Windows 2008 R2 intermittently getting access denied when logging in

Hi, 
I recently built 2 new Virtual Machines. They both run on Hyper-V (version 6.2x).
One is Windows 2008 R2 standard and the other Windows 2008 R2 Datacenter. These are both remote desktop servers. 
These are both connected to a domain. 
The domain controller is linux/samba based, this will mimic the Windows NT4 style domain controller environment. 
Within each Virtual Machine I have a remote desktop users group, that is a staff group. 
Intermittently users get an access denied error when logging on. This only happens when logging on as domain users. 
If this happened all the time, I might think the machine needed to be removed and re-added to the domain but as it's intermittent, I don't see the trust relationship as the problem. 
Any ideas? 
Thanks

Hi,
Thanks for your post in Windows Server Forum.
Before providing you some information, I would like to get some more information to resolve your issue.
- Have you notice any specific error when trying to remote login?
- Did you check GPO setting option “Allow log on through Remote Desktop Services”
As group policy and the user group are interrelated with each other. There are 2 types of user rights.
(1)   Logon rights  (2) Privileges
These two plays an important part in allowing an RDP session to the server. Also need to check in GPO Setting for more option.
a. Allow log on through Remote Desktop Services : Users\Group must be added for Remote Session
b. Deny log on through Remote Desktop Services : Users\Group must not be added for Remote Session
For checking the setting in GPO follow below path:
- Start > Run >gpedit.msc
- Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
For more information, refer beneath article.
“Allow Logon through Terminal Services (Remote Desktop Services)” group policy and “Remote Desktop Users” group.
http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
Hope This Helps!
Thanks.

Similar Messages

  • Get "Access Denied" when click open a PDF file

    Hi Friends,
    Get "Access Denied" when click open a PDF file linked from SharePoint 2013 page.
    What are the route causes any one is remove the permissions are stopped the inheritance permissions of the library.
    Can anyone face the same issue please help me.
    Thanks,
    Tiru
    tirupal

    Hi,
    If you are able to open the same document earlier,then  anonymous access enabled on your doc library then.
    If you are facing this problem in first time,then you do not have required permission (may be custom permission level has been set ) on it.
    Murugesa Pandian.,MCTS|App.Development|Configure

  • I get access denied when I try to search on your site.

    Please help me. I get access denied when I try to search on your site. I have emptied cache. I tried Safe Mode the way you suggested. Still access denied (though my printer then would not respond to me and I spent $85 to have my It consultant fix that problem.

    Hi,
    You've opened 3 different threads for the same issue. Please only open '''ONE''' thread per support request.
    Continue here [https://support.mozilla.org/en-US/questions/995124?esab=a&s=&r=3&as=s /questions/995124]
    Closing thread

  • I get access denied when I add a page to a workset in EP 7

    I get access denied when I add a page to a workset in EP 7.
    Please advice.

    Hello,
    This seems to be a permission issue. Assign the user id proper permission, say system_admin_role and then try.
    Regards
    Deb

  • Why am I suddenly getting "Access Denied" when I try to enter text on a form? Windows 7, Reader XI

    I have been using Adobe Reader for many years and scan forms into my computer so that I can fill them with text. I have suddenly started getting Access Denied pop up when I attempt to do this. Does anyone have any thoughts as to why or how to correct?

    Yes, I am adding comments onto a scanned image and the reader is v. 11.0.10. 
    I am Secretary of an organization and rather than hand write all the necessary forms I have them scanned in and then I would position the cursor to type the information on the them. Linda

  • Oracle Apex export application getting access denied when trying to download

    DB: 11.2.0.3
    Apex: 4.2.2.00.11
    Apex Listener: 2.0.3.221.10.13
    WLS: 10.3.6.0
    Chrome: Version 29.0.1547.76 m
    and IE 10.0.9200.16660
    I'm the admin of the workspace that has one application. Made a change to the application and went to export the application so I can source control it.
    Followed the Export wizard while in the application, hit the Export/Import button and clicked Export. Changed the File Format to "Database", Export Supporting Object Definitions to "No" and left everything else as default. Clicked the Export Application button and get "Application 108 exported" success maessage. Navigate to the Manage Export Repository and I see the exported application labled "f108.sql and I click on it and I get "Access Denied".
    Whats the trick? What am I missing?
    If I change File Format to "Unix" or "DOS" the file automatically downloads.
    Thx,
    Russ

    Hmm I wonder if it has something to do with:
    bug #16760897
    http://www.oracle.com/technetwork/developer-tools/apex/application-express/apex-422-known-issues-1940409.html
    The bug description mentions ORA-06502, but get_file has a when others exception handler that simply returns "Access Denied".
    What do you folks think?

