7,023 questions
--please don't forget to upvote and Accept as answer if the reply is helpful--
Allow Domain Users to Use Remote Desktop
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 99%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
DangerD
11
Reputation points
I can't get get working RDP for users in domain...
Users added to "Remote Desktop Users":
>net localgroup "Remote Desktop Users"
Alias name Remote Desktop Users
Comment Members in this group are granted the right to logon remotely
Members
-------------------------------------------------------------------------------
rmd1
rmd2
rmd3
rmd4
rme1
rme2
rme3
rme4
test
User group also added here
And i'm still getting this error:
What i'm missing?
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
5 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2021-11-08T14:46:43.737+00:00 -
DangerD 11 Reputation points
2021-11-08T21:21:38.203+00:00 Permissions for the RDP-TCP listener can be set using the Tsconfig.msc - that's not available in Windows 2019
Didn't helped...
Users are in Remote Desktop Users group.
Added here group also, but it still doesn't work...
What else should i do? -
Anonymous
2021-11-08T22:46:03.707+00:00 Also check they're not in Deny log on through Remote Desktop Services or Deny access to this computer from the network
-
DangerD 11 Reputation points
2021-11-08T23:17:28.393+00:00 it's empty, it's a new windows installation
-
Anonymous
2021-11-08T23:18:16.893+00:00 Might check the security logs on both ends.
-
Anonymous
2021-11-09T13:17:57.647+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
DangerD 11 Reputation points
2021-11-09T14:04:44.72+00:00 Error 1
Automatic registration failed. Failed to lookup the registration service information from Active Directory. Exit code: Unknown HResult Error code: 0x801c001d. See http://go.microsoft.com/fwlink/?LinkId=623042
Error 2
Automatic registration failed at join phase.It asks to install Azure... i just want simple RDP...
Maybe it's a AD dns issue, all pcs connected to one router which is using google dns 8.8.8.8 and main pc has active directory set up and others pcs has dns ip pointed to main pc (in lan settings), maybe that's a problem?
If i'm trying to connect to rdp from same pc with same user it works, but not from abother pcs -
Anonymous
2021-11-09T14:13:42.2+00:00 Doubtful this is related to your issue.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/deployment/event-307-and-304-logged-for-deploying--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
DangerD 11 Reputation points
2021-11-09T14:45:46.48+00:00 so I should install Azure? I just want simple rdp without Azure...
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 21%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Katherine M. Moss 76 Reputation points2021-11-24T18:28:53.21+00:00 I would recommend creating a specific group that has the user right of remote logon assigned and then adding your users to that group; it's better practice to create your own groups for AD rather than using the built in ones.
Sign in to comment -
-
Anonymous
2021-11-09T14:49:03.05+00:00 Maybe it's a AD dns issue, all pcs connected to one router which is using google dns 8.8.8.8
Please run;
Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\problemworkstation.txtthen put
unzippedtext files up on OneDrive and share a link. -
Anonymous
2021-11-10T13:00:20.477+00:00 - srv3 is multi-homed, do not install the domain controller on hypervisor. Multi-homing a domain controller will always cause no end to grief for active directory DNS
- There may be an IPv6 DHCP server on network. IPv6 if not configured correctly will be problematic so I'd suggest turning off the router IPv6 DHCP server
- Domain controller and all members should have static ip address of DC listed for DNS and no others such as or public DNS (router?)
- I did not look further because these are all show stoppers.
--please don't forget to
upvoteandAccept as answerif the reply is helpful---
Anonymous
2021-11-15T13:24:21.513+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
DangerD 11 Reputation points
2021-11-18T10:57:04.117+00:00 srv3 is multi-homed, do not install the domain controller on hypervisor.
I'm a bit confused i'm a bit new to windows administrating, what should i change?
There may be an IPv6 DHCP server on network.
There's no way to disable IPv6 DHCP on it, so i've disabled it manually on all pcs and set static ip address.
Just realized that i have to specify domain in user while connecting from rdp... "domain\user" this way it works, is there any way to not specify domain?
Sign in to comment -
Anonymous
2021-11-18T14:23:20.907+00:00 Please put up a new set of files to look at.
Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\problemworkstation.txtthen put
unzippedtext files up on OneDrive and share a link.-
Anonymous
2021-11-19T10:07:08.263+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
DangerD 11 Reputation points
2021-11-22T12:12:16.857+00:00 I can't post link here...
https://1drv.ms/u/s!AlsIiKKz7uaTjgTnbhjuFSHKDWO8?e=bYJbEjafter posting some text i'm able to add link, that's a bug...
-
Anonymous
2021-11-22T14:02:17.423+00:00 srv3 is multi-homed. Multi-homing a domain controller will always cause no end to grief for active directory DNS (do not install active directory domain services on hypervisor)
Domain controller and all members must use the static ip address of DC listed for DNS and no others such as router or public DNS (remove google DNS)
I did not look further since these two are show stoppers.
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
Anonymous
2021-11-24T13:54:43.417+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
DangerD 11 Reputation points
2022-04-12T14:08:06.033+00:00 I still can't connect...
Remote Desktop Connection Broker Client failed to redirect the user mediatours\rmd4.
Error: NULLI able to connect to 1st pc where i have AD, i can't connect to 2nd pc...
I'm able to connect through rdp with users that are in Domain Admins group...
Sign in to comment -
-
Pierre Audonnet - MSFT 10,191 Reputation points Microsoft Employee2021-11-23T20:01:37.517+00:00 Note that "Remote Desktop Users" group in the AD console (since you have the windows-active-directory tag) is only used to give RDP access to the domain controllers.
Just make sure you keep this group empty. You don't want non-admin opening interactive sessions on your domain controllers (it's a no-no-no).To allow a user to open an RDP session on a member server the user will need the "Allow log on through Remote Desktop Services" privilege on the target system. This is given by default on member server to the users member of the local group "Remote Desktop Users" (the group on the local server, not the AD group). Or you can specify your own through group policy. Everything is explained in the post @Anonymous mentioned. I just tried it on my different labs, it works fine on Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019.
When Network Level Authentication is enabled (which should be the case by default, and stay that way), you will also need the privilege "Access this computer from the network" which is by default is given to the "Users" group (which by default contain the AD group "Domain Users" group, so everyone unless you played with that group in AD).
When you got the following error message, you should see on an event id 4625 on the the target server telling you why it failed (likely lack of the privileges aforementioned).
-
DangerD 11 Reputation points
2022-04-12T16:15:36.983+00:00 The problem i have now is that i can login to 1st pc that acts as AD server. To 2nd pc that are connected to AD i can't login to user accounts, administrator accounts can login (Domain Administrators group)
I have error: Remote Desktop Connection Broker Client failed to redirect the user domain\user.
To "Allow log on through Remote Desktop Services" i've added all users -
Anonymous
2022-04-12T17:23:04.04+00:00 Still waiting for the files
-
DangerD 11 Reputation points
2022-04-13T08:05:09.38+00:00 -
Anonymous
2022-04-13T12:26:16.877+00:00 CRyzen1 is multi-homed, do not install the domain controller on hypervisor. Multi-homing a domain controller will always cause no end to grief for active directory DNS
There may be an IPv6 DHCP server on network. IPv6 if not configured correctly will be problematic so I'd suggest turning off the router IPv6 DHCP server
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
DangerD 11 Reputation points
2022-04-13T13:07:09.913+00:00 CRyzen1 is multi-homed, do not install the domain controller on hypervisor.
What i need to change on CRyzen1 to make it not multihomed/hypervisor?
It has one Ethernet connection, 2nd is Virtualbox
Hyper-v is not installed on this server...i have Asus RT-AX88U, ipv6 is disabled there
-
Anonymous
2022-04-13T14:20:20.757+00:00 Hyper-v is not installed on this server...
virtualbox is one of many hypervisors
What i need to change on CRyzen1 to make it not multihomed
the second network interface makes it multi-homed.
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
DangerD 11 Reputation points
2022-04-13T15:21:01.623+00:00 Disabled 2nd ethernet adapter, same issue...
Users with group Domain Admins connects fine, others can't connect...
Or i should just forget AD and use local users? -
DangerD 11 Reputation points
2022-04-13T16:51:42.283+00:00 huh, i've resolved issue, i just added users group to CRyzen2 local group: "Remote Desktop Users" hooray!!
Sign in to comment -