Sudden "…you must have Terminal Server User Access permissions on this computer." Error.

I have a Small Business Server 2003 R2 Server running Team Foundation Server tucked out of the way to conserve desk space (three servers, two clients, two desks: not much space).  I don’t have it hooked up to a monitor (one: don’t have that many monitors, and two: desk space).  So, I’ve been merrily using Remote Desktop Connection (RDC) in Windows XP to connect to this server to perform my various administration tasks (like install service packs, hot fixes, etc.).


Well, I finally had a couple of cycles to install some hotfixes for the new daylight savings time changes to various components, so I sparked up RDC to get the ball rolling on my server–as I have done many times before.  I was greeted with a message box as I logged in:


To log on to this remote computer, you must have Terminal Server User Access Permissions on this computer. By default, members of the Remote Desktop group have these permissions. If you are not a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually.


Needless to say I was dumbfounded–it worked fine yesterday.  After a bit of searching, it appears it was the 120 day anniversary of creating this server and Terminal Server (which is what is used for an application server in Small Business Server) had “expired” (i.e. its grace period for CALs had expired).  I was used to installing Windows Server and setting up Terminal Server for remote administration (there was a setting for that in Windows Server, I honestly don’t remember what Small Business Server asked me when I installed; it certainly wasn’t clear it was different the other Windows Server installation processes).  Apparently I missed the memo that remote administration is now called “Remote Desktop”.  Clearly a WTF moment.


As it turns out, the hoops to get back to the ability of remote administration aren’t clearly documented (I actually couldn’t find any documentation on the process, I actually inferred the process from various non-Microsoft sources–there could be documentation somewhere, I just didn’t find it).  The process requires that Terminal Server be uninstalled, the server rebooted, and Remote Desktop be re-enabled.  A point-list of the steps:


  1. Run Add/Remove Programs (run “appwiz.cpl”)
  2. Click Add/Remove Windows Components (Alt-W)
  3. Uncheck Terminal Server
  4. Press Next>.
  5. Follow instructions, including rebooting.
  6. Open System control panel applet (run “sysdm.cpl”)
  7. Click Remote tab.
  8. Check Enable Remote Desktop on this computer. (because removing Terminal Server disables this)
  9. Click Select Remote Users…
  10. Make sure administrators is in the list.
  11. Click OK.
  12. Click OK. for the next dialog.
  13. Wait a few minutes for things to get up and running and you’re no ready for remote administration again.

I hope this helps someone get back up and running faster than I did…

83 thoughts on “Sudden "…you must have Terminal Server User Access permissions on this computer." Error.”

  1. I think something else changed the permissions… SBS boxes don’t have a 120 day grace period and they are set up for Remote administration mode.. (but cannot do application mode)

  2. Susan, could be. I hadn’t installed anything on there; unless a recent Microsoft update changed something. I did go through the process of adding users/groups to the Remote Desktop Users group, to no avail. Only uninstalling Terminal Server and re-enabling Remote Desktop got me back to being able to remotely administer.

    When installing Windows Server I usually select remote administration for Terminal Server; but, for this installation, I just don’t remember.

  3. Peter, Thank you for this information. I have a bunch of computers all using active directory to log onto their PC’s, and the Server is in another room where i only gave it a monitor/mouse/keyboard because of this very issue! I’ve just left it be until the last week, but recently decided it was time to fix whatever was wrong. It’s funny how frustrating a little message like that can be when you check countless amount of security configurations and permissions, and then you check the entire microsoft website and can’t find this solution anywhere. Anyways, thank you for posting this because without it i am sure I would of been trying a lot more ideas for countless hours.

  4. THANK YOU! I’ve been using remote access to gather data for my PhD thesis and I don’t think I would have finished on time without this reset.

