log on through Remote Desktop Services" local security policy on the server hosting SQL, before the Server joined the domain, can get through.
Found the answer. Ended up being a Group Policy for a drive mapping that controlled the SQL's hosted server's local remote "Allow log on through Remote Desktop Services" local security policy. Ran a RSoP and did the troubleshooting from there.
Again, thank you Erwin for taking the time to respond.