  • Why do i get access denied when trying to download CS6 Design & Web Premium?

    I have a serial number for CS6 Design & Web Premium. I have a new computer I want to set it up on. I went to download it from Download CS6 products but I keep getting:
    Access Denied
    You don't have permission to access "http://trials2.adobe.com/AdobeProducts/DSST/CS6/win32/DesignWebPremium_CS6_LS16.7z" on this server.
    Reference #18.d1e1a60.1425598287.217a0f4
    Does anyone know what I'm doing wrong?
    Thanks for any help,
    Noah

    Make sure you have cookies enabled and clear your cache.  If it continues to fail try using a different browser.

  • Getting access denied when trying to loging to sharepoint 2010 site collection.

    only Site Collection Administrators  are able to logging in to the site,other than that
    If i give any View or read or contribute permission to any user then he is not able to logging in to the site getting Access Denied ERROR.
    Below is the error generated in the LOG folder & attached here with screen shot.
    Request (GET:http://sharepoint-app:2525/_layouts/accessdenied.aspx?closeConnection=01
    vijay kumar designer 2010

    Tanq it solved my problem Fadi
    Abdulwahab
    vijay kumar designer 2010

  • AccessControlException: access denied when logging into WebCenter Spaces

    I am running into an issue with my new WebCenter 11g PS5 deployment.
    I have a single domain with WebCenter Content and WebCenter Portal, but the servers are stored in $ORACLE_BASE/admin/wc_domain/aserver and $ORACLE_BASE/admin/wc_domain/mserver as per the Enterprise Deployment Guide.
    Everything seems fine, all my servers start up (from the Admin console through the Node Manager), I can log into WebCenter Spaces, but once I am forwarded to the home page I am thrown out and sent to the error page. In the log there is the following error:
    <Oct 3, 2012 5:03:55 PM CEST> <Error> <oracle.webcenter.webcenterapp> <BEA-000000> <
    java.security.AccessControlException: access denied (oracle.security.jps.service.policystore.PolicyStoreAccessPermission Context:APPLICATION Context Name:webcenter Actions:getApplicationPolicy)
         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
         at java.security.AccessController.checkPermission(AccessController.java:546)
         at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
         at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
         at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
         at oracle.security.jps.internal.policystore.AbstractPolicyStore.checkPolicyStoreAccessPermission(AbstractPolicyStore.java:380)
         at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.getApplicationPolicy(LdapPolicyStore.java:810)
         at oracle.webcenter.webcenterapp.internal.model.security.WCSecurityManagerImpl$1.run(WCSecurityManagerImpl.java:419)
         at oracle.webcenter.webcenterapp.internal.model.security.WCSecurityManagerImpl.init(WCSecurityManagerImpl.java:411)
         at oracle.webcenter.webcenterapp.internal.model.security.WCSecurityManagerImpl.<init>(WCSecurityManagerImpl.java:454)
         at oracle.webcenter.webcenterapp.internal.view.shell.WCApplicationImpl.getSecurityManager(WCApplicationImpl.java:158)
         at oracle.webcenter.webcenterapp.internal.model.WebCenterConfig.getSecurityManager(WebCenterConfig.java:617)
         at oracle.webcenter.webcenterapp.internal.view.shell.handler.WebCenterApplicationShellHandler.canAccessPage(WebCenterApplicationShellHandler.java:675)
         at oracle.webcenter.webcenterapp.internal.view.shell.handler.WebCenterApplicationShellHandler.getPhysicalPageURI(WebCenterApplicationShellHandler.java:1442)
         at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellPageRedirectionFilter.doFilter(WebCenterShellPageRedirectionFilter.java:193)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellFilter.doFilter(WebCenterShellFilter.java:724)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at oracle.adf.view.page.editor.webapp.WebCenterComposerFilter.doFilter(WebCenterComposerFilter.java:117)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at oracle.adf.share.http.ServletADFFilter.doFilter(ServletADFFilter.java:62)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:447)
         at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:447)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
         at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterLocaleWrapperFilter.processFilters(WebCenterLocaleWrapperFilter.java:344)
         at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterLocaleWrapperFilter.doFilter(WebCenterLocaleWrapperFilter.java:237)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
         at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
         at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    >
    If I start the managed server using startManagedWebLogic.sh from the prompt, it works without issues.
    Node Manager is using the startWebLogic.sh file by default.
    I have set up other domains with all the standard paths, so my guess is that this may be caused by a (conflicting) path issue.
    Any idea what could be causing this?

