Home / server / Questions / 282973
Accepted
Adrian Grigore
Asked: 2011-06-23 04:16:09 +0800 CST

Can't log anymore with RDP on my server after adding it in my domain

  • 772

I have two dedicated with Windows 2008 R2 servers which I am using for Web hosting. One Server A is a domain controller, Server B should simply be added to the domain controlled by Server A.

So I RDP'd into Server B and changed the system settings so that Server B is part of that domain. I entered my domain admin credentials, was welcomed to the domain and asked to reboot the server. So far everything seemed to work smoothly

After rebooting, I could not open an RDP connection to Server B anymore:

Remote Desktop can’t connect to the remote computer for one of these reasons:

1) Remote access to the server is not enabled 2) The remote computer is turned off 3) The remote computer is not available on the network

Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.

I restored an older backup of Server B and switched off the firewall before adding the server to my domain. But the problem reoccurred just the same.

What could be the reason for this? The domain is brandnew and I did not change any of the default settings. Could this be some kind of domain-wide default policy that shuts down RDP on any domain clients? Or perhaps it has to do with the fact that Server B is virtual?

Thanks for your help,

Adrian

windows-server-2008 active-directory rdp domain

3 Answers

  1. Best Answer

    I can't say with 100% certainty but I think this is normal. When joining a domain you're changing the server's identity and so Windows disables RDP connections (the radio buttons under the Remote Desktop section on the Remote tab of System Properties) due to the fact that the server has moved into a new neighborhood, if you will (a gated community) and is now potentially accessible by a new "universe" of users. This forces you to re-enable RDP connections and select the users who are allowed to RDP to the server. You should notice that when enabling RDP after the domain join and clicking the Select Users button and then clicking the Add button that the focus (location) is now on the domain instead of the local machine.

    Again, I'm not 100% certain about this but I'm pretty sure I've seen this when joining new computers to our domain. I have a GPO that configures RDP access so I just typically overlooked the change in behavior because my GPO sets the appropriate behavior.

    EDIT

    I just tested this with a new W2K8 server and it appears that this is not the case. I enabled RDP connections and then joined the server to the domain and RDP connections remained enabled. I haven't tested this with W2K8R2.

    • 4

  2. Sure - you need to find out what GPOs are being applied to the server once it's in the domain. RDP could be disabled in one of them, or there could be a firewall config in one of them that blocks it.

    • 1 
  3. @echo off
setlocal
if {%1}=={} goto syntax
:loop
if {%1}=={} goto finish
set remote="\\%1\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server"
shift
reg.exe ADD %remote% /v fDenyTSConnections /t REG_DWORD /d 0 /f>nul 2>&1
if NOT %ERRORLEVEL% EQU 0 @echo %remote% NOT found.
goto loop
:syntax
@echo Syntax: RemoteDesktop Computer1 [Computer2 .... Computern]
goto loop
:finish
endlocal

    Bat script to enable RDP remote,

    • 0