none
Windows Server 2008 R2 Remote Desktop - The requested session access is denied

    Question

  • Hi, I have been using Windows Server 2008 R2 since it was released, and have 100 servers up and running. I configured Allow Remote Desktop on all of them and have been able to connect to them and manage them via RDP since then. I also have two servers configured as Remote Desktop Services.

    That was up until yesterday. Yesterday afternoon I started getting the The requested session access is denied. I managed all Terminal services via Group Policy and have three users entered.

    I am connecting to the servers via Windows XP SP3 and Windows 7. Both clients have been updated to the latest Remote Desktop Services client.

    I have been searching for the answer, and I am not finding it.

    I have also tried KB954369 without any success. 

    Thanks,

     

    Brian

     

    Tuesday, March 23, 2010 12:25 PM

Answers

All replies

  • I am having the same issue but when i clear the admin console connection I have started to get 

    the desktop you are trying to open is currently unavailable, contact your administrator to confirm that the correct settings are in the place for your client connection.

     

    Tuesday, April 06, 2010 11:49 PM
  • Ok, from my trials and tribulations and discussions with Microsoft I have identified the following;

    Assumptions;

    A. My terminal server is in domain widget

    B. All the users are in domain contoso

    1. I had the Terminal Server configurured with a specific Login, which would launch a specific application only and not give them any desktop functions. Wiht this configured this way, I get the error I wrote about.

    2. If I turn the specific login off, then I can login normally and perform the functions as Administrator that I need/want to do.

    3. Microsoft said to configure the Terminal Server with Single Sign-on. I did as instructed and went thru all the steps, however because my terminal server is in domain widget, the users get prompted twice each time for login. Once on the website, and then again as the application launches. Microsoft said that the users needed to Remote Desktop Client 7.x or the self-signed certificate that I have has to be included in the domain contoso certificate authority so that they will not be prompted for the second sign-on.

    4. Conclusions - I need to have a chat with our enterprise security team about including the self-signed certificate in the contoso certificate authority. I need to also work on my RDWeb website so that it meets our company standard look.

    Here are the links that Microsoft provided;

     

    http://technet.microsoft.com/en-us/library/cc772108(WS.10).aspx

    Enable RDC Client Single Sign-On for Remote Desktop Services

    http://technet.microsoft.com/en-us/library/cc742808.aspx

    