terminal server 2003 , user profie problems

Home Forums Virtualization Terminal Services terminal server 2003 , user profie problems

This topic contains 5 replies, has 2 voices, and was last updated by Avatar tulik23 10 years, 3 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • Avatar
    tulik23
    Member
    #146680

    Hi

    We have 2 win2k3 64b act as terminal server on two 2008 srv dc and one 2003 dc

    when a user/administrator log on the the server his user created localy and not roaming .

    we have defined folder redirection to the users , the folders are working fine , but i get this error on the event viewer
    rivileged Service Called:
    Server: Security
    Service: –
    Primary User Name: administrator
    Primary Domain: ************
    Primary Logon ID: (0x0,0x977E3BA)
    Client User Name: –
    Client Domain: –
    Client Logon ID: –
    Privileges: SeTcbPrivilege

    i have edited the GPO for the “create global objects” added the Domain admin and the authanticaed users
    also the same fo the “inpersonate a client after authe…”

    but still with no success

    please advice

    TK

    Avatar
    yuval14
    Member
    #174378

    Re: terminal server 2003 , user profie problems

    Hi,

    Can you give the full error log?

    Is gpresult indicated that the GPO applied?!

    Avatar
    tulik23
    Member
    #286297

    Re: terminal server 2003 , user profie problems

    Hi

    this is the gpresult

    Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
    Copyright (C) Microsoft Corp. 1981-2001
    Created On 01/04/2010 at 10:01:18

    RSOP data for ******administrator on SRV-TERMINAL03 : Logging Mode


    OS Type: Microsoft(R) Windows(R) Server 2003 Enterprise
    Edition
    OS Configuration: Member Server
    OS Version: 5.2.3790
    Terminal Server Mode: Application Server
    Site Name: ******
    Roaming Profile:
    Local Profile: C:Documents and Settingsadministrator.******.
    Connected over a slow link?: No

    COMPUTER SETTINGS


    CN=SRV-TERMINAL03,OU=SERVERS,DC=******,DC=XXX,DC=XX,DC=XXXX
    Last time Group Policy was applied: 01/04/2010 at 09:27:19
    Group Policy was applied from: SRV-DC.******.XXXX.XXX.XXXil
    Group Policy slow link threshold: 500 kbps
    Domain Name: ******
    Domain Type: Windows 2000
    Applied Group Policy Objects


    All ****** Servers Policy
    Default Domain Policy
    Local Group Policy
    The following GPOs were not applied because they were filtered out


    XXXX_Deploy
    Filtering: Denied (WMI Filter)
    WMI Filter: Is XP
    ****** Domain Policy
    Filtering: Disabled (Link)
    The computer is a part of the following security groups


    BUILTINAdministrators
    Everyone
    BUILTINUsers
    NT AUTHORITYNETWORK
    NT AUTHORITYAuthenticated Users
    This Organization
    SRV-TERMINAL03$
    Domain Computers

    USER SETTINGS


    CN=Administrator,CN=Users,DC=******,DC=XXX,DC=XXX,DC=iXXXl
    Last time Group Policy was applied: 01/04/2010 at 10:00:11
    Group Policy was applied from: SRV-DC.******.XXXX.XXXX
    Group Policy slow link threshold: 500 kbps
    Domain Name: ******
    Domain Type: Windows 2000
    Applied Group Policy Objects


    Default Domain Policy
    The following GPOs were not applied because they were filtered out


    XXXcToN
    Filtering: Denied (Security)
    XXXX_Deploy
    Filtering: Disabled (GPO)
    Map Q to XXXX
    Filtering: Denied (Security)
    Local Group Policy
    Filtering: Not Applied (Empty)
    The user is a part of the following security groups


    Domain Users
    Everyone
    Debugger Users
    Offer Remote Assistance Helpers
    Remote Desktop Users
    BUILTINUsers
    BUILTINAdministrators
    REMOTE INTERACTIVE LOGON
    NT AUTHORITYINTERACTIVE
    NT AUTHORITYAuthenticated Users
    This Organization
    LOCAL
    RemoteAdmin
    Group Policy Creator Owners
    Domain Admins
    Schema Admins
    Exchange Public Folder Administrators
    Exchange View-Only Administrators
    Exchange Organization Administrators
    Enterprise Admins
    Exchange Recipient Administrators
    DL_ExTerminalUsers
    Denied RODC Password Replication Group
    Offer Remote Assistance Helpers
    CoSign Admins
    C:Documents and Settingsadministrator.******.000>

    as for the error on the event in order

    1. Event id 522
    Logon attempt using explicit credentials:
    Logged on user:
    User Name: SRV-TERMINAL03$
    Domain: XXXX
    Logon ID: (0x0,0x3E7)
    Logon GUID: –
    User whose credentials were used:
    Target User Name: administrator
    Target Domain: XXXXX
    Target Logon GUID: {55fc4556-2dee-0217-0911-059611b71f14}

    Target Server Name: localhost
    Target Server Info: localhost
    Caller Process ID: 10708
    Source Network Address: XXX.XX.XXX.XXX
    Source Port: 53337

    For more information, see Help and Support Center at

    Event id : 528

    Successful Logon:
    User Name: administrator
    Domain: XXXX
    Logon ID: (0x0,0x1E8760C8)
    Logon Type: 10
    Logon Process: User32
    Authentication Package: Negotiate
    Workstation Name: SRV-TERMINAL03
    Logon GUID: {55fc4556-2dee-0217-0911-059611b71f14}
    Caller User Name: SRV-TERMINAL03$
    Caller Domain: XXXX
    Caller Logon ID: (0x0,0x3E7)
    Caller Process ID: 10708
    Transited Services: –
    Source Network Address: XXX.XX.XX.XX
    Source Port: 53337

    For more information, see Help and Support Center at

    event id : 576



    Special privileges assigned to new logon:
    User Name:
    Domain:
    Logon ID: (0x0,0x1E8760C8)
    Privileges: SeSecurityPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeTakeOwnershipPrivilege
    SeDebugPrivilege
    SeSystemEnvironmentPrivilege
    SeLoadDriverPrivilege
    SeImpersonatePrivilege

    For more information, see Help and Support Center at

    : event id 577
    Privileged Service Called:
    Server: Security
    Service: –
    Primary User Name: administrator
    Primary Domain: XXXXX
    Primary Logon ID: (0x0,0x1E8760C8)
    Client User Name: –
    Client Domain: –
    Client Logon ID: –
    Privileges: SeTcbPrivilege
    For more information, see Help and Support Center at

    Thanks

    TK

    Avatar
    yuval14
    Member
    #174379

    Re: terminal server 2003 , user profie problems

    OK, its look like GPO filtering issue “The following GPOs were not applied because they were filtered out”.

    http://technet.microsoft.com/en-us/library/cc787386(WS.10).aspx

    http://support.microsoft.com/kb/260370

    http://www.windowsnetworking.com/articles_tutorials/Terminal-Services-Group-Policy.html

    Avatar
    tulik23
    Member
    #286298

    Re: terminal server 2003 , user profie problems

    Hi Yuval

    the GPO that are denied are usless , they should be deny

    what else i can check ?

    thanks

    Avatar
    yuval14
    Member
    #174380

    Re: terminal server 2003 , user profie problems

    Well, we need to see some Folder Direct GPO applied to users…

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.