Access is Denied when try to access server via Remote Desktop/Terminal Server

 

Problem:

When I try to access server remote desktop I receive the following error message:

Access is denied

image

As you can see, the remote desktop service is working, but do not authenticate.

 

Useful note: I found this problem on an unchanged installation of windows server 2008 R2 with Forefront TMG 2010 SP1 full updates installed.

 

Understand this problem:

The remote desktop service is running using “LocalSystem” account. If you compare this registry key with other working server, you can see that you need to leave this server running with “NT AuthorityNetworkService”.

 

Solution:

Edit Windows Registry using regedit and go to the following key:

HKLMSYSTEMCurrentControlSetservicesTermService

image

Locate the string value “ObjectName” and edit it to change Value data to “NT AuthorityNetworkService”:

image

image

 

Reboot server and you will gain access via Remote Desktop.

Enjoy Sorriso

Please click like, or leave some feedback Sorriso

 

Source: http://blogs.technet.com/b/askperf/archive/2010/07/08/the-case-of-the-mysterious-access-denied-aka-more-on-service-hardening.aspx

About Daniel Costa

Senior System Engineer; Blogger; Arduino/Raspberry Pi Fun; Fresh Water Aquascaper; Linux User; Dad; MSc Student in Computer and Medical Instrumentation;

13 comments

  1. For anyone looking for an additional fix, I had a user experience this issue and none of the suggested solutions worked. Not MaxTokenSize or the logon credentials to the RDS Account (it was aset to NetworkService)
    The particular user had Kerberos DES Encryption enabled for his account in AD. Disabling that immediately allowed him access to the server.

  2. I”m having this issue myself on 3 newly deployed VMs and the ObjectName for my machines is already set to NetworkService.

    Start is set to 3 rather than 2, but everything else looks the same as the solved properties.

    Is there another possible curprit? Is there another key I have to check somewhere?

    Help!

  3. It works …….. Awesome, i have tried alot by disabling Mcafee joining to domain removing from domain, checked group policy but no luck. Thank you so much Daniel plz keep on posting like this, it would be very helpful.

  4. Many thanks – we had a domain controller that was acting this way and the suggestion finally fixed it. Still not sure why the service login got switched from Network Service to Local System.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>