    This is in reply to the first post. I don't know what happened after.
    Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission sun.arch.data.model read)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
         at java.lang.System.getProperty(Unknown Source)
         at org.eclipse.swt.internal.Library.loadLibrary(Library.java:167)
         at org.eclipse.swt.internal.Library.loadLibrary(Library.java:151)
         at org.eclipse.swt.internal.C.<clinit>(C.java:21)
    If you read the above trace from bottom to top, it shows none of you classes, only classes from that Eclipse library, which seems to loadLibrary() a native DLL. In order to do this, it needs to call System.getProperty( "sun.arch.data.model" ). This call is not allowed from un unsigned applet. So I guess you need to sign the applet and this problem will go away. Many other problems may follow. Just read very very carefully all the related documentation, which I did not.

  • Users getting access denied when trying to create a security group

    Hello,
    I created an MPR for granting right through an approval workflow for joining security group, but getting the following error. Any thoughts what could be going wrong?
    Error processing your request: The operation was rejected because of access control policies.
    Reason: The operation failed as a result of insufficient access rights.
    Attributes: ExplicitMember
    Correlation Id: edc226e9-ecb9-42c2-ab20-4fa8b5643056
    Request Id:
    Details: No policy grants the Requestor permission to complete all changes.
    This is what I see in the even log:
    Requestor: urn:uuid:9373552a-c063-4fb9-abcd-3501d151a061
    Correlation Identifier: edc226e9-ecb9-42c2-ab20-4fa8b5643056
    Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ManagementPolicyRule ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State 1, Procedure DoEvaluateRequestInner,
    Line 1319, Message: Permission denied: <ai><Name>ExplicitMember</Name></ai>
       at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
       at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
       at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
       at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
       at System.Data.SqlClient.SqlDataReader.get_MetaData()
       at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
       at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
       at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
       at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
       at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
       at System.Data.SqlClient.SqlCommand.ExecuteReader()
       at Microsoft.ResourceManagement.Data.DataAccess.DoRequestCreation(RequestType request, Guid cause, Guid requestMarker, Boolean doEvaluation, Int16 serviceId, Int16 servicePartitionId)
       --- End of inner exception stack trace ---
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean
    isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier, Boolean maintenanceMode)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)
    Thanks,
    John

    Hi,
    You probably missing another MPR to give the right (checkbox "Grants permission") to Add and Remove value for attribute "Explicit member". Set an authorization workflow is not enough!
    Regards,
    Sylvain

  • Why do my Visitors users get Access Denied in my New Forms - Mobile Devices Only

    The issue I have is that I have a SP2013 Site with a group Visitors.
    the default Site Permissions have been set to Read.
    I then created a SharePoint List with a People Picker.
    I broke the Security inheritance and gave the Visitors group Contribute Permissions
    In Browser mode, they can access the site, open all links and even add content to list.
    When I do the same actions on a mobile device, All the visitors get Access Denied when clicking on the Add Content Link.
    The Link I make available is "https://myweb/sites/site/Lists/mylist/NewForm.aspx"
    I have found some suggestions about unplublished content, but this does not explain why the user can perform the required actions on a desktop, but not on a mobile device using the same link

    Hi,
    By mobile do you happen to mean iPhone? There has been quite a few issues with SharePoint 2013 and iOS authentication. You might want to refer to the following exchange.
    http://apple.stackexchange.com/questions/146808/ios-8-safari-sharepoint-2013-windows-authentication-support
    Eric Overfield - PixelMill -
    ericoverfield.com -
    @EricOverfield

  • Access Denied when Student Uploads Course in Drop Box

    All of a sudden we are getting access denied when a student tries to upload a course. We have not changed anything on our end. The tabs on the course page are set to drop box for student. The credentials sent over are:
    StudentBody@urn:mace:itunesu.com:sites:school.edu;Student@urn:mace:itunesu.com:s ites:school.edu:SPC16001002134
    The SPC16001002134 is the course identifier.
    Access to the course for student is set to download:
    Access Level: Download
    Credential Definition: Student@urn:mace:itunesu.com:sites:school.edu:${IDENTIFIER}
    Group Access Label: Student

    Hi,
    I need a bit more information. Can you please post your site's domain so that I can inspect it? It appears you have replaced this with school.edu.
    Thanks.