  5. I came across the same problem, fortunately I planned ahead and created two admin users so was able to still log in using the second admin account. I tried what you suggested but it didn’t work in my instance, but what I found was a problem of my own making. I run server 2003 on one of my home machines to play with, during my latest exploit to run pop3/smtp server I inadvertantly added my main login to the “mailbox” user account. This I think caused my problem as I read somwhere (after the event)that “mailbox” users cannot login to the server, its a case of “either / or” but not both. I may have been wrong but as soon as I removed my main login from the “mailbox” account I could use it once again to login normally, but this is my finding as everything was “ok” until I started messing and i’m no “server” expert ….. its just a hobby to me.

  6. ok – very skeptical of the instructions but it worked like a charm. Thanks so much I have 6 new 2003 servers and wasn’t aware of this issue. all my remaining servers are 2K’s – thanks again

  7. Well I have put myself in a similar situation, however, my only means for getting to the server is through RDC and after going through the add/remove step then rebooting, I now get the message ;
    “To log on this remote computer, you must have Terminal Server User Access permissions on this computer. By default, members of the RDC users group have these permission. If you are not a member, your Administator will have to set this manually”

    If I can’t RDC and hooking up a monitor isn’t an option (don’t ask, long story), is there ANY other way to get in to set up the RDC?

  8. @Mystie: I don’t know of a way to remotely connecting to a server if the server thinks you don’t have permission to do it. There may be a way, I’m no SBS expert; but off-hand if there were it would be a security issue.

    You could try contacting customer support or asking the question on one of the SBS newsgroups like http://www.microsoft.com/technet/community/newsgroups/dgbrowser/en-us/default.mspx?dg=microsoft.public.windows.server.sbs

  9. I’m setup TS CAL and then installed the citrix presentation server v 4.0 , but I see this error with the thin client . please help mr . thx

  10. thnak you so much , it make u feel u r not alone in the world with similar problems , It worked for me let me give my perspective just roll balck SP2 update it works perfectly yet to find what in SP2 cause this problem and what fixes it still lookiing for tha solution

  11. I don’t know what citrix requires. If it requires Terminal Server then you need a license for Terminal Server and the instructions in this post will make Citrix not work. But, I doubt you’d have to re-install citrix.

  12. I have found this error can also occur on terminal services when a non-administrator tries to logon using the /console or -console option.

    I run into it a lot because my desktop shortcuts usually have that option since I am administering, and when I try to test as a normal user I get the error about 3 times before I remember that!

  13. I got same problem and spent several hours to figure out. I’ve been using mstsc -v:servername /F -console since it happened. I didn’t think about Terminal Server was installed. Now it works. Thanks for useful info.

  14. I have the same problem. I have a 2003 server with citrix metaframe. I try to connect to the application using citrix or RDP to the citrix server to no avail. Are you saying I should uninstall terminal services on the Server and then reinstall?

  15. So let me get this straight. If I uninstall Terminal Server, Reboot the server and then Re-enable RDP and add all the users this should work?

  16. To confirm this is the problem, check the event viewer. On the system log there should be an error from the TermService saying that your 120 days of grace have expired.

  17. Thanks a bunch. These directions definetely helped me find the reason behind a very similar problem we were having.

    To the poster called mistie:
    If you can’t RDC and hooking up a monitor isn’t an option, there is one other thing to try.

    start>run> mstsc /console
    and try to connect to the machine. This works even when the CALs are expired, and has saved me in this situation.

  18. its just a simple question when we are connecting it from the client side it give us error at client side that

    “To Logon to this remote computer you must have terminal server access permission on this computer”

    Can you please guide us if any mistakes in OS or in Citrix?

    kamran@nec-isb.com.pk

  19. Something similar, maybe somebody knows the solution?
    I can connect remote desktop as a administrator, but not as user with admin rights, or with any right (tried all rights and polices). I was able some time ago, but i don`t know what happend that it stop working. May be I changed something but can not recall.
    Any clue?

