Manage Learn to apply best practices and optimize your operations.

Why can't I log into remote admin server?

I started a new job as a network admin and have inherited two Win2k servers. One server is running Terminal Services in application mode and the other is running it in remote administration mode. I can log into the application mode server just fine, but I can't log into the remote admin server. When I look at TS connection manager, I see that both servers have a "listener" and an "administrator" listed. I know that in remote admin mode you are allowed two licenses to log in with. Can you tell me what this listener does and why can't I log into the remote admin server?
The listener sessions are there to speed up the connection process. When someone tries to establish a connection with a terminal server, they take control of a waiting session, rather than waiting for the server to establish the session.

As for why you can't log into the remote admin server, my first guess is that you're not a member of the administrators' group. (Tip for anyone reading this and planning to send in a question: Specifying the error message helps troubleshooting.) If this is the case, you need to edit the permissions both for yourself and for the protocol. Allowing Joe User to log onto a terminal server that's also a domain controller is a two-step process. First, use the Domain Controller Security Policy tool on the domain controller in question to change the security policy for the DC to permit users (or authenticated users) to log on locally, then refresh the security policy. (Open the Security Settings folder, double-click Local Policies and then click User Rights Assignment. Click the Log On Locally right, and then click Add.

Browse for the appropriate group, click Add, then OK your way out of the dialog box and refresh the security policy with secedit /refreshpolicy machine_policy /enforce.

Next, go to Terminal Services configuration and edit the properties for Remote Desktop Protocol (RDP). Turn to the Permissions tab and add Authenticated Users to the list of groups allowed to use RDP. That should allow Joe User to log on.

Dig Deeper on Enterprise desktop management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.