Unable to log on to term servers from specific clients

  • Thread starter Thread starter Brent
  • Start date Start date
B

Brent

Hi Everyone,


I'm having some strange logon problems with Windows Terminal Services.
My company is running a couple of Windows 2000 terminal servers in a
Windows 2000 domain with Active Directory. The licensing server is also
a Windows 2000 domain controller. Most of our users log on to these
servers through Neoware thin clients, many of them from locations
throughout the US. Recently, a group of thin clients (four of them) from
one location suddenly could not log on to either of our servers. They
could connect, and get a logon prompt, but when they typed in the
username and password the following error popped up:

"The system could not log you on. Make sure your User name and domain
are correct, then type your password again. Letters in passwords must be
typed using the correct case. Make sure that Caps Lock is not
accidentally on."


We tried different domain accounts on those same clients, none of which
worked. However, these accounts worked from other locations' thin
clients and standalone PC's. Thus, the problem seems to stem from using
the specific clients at that location. They have one standalone PC that
will allow them to log on via Remote Desktop.

Nothing appears in the terminal servers' event logs that coincides with
the logon attempts, although we don't have security auditing set up.

I thought it might be an issue with Terminal Services Licensing--
something we've experienced before--and came upon the following article:
http://support.microsoft.com/kb/q253292/. However, according to the
licensing server we have enough licenses. Also, in past occurrences a
client is usually not even able to connect if there is a problem with
licensing. In this case, the client will connect, but upon attempting to
log on the user is rejected.

I also checked the article: http://support.microsoft.com/?kbid=290706,
which describes problems with automatic log on. But we don't use the
auto log-on feature.

I'm curious as to how the thin clients communicate/send information over
to the terminal server. Is the mac address of the client recorded by the
licensing server? If a client does not have a valid license, would the
server then reject any domain account that tried to log on? Not sure how
it works. It's strange that users have logon problems only on those
specific thin clients.

Thanks in advance for any clues!

Brent
 
Aha! I have the very same problem in the past
Make sure those users are in a group that has the ability to "log on
locally"
If they are not there...
Under your terminal server ou where your gpo is defined edit the policy and
give that group the right to log on locally

Try it out and let me know!
Neplitude
 
Hi! Thanks for your response.

We've sorted it out and it's something we should have checked early on,
but your suggestion would probably have worked.

Usually, when users connected to one of our terminal servers, they would
be set up to log on to the domain. This time, however, their default
logon was set to the local computer, and they had to click on the Options
and drop down box to switch it, after which they could then log on.

This was strange because the thin clients had always logged them onto the
domain but something changed their settings. We had a slight problem last
Friday where the PDC was not responding to pings (host unknown). The
problem could be related to our internal DNS setup, but then that's for
another newsgroup.

Thanks nevertheless.
 
Back
Top