  20. I have Citrix PS 4.5 installed on a W2003 Server and I solved mine by changing the Environment settings for both ICA and RDP to open the Desktop.

    I think the problem happens in the RCA environment, when you select the middle option to open the application specified by the user. This seems to also changes the ICA setting and I believe this cause the weird all of a sudden “”…you must have Terminal Server User Access permissions” message.

  21. Thanks man. I was trying to remote into a client this evening and had the same error message. I was not on site to fiddle around to see whats going on so I stuck the error message in google and happened upon this fix you have listed. I didn’t try it but hey it deff going to work. Thanks, This will save me sometime tomorrow on an already busy schedual.

    Regards

    ma

  22. tengo un problema cuando me conecto al terminal server me sale el siguientes mensajes:

    To log on to this remote computer, you must have terminal server user Access permissions on this computer. By default of the remote desktop users group have these permissions. If you are not a member of the remote desktop users group or another group that has these permissions, or if the remote desktop user group do not have these permissions, you must be granted these permissions manually.

  23. not to confuse the issue but we have 3 of us using mstsc with the same administrator login to many 2003 servers and I am the only one to get that error. I have XP SP2, one co-worker has XP SP3, and another has Vista. They do not have any issues. I use the /console option and they use the /admin option (SP3 and Vista change)

    I tried upgrading to SP3 but got a BSoD that I spent 2 days trying to recover from.

    Anybody have any ideas?

  24. Quite strangely I was experiencing same problem,however,I did not have terminal services installed so this solution did not work for me. I ran mstsc script: “mstsc /console /v:ServerName” and Oila! was able to connect. After running the script, all my RDP icons began to work again.

  25. OMG – thank you so much for this note re remote desktop saved me a heap of time getting the issue resolved

    The server had gone well past it 120 days however I simply found unchecking the TS going to the point where it tells you its uninstalling and then going back and rechecking it did the same thing without a reboot:)

    excellent post!

  26. 1) Verify your listener settings:

    – Open Terminal Services Configuration
    – Open properties for your ica-tcp listener.
    – goto the tab – “ICA Settings”
    – Under “Initial Program”, uncheck the option: “Only Launch Published Applications”

    If you want to use RDP to access your Citrix server, please make this change to your rdp-tcp listener.

    2) Also, please make sure that local policies (Allow users to connect remotely using Terminal Services) are set-up correctly.

    If you still face any issues, goto event viewer for lisencing issues.

  27. We had this issue on a server where I suspect somebody previously installed Terminal Services to test with which kicked off the 120 free license, then uninstalled Terminal Services and re-activated RDP.
    When somebody else installed Terminal Services, we’d inexplicably get this error no matter what security settings we tried.
    The other issue is we couldn’t use the licensing manager to connect to our license server, it would just say it couldn’t connect.

    The Fix:
    In Terminal Services Configuration, go to Server Settings – License Server Discovery Mode – Set to your license Server mode and enter your license server’s name. This will not work until a reboot.

  28. You’r the one…. nothing worked before your hint. what a stupid and nonsense message box microsoft left to complicate our lives.

    thanks a lot

  29. if youre an citrix admin, dont do the above!

    Open registry and search for the word “LicenseServers” and check what server is mentioned there. Change it to the name of your license server if needed. If you dont have one, you need to install one.

    We took down a license server and forgot that there is a difference between ts-licensing and citrix licensing. Your servers need a ts-license server and if they cant find one the 120 days graceperiod will go active, rendering your servers unuseable after 120 days.

  30. Hi! Peter,

    Really thanks and appreciate such well define solution for such pathetic problem

    Thanks to you I saved a lot of time.

    You’re hero, man :)

  31. This worked for me. I was hesitating to do it because I found a warning message when trying to remove the checkmark from Terminal Services. It says that all software installed while Terminal Services was active needed to be reinstalled after removing the checkmark. I took the chance and all is good so far.
    Thanks !!!! Great job !!!

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>