Announcement

Collapse
No announcement yet.

Need help with "Access Denied" Terminal Session 2008 Server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need help with "Access Denied" Terminal Session 2008 Server

    hi ,
    im having a problem to return to my saves session in the 2008 server.

    i will explain :

    im login to the 2008 server using my domain credencials and then closing the session using the "X" button. ( in this case it's should saved my session )
    when im trying to return to my saved session im getting "Access Denied" and then he kicks me out. ( See Attach )

    if i want to login again i need to kill my session from the "Terminal Manager" and then login back and it's working.

    this server used to the Helpdesk users and i need to find a solution..
    please try to help me ... im desperate.

    Thanks ,
    Maor.
    Attached Files

  • #2
    Re: Need help with "Access Denied" Terminal Session 2008 Server

    Hi,

    Are you using lates RDP client? what shows in event viewer.

    Rgds

    Comment


    • #3
      Re: Need help with "Access Denied" Terminal Session 2008 Server

      Originally posted by muneer_bom3 View Post
      Hi,

      Are you using lates RDP client? what shows in event viewer.

      Rgds
      Version : 6.0.6001
      there is no events about it in the server2008

      Comment


      • #4
        Re: Need help with "Access Denied" Terminal Session 2008 Server

        If you go to 'Terminal Services Configuration' administrative tool --> Double click RDP-Tcp --> Security Tab --> Advanced :

        Select the group you belong to and click 'Edit'.
        Make sure you have the 'Connect' checked.

        Comment


        • #5
          Re: Need help with "Access Denied" Terminal Session 2008 Server

          Originally posted by Smart-X View Post
          If you go to 'Terminal Services Configuration' administrative tool --> Double click RDP-Tcp --> Security Tab --> Advanced :

          Select the group you belong to and click 'Edit'.
          Make sure you have the 'Connect' checked.
          hi ,
          i chcek it and it's chceked and enabeld but still got the "Access Denied"

          Comment


          • #6
            Re: Need help with "Access Denied" Terminal Session 2008 Server

            Do you see any failure audits in the Security Event Log?

            Also, try enabling auditing of 'Privilege Use' (Failures). This might be related to some security right.

            Clear the security event log, try to connect to your session and then look at the security event log again and search for failure audits.

            Post back the details of the failure events.

            Comment


            • #7
              Re: Need help with "Access Denied" Terminal Session 2008 Server

              Originally posted by Smart-X View Post
              Do you see any failure audits in the Security Event Log?

              Also, try enabling auditing of 'Privilege Use' (Failures). This might be related to some security right.

              Clear the security event log, try to connect to your session and then look at the security event log again and search for failure audits.

              Post back the details of the failure events.
              hi ,
              i did it and this is the failure audit :

              Log Name: Security
              Source: Microsoft-Windows-Security-Auditing
              Date: 1/11/2009 10:15:52 PM
              Event ID: 4673
              Task Category: Sensitive Privilege Use
              Level: Information
              Keywords: Audit Failure
              User: N/A
              Computer: ***********

              Description:
              A privileged service was called.

              Subject:
              Security ID: SYSTEM
              Account Name: ********$
              Account Domain: ******

              Logon ID: 0x3e7
              Service:
              Server: Security Account Manager
              Service Name: Security Account Manager

              Process:
              Process ID: 0x274
              Process Name: C:\Windows\System32\lsass.exe

              Service Request Information:
              Privileges: SeTcbPrivilege
              Event Xml:
              <Event xmlns="
              http://schemas.microsoft.com/win/2004/08/events/event">
              <System>
              <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
              <EventID>4673</EventID>
              <Version>0</Version>
              <Level>0</Level>
              <Task>13056</Task>
              <Opcode>0</Opcode>
              <Keywords>0x8010000000000000</Keywords>
              <TimeCreated SystemTime="2009-01-11T20:15:52.169Z" />
              <EventRecordID>259637</EventRecordID>
              <Correlation />
              <Execution ProcessID="628" ThreadID="688" />
              <Channel>Security</Channel>
              <Computer>*********</Computer>
              <Security />
              </System>
              <EventData>
              <Data Name="SubjectUserSid">S-1-5-18</Data>
              <Data Name="SubjectUserName">*******$</Data>
              <Data Name="SubjectDomainName">******</Data>
              <Data Name="SubjectLogonId">0x3e7</Data>
              <Data Name="ObjectServer">Security Account Manager</Data>
              <Data Name="Service">Security Account Manager</Data>
              <Data Name="PrivilegeList">SeTcbPrivilege</Data>
              <Data Name="ProcessId">0x274</Data>
              <Data Name="ProcessName">C:\Windows\System32\lsass.exe</Data>
              </EventData>
              </Event>