  • Access denied when creating GPO

    Hi,
    The past couple of days I have been struggling finding out what the cause/issue is.
    I am trying to create a new GPO (for the first time) in Windows 2008 and receive an "Access Denied" message.
    We have only one server, which is the PDC.
    If using the administrator's account is not the problem, what is??
    Thanks in advance.

    try whoami /groups and post back
    also check delegation
    Everyone                                    
    BUILTIN\Print Operators
    BUILTIN\Administrators
    BUILTIN\Users                               
    BUILTIN\Pre-Windows 2000 Compatible Access  
    NT AUTHORITY\INTERACTIVE                    
    CONSOLE LOGON                               
    NT AUTHORITY\Authenticated Users            
    NT AUTHORITY\This Organization              
    domain\Policy Creator Owners           
    domain\Domain Admins                         
    domain\Schema Admins                         
    domain\Enterprise Admins                     
    domain\Denied RODC Password Replication Group

  • Photoshop cs4 access denied when trying to install from disc in Windows 7 64bit.

    Photoshop cs4 access denied when trying to install from disc in Windows 7 64bit. I tried it in
    safe mode and it starts to install but get an error there as well.
    What do I do?

    So when you put the disk in it won't run correctly? When the disk is inserted you should have a window pop up with 2 options. 1 to install and the other to see what is on the disk. Choose to explore or open the disk. Go to the CS4 folder where the photoshop .exe file is (that will run the setup), right click on the .exe file and choose run as Admin and it should start. See if it will install. If not then read below.
    I am not sure how far you got in the install before so chances are you will have to run the CS4 cleanup utility. 2 levels to run at but don't use 1 or 2 just type in the number 3.
    http://www.adobe.com/support/contact/cs4clean.html
    You may need to run the windows installer cleanup utility too
    http://support.microsoft.com/kb/290301
    Before you try to reinstall the software ensure that adobe reader is not installed. If it is remove it. It has caused issues in the past with vista and CS4 installs.
    Also turn off windows Defender and any anti-virus software. You can keep UAC on in Windows 7.
    During the CS4 install at 90 percent it will almost stop and may take 5 to 10 mins to finish. This is normal. What a pain huh......
    After install is finished, reboot
    After reboot, go to the CS4 64 bit or 32 bit icon (depends on 32 or 64 bit Windows 7) in start area, right click on CS4 64 bit (if you have windows 7 64 bit) and choose properties, compatibility tab and then check run as Admin at the bottom area. Hit apply, ok to close out.
    Now start CS4 and run the updater.

  • Access Denied when trying to add DP to Windows Server 2003

    Hello. My environment is SCCM 2012 SP1. I have a Windows Server 2003 SP2 machine that I need to set a distribution point up on. I have all the prep work complete like IIS installed, local administrator, etc. I have also already setup 300 DPs successfully
    on the same platform but for some reason this one is causing me problems. I have made sure that the secondary server I am setting the DP up from is in the local administrators group. However, I keep getting access denied errors. I have checked and can access
    the ADMIN$ share on the machine. Any ideas what I am missing.
    Failed to install ISAPI on server.lab.local, failed to copy E:\ConfigMgr12\bin\x64\..\i386\smsfileisapi.dll to
    \\server.local.lab\ADMIN$\system32\inetsrv\smsfileisapi.dll, Win32 error = 5

    Hi,
    Have you tried to access  \\server.local.lab\ADMIN$\system32\inetsrv or copy E:\ConfigMgr12\bin\x64\..\i386\smsfileisapi.dll to
    \\server.local.lab\ADMIN$\system32\inetsrv\smsfileisapi.dll using the secondary site computer account?
    Best Regards,
    Joyce Li
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

Maybe you are looking for