Search
Report Types:
Products
Updates
Logs
Bugs
Files
Encounters:
Only Reports that have Encounters
Encounters must contain resolution
Home
Products
Updates
Logs
Bugs
Files
Sign In
Create an Account
Action Links
Create a Product Report
Create a Update/Patch Report
Create a Log/Event Report
Create a Bug Report
Create a File Report
Recent Search Results
No Search results are currently available to display.
Your last search results will be displayed here for the duration of your browser session.
Latest Reports
Important KB977165 Security
0x80246002
Important KB2393802 Security
Critical KB2482017 Cummulative
Modifying the Terminal Server Profile Properties Sets Dial-in Access to "Denied"
Microsoft Xbox Console Original
Microsoft Xbox Console 360
Windows Application Event ID 10005, MsiInstaller, Error
httperr.log Error IIS 400
Application Information New Site Test 99999
...
6
7
8
9
10
...
Bug Report
Print
Edit This Record
Create New
Revision
4
Summary
Modifying the Terminal Server Profile Properties Sets Dial-in Access to "Denied"
Average Threat Rating
Average Threat Rating Help
X
Loading...
Encounters
More Info
Related Content
Alert Me
Discuss
Add Your Encounter
Hide Encounters without Resolutions
joverland
Posts: 41
5/17/2011
Revision
1
Threat Rating:
The behavior can be reproduced in Windows 2008 R2 SP1 with a new account as well as copying an existing.
How to Reproduce Bug with New Account
1. Create new account
2. Open account properties for editing
3. Click Remote Desktop Services Profile (do not click any other tabs!)
4. Add a Profile Path and Home folder drive
5. Click OK
6. Reopen account properties and view the Dail-in tab (now set to Access Denied)
How to Avoid Bug with New Account
1. Create new account
2. Open account properties for editing
3. Click on the Dial-in tab (only need to view the tab, no need make any changes)
4. Click on the Remote Desktop Servcies Profile
5. Add a Profile Path and Home folder drive
6. Click OK
7. Reopen account properties and view the Dial-in (still set to Control access through NPS Network Policy
Peer Reviews (0)
Peer Review Help
X
Loading...
No reviews have been post for this Encounter
Post a Peer Review:
joverland
Posts: 41
5/4/2011
Revision
4
Threat Rating:
Contains Resolution:
This also occurs on Windows 2008 R2 when copying an account even if the dial-in permissions are set to "Control access through NPS Network Policy". The Dail-in permissions were set to that via a script clearing the msNPAllowDialin attribute. Not ways reproducable. The account that was being copied to reproduce the problem was fixed by setting the dial-in permission to "Allow Access", saving, and then setting it back to "Control access through NPS Network Policy".
Steps to reproduce behavior in Windows 2008R2 with a new account:
How to Reproduce Bug with New Account
1. Create new account
2. Open account properties for editing
3. Click Remote Desktop Services Profile (do not click any other tabs!)
4. Add a Profile Path and Home folder drive
5. Click OK
6. Reopen account properties and view the Dail-in tab (now set to Access Denied)
How to Avoid Bug with New Account
1. Create new account
2. Open account properties for editing
3. Click on the Dial-in tab (only need to view the tab, no need make any changes)
4. Click on the Remote Desktop Servcies Profile
5. Add a Profile Path and Home folder drive
6. Click OK
7. Reopen account properties and view the Dail-in (still set to Control access through NPS Network Policy
Peer Reviews (0)
Peer Review Help
X
Loading...
No reviews have been post for this Encounter
Post a Peer Review:
joverland
Posts: 41
5/4/2011
Revision
14
Threat Rating:
Contains Resolution:
Our account managers ran into this after receiving reports from the field that users could not remote in with there new accounts. The problem was reproducable from a 2003 R2 SP2 Terminal Server, 2003 R2 SP2 Domain Controller and 2008 SP1 Terminal Server.
After copying an account that originally had the Dial-in access set to "Allow" it retained those settings. But after changing the Terminal Services Profile Home Folder and clicking OK the Dial-in access changed to Deny Access.
Found this Microsoft KB
http://support.microsoft.com/kb/317853
however it states that this was resolved in Windows 2000 SP3. Looks like something may have caused it to become a problem again in Windows 2003 R2 SP2.
We are currently working with a Microsoft Support Analyst to remedy this. The key to reproducing the issue is copying an account that has the Dail-in permissions set to Allow Access. Changing the Terminal Server Profile settings on an account that was created using the New option does not have this issue.
Another KB article specifying the behavior as a bug with a workaround:
http://support.microsoft.com/kb/277631
We implemented a workaround of setting all accounts from "Allow Access" to "Control access through Remote Access Policy". Accounts copied will have this same setting which does not have the issue when changing TS Profile settings.
NOTE: The above scripting method resolved the problem in Windows 2003 and Windows 2008, but it has become a problem again in Windows 2008R2
Peer Reviews (0)
Peer Review Help
X
Loading...
No reviews have been post for this Encounter
Post a Peer Review:
Copyright (c) 2011
About Us
Contact Us
Privacy
Disclaimer
FAQs