A
Anton Panyushkin
I've got Windows 2003 Forest running in native Windows 2003 Mode.
And there are two domains in this forest, tied via trunsitive trusts,
let me call them the first domain and the second one. All the servers
belonging to the first domain have Windows Terminal Server enabled and
are running in Remote Administration Mode.
A few users of the second domain have administrative privileges in the
first domain and are able to log on server of the first domain via
Terninal Service.
Sometimes (approximately during one logon from ten) these users unable
to log on Terminal Servers. The following message appears on the
user's screen during unsuccessfull user logon:
Unable to obtain Terminal Server User Configuration. Error: Access is
denied.
After several attemps to log on server users finally are able to log
on successfully.
I've examined System Log of Terminal Server and found the following
event
Event ID: 1219
Source: Winlogon
Logon rejected for SECONDDOMAINNAME\Username. Unable to obtain
Terminal Server User Configuration. Error: Access is denied.
Also there are following events in system log
Event ID: 1054
Source: Userenv
Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy
processing aborted.
Event ID: 1000
Source: Userinit
Could not execute the following script Proxy.bat. The system cannot
find the file specified.
(You see there's a script we use to configure proxy server
configuration on workstations during userlogon and it's called
proxy.bat.)
The last two events appear in System Log during every Terminal Service
user logon regardless if this logon complited successfully or not.
I also have to remark that not all domain controllers of the second
domain are reachable from servers of the first domain, it's a routing
issue.
I examined MS KB and eventid.net and didn't get the real cause of this
error.
What should I do to get rid of this error and let users to logon
without any obstacles.
And there are two domains in this forest, tied via trunsitive trusts,
let me call them the first domain and the second one. All the servers
belonging to the first domain have Windows Terminal Server enabled and
are running in Remote Administration Mode.
A few users of the second domain have administrative privileges in the
first domain and are able to log on server of the first domain via
Terninal Service.
Sometimes (approximately during one logon from ten) these users unable
to log on Terminal Servers. The following message appears on the
user's screen during unsuccessfull user logon:
Unable to obtain Terminal Server User Configuration. Error: Access is
denied.
After several attemps to log on server users finally are able to log
on successfully.
I've examined System Log of Terminal Server and found the following
event
Event ID: 1219
Source: Winlogon
Logon rejected for SECONDDOMAINNAME\Username. Unable to obtain
Terminal Server User Configuration. Error: Access is denied.
Also there are following events in system log
Event ID: 1054
Source: Userenv
Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy
processing aborted.
Event ID: 1000
Source: Userinit
Could not execute the following script Proxy.bat. The system cannot
find the file specified.
(You see there's a script we use to configure proxy server
configuration on workstations during userlogon and it's called
proxy.bat.)
The last two events appear in System Log during every Terminal Service
user logon regardless if this logon complited successfully or not.
I also have to remark that not all domain controllers of the second
domain are reachable from servers of the first domain, it's a routing
issue.
I examined MS KB and eventid.net and didn't get the real cause of this
error.
What should I do to get rid of this error and let users to logon
without any obstacles.