Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Only Domain Admins Can Open Sessions

Status
Not open for further replies.

ryanropp

IS-IT--Management
Jun 27, 2001
90
US
I just installed xp presentation release 3 on windows 2003 server, service pack 1. Only my domain admins can open up and connect a session. I've checked the remote desktop users and the user i'm testing is in there. When I make him a domain admin, he can connect, however, when I take him out of domain admins I get the following error "To log on to this remote computer, you must have Terminal Server User Access permissions on this computer." I verified all permission in TS and all is there. What else do I need to do here???

Thanks,
Ryan
 
This is because your Terminal Server is currently in REMOTE ADMINISTRATION mode instead of APPLICATION SERVER mode. Go back and change the mode and "regular" users can connect.
 
I thought in 2003 there was only Application Mode. Correct me if I'm wrong because when installing terminal server in 2003 it did not ask me.

Thanks
 
Ryan,

you are both correct sort of when you install TS it only installs in app mode but the remote mode is already there.

However you will probably find that if you open up active directory users and computers and open up the test user under the terminal services profile tab you do not have the allow to logon to a terminal server box checked
 
I checked all that before. All permissions are correct on the TS and in active directory. Not sure what else could be causing this.
 
Already tried that with no luck :(. Thanks for the link though.
 
Firstly it is nothing to do with "remote administration mode", and all that, so don't worry about that! It seems to have changed a little since 2000, indeed as you say, you don't even get that option in TS setup for 2003.

Secondly, I am a relative new comer to all this so, please don't blame me if my advice is way off!

Anyway, I used Citrix Connection Configuration to do this...
I think basically, this version of Citrix on 2003 "hijacks" the TS setup, so you kind of have to allow TS through Citrix...? That make any sense to anyone else, or have I got that way off the mark?

I take it you have given the relevant user/group permission to log on to the application/desktop you are sharing? In Citrix Management Console? (right click on the application, go to Properties, then Users...?).

Also, I presume you have TS licences and aren't just using the built in one's with the grace period? These can only be used by Administrators (possibly even just Domain Admins, can't remember).

Just so you know if your problem is the same as mine, I couldn't connect via Terminal Services either, until I allowed this option in Citrix Connection Config, if doing this then enables you to connect via TS, chances are it is the same problem, if you do this and still can't connect using anything but Domain Admin level accounts however, I'd double check your permissions/licenses.

Let me know how it goes!

Cheers,

Kris.
 
Thanks for the reply Kris. I have some licenses on the way and will see if that resolves. I've looked everywhere but can't find where it states that the trial licenses are for admins only, which in this case would make sense :)..I'll keep this thread updated when i have a solution.

Ryan
 
Ryan, hope Kris's idea helps...but it's the same Citrix link I already provided, which you stated didn't work.

Do let us know what your particular fix is. These things can drive you wacky until resolved!
 
Sorry, I should have clarified. The link is not going to help me in this situation as I have already tried it before. The part that is going to help me is the realization, if true, that only admins can use the eval license, which in my situation makes sense. I'll keep you updated once my licenses are in and installed.

Ryan
 
Did you ever get the "The desktop you are trying to open is available only for Administrators. Yada yada yada check with your administrator" error to stop showing up? I tried everything in this thread and ryanropp's thread too. What was your solution finally?

Am I creating the users in the wrong place? I've created them locally on the citrix server (2003) and the domain controller as well (2000). Please help, this was suppose to be done a week ago and now I'm stuck. Thanks.

Alex
 
I found the location on the citrix page. Just go to run and type mfcfg.exe. That should bring it up.
 
BEYOND888,

Not sure what you need to know buddy?

Users can be on DC, or TS/Citrix server. I just created group on DC, and made that group a member of Remote Desktop Users group on the TS/Citrix server.

Have you enabled the "Right to log on through Terminal Services" too in Policy settings? That was on a link on my page.

RYAN,

I've had a look around too, and can't find anything to back up my claim about only admins being able to use grace period TS licences. Hmmmm? I'm sure I've read that, do let me know how you get on when you get them!

ALL

It does seem as though Citrix and MS have changed a fair bit in the latest releases of 2003 and Citrix MF, without really giving anyone any idea on how to cater for these changes. Spose they can sell more courses that way huh? Or am I just being sceptical?
 
Hi Ryan,
Please open gpedit.msc and edit the policy for allow logon locally and logon from network and add the user groups you have given access to applications through citrix.
I guess the other two permission setting ( citrix connection configuration and ADS user properties) are allowed for login. Please keep in mind that the most restrictive policy will take precedance among these three.
thnx
Debjit
 
Hi all

Hey Check this out--- I just ran into the same issue!

Here's how I fixed it...

I went into the CCC and realized that I had left the box checked that says Launch Only Published Applications!!

I was troubleshooting why I couldn't log in as an End User on this new box- but could as an Admin. I had a static connection thru PN to this box- that's why it wouldn't allow me to log in as a non-admin with that box checked...

Hope this helps...!


Brandon
 
Thanks for the info but the problem has been solved. Apparently, the license code citrix gave me was for server only and did not include any connection licenses. I've been fighting this for some time now and it was citrix's screw up...Should i bill them for my time :)

Ryan
 
Good. I'm glad you figured it out...! I was reading this thread a while back- and remembered it when I ran into my issue today w/ a new build- Thought I'd pass it on...

Brandon
 
Thanks for taking the time to respond.

Bran,
Do you have the web interface setup? If so, can you direct me to a good site that shows step by step how to set this up??

Thanks,
Ryan
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top