Unable to log onto new virtual domain server desktop via the Hyper-V Manager or via RDS

Michael Faklis 41 Reputation points
2022-04-09T19:41:53.01+00:00

I am working on building up a new set of Windows 2019 servers to replace my Windows 2012R2-based domain.

There are three hyper-v machines;

Primary Domain Controller - Server 2019
Secondary Domain Controller - Server 2019
Exchange 2013 Server on Server 2012R2

Hyper-V Server 2019 will be used as the host, although I am temporarily using Windows 10 Pro as the host. I am testing in an Hyper-V Internal Switch on a single hyper-v host.

I have added the Remote Desktop Services role so I can support the domain away from my Hyper-V host. I am accessing the new servers by connecting from the Windows 10 Hyper-V Manager.

Now when I attempt to log into a server desktop, I get the following error message:

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Administrators group have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually.

This confuses me since connecting to a hyper-v machine via the hyper-v manager was traditionally treated as a local login.

Secondly; I have added my admin user to the list of "Allow log on through Remote Desktop Service" local profile, user rights attribute in my default domain policy.

I was able to log into my primary domain server by un-setting the "Enhanced session" via the virtual machine connection view menu. I see this as a temporarily work around, because my intent is to access the Hyper-V virtual machines with remote desktop services.

I found a web post that says I need to authorize remote users as a local administrator, but since I'm trying to connect to the primary domain controller, and it has no local user accounts.

What must I do to get authorization to log onto my new virtual domain servers via Remote Desktop Services?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,555 questions
Hyper-V
Hyper-V
A Windows technology providing a hypervisor-based virtualization solution enabling customers to consolidate workloads onto a single server.
2,602 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,346 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Dave Patrick 426.4K Reputation points MVP
    2022-04-09T19:59:57.923+00:00

    I have added the Remote Desktop Services role so I can support the domain away from my Hyper-V host

    This is not necessary and just causes you to need to complete the RDS deployment including purchasing RDS Cals to be installed on your RDS licensing server. As to logon to the domain controllers; try using the domain admin account.

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  2. Dave Patrick 426.4K Reputation points MVP
    2022-04-09T21:52:19.043+00:00

    I thought a RDS Cal wasn't needed for system administration.

    That's correct but since the RDS role has been added that changes this unless you use the /admin switch. Hopefully RDS role is not on the domain controller.

    I am using the domain admin account,

    Should have worked out of the box, it does for me every time, but the above issue could have complicated things.

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  3. Dave Patrick 426.4K Reputation points MVP
    2022-04-10T17:15:21.863+00:00

    Yes, that's correct. Connecting via hyper-v management is simply a console session. You could also try just RDP to it from another one.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

  4. Michael Faklis 41 Reputation points
    2022-04-10T17:59:23.93+00:00

    I believe in my original post, I said that the hyper-v manager Connect is supposed to open a local console, but now it is using RDS, giving me the error message;

    "To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Administrators group have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually."

    You did correctly inform me that I didn't need RDS to do administrative access, I can just use the /admin switch for the remote desktop connection utility. This was new information for me. With that knowledge I took your advice and removed RDS from my server. There's no reason to keep unneeded roles on the server, and good reason to keep unneeded roles and features off the server.

    However, I still get that message referring to RDS, and login is blocked. As I originally stated, I found a workaround to allow access by unchecking the Enhanced Session option. The error message forbidding login refers to RDS, even though I removed RDS. I don't see that we resolved the original problem. Removing RDS made no difference at all. The problem persists,