              Comment


              • #8
                Re: Need help with &quot;Access Denied&quot; Terminal Session 2008 Server

                According to this event, it seems as your 'SYSTEM' account is missing the 'Act As Part of the Operating System' user right, which doesn't make sense since should have this privilege by default.

                Is it possible that you changed the security context of your NETLOGON service?

                If you open Task Manager, which user runs the lsass.exe process?

                Comment


                • #9
                  Re: Need help with &quot;Access Denied&quot; Terminal Session 2008 Server

                  Originally posted by Smart-X View Post
                  According to this event, it seems as your 'SYSTEM' account is missing the 'Act As Part of the Operating System' user right, which doesn't make sense since should have this privilege by default.

                  Is it possible that you changed the security context of your NETLOGON service?

                  If you open Task Manager, which user runs the lsass.exe process?
                  Lsass.exe run under "System" on the task manager.

                  Comment


                  • #10
                    Re: Need help with &quot;Access Denied&quot; Terminal Session 2008 Server

                    Originally posted by Sdesign View Post
                    Security ID: SYSTEM
                    Account Name: ********$
                    Account Domain: ******
                    What's the account name and account domain?
                    You don't have to provide the actual names, but does the 'Account Name' is the Teminal Server name, or another machine's name?
                    What's the 'Account Domain'? is that the machine name or your AD domain?

                    Comment


                    • #11
                      Re: Need help with &quot;Access Denied&quot; Terminal Session 2008 Server

                      Originally posted by Smart-X View Post
                      What's the account name and account domain?
                      You don't have to provide the actual names, but does the 'Account Name' is the Teminal Server name, or another machine's name?
                      What's the 'Account Domain'? is that the machine name or your AD domain?
                      Sorry i didnt understnd the Q.

                      Comment


                      • #12
                        Re: Need help with &quot;Access Denied&quot; Terminal Session 2008 Server

                        In the log you provided, you have the following entries:
                        Security ID: SYSTEM
                        Account Name: ********$
                        Account Domain: ******


                        Which account is it? Try to give it the 'Act As Part of the Operating System' privilege.

                        If it still doesn't work, try to give (temporarily) the 'Act as part of the operating system' to EVERYONE.

                        This is only for test purposes. Do not keep it that way because it is a major security risk.

                        I just want to understand if we're on the right direction.

                        Comment


                        • #13
                          Re: Need help with &quot;Access Denied&quot; Terminal Session 2008 Server

                          Originally posted by Smart-X View Post
                          In the log you provided, you have the following entries:
                          Security ID: SYSTEM
                          Account Name: ********$
                          Account Domain: ******

                          Which account is it? Try to give it the 'Act As Part of the Operating System' privilege.

                          If it still doesn't work, try to give (temporarily) the 'Act as part of the operating system' to EVERYONE.

                          This is only for test purposes. Do not keep it that way because it is a major security risk.

                          I just want to understand if we're on the right direction.
                          hi ,
                          i chcek the security tab and everything there is allow ( like attach )
                          where i need to set the 'Act As Part of the Operating System' ?
                          Attached Files

                          Comment


                          • #14
                            Re: Need help with &quot;Access Denied&quot; Terminal Session 2008 Server

                            Administrative Tools --> Local Security Policy --> Security Settings --> Local Policies --> User Rights Assignment --> Act as part of the operating system

                            Comment


                            • #15
                              Re: Need help with &quot;Access Denied&quot; Terminal Session 2008 Server

                              Originally posted by Smart-X View Post
                              Administrative Tools --> Local Security Policy --> Security Settings --> Local Policies --> User Rights Assignment --> Act as part of the operating system

                              Still access denied
                              after the change in the local policy.

                              Comment

                              Working...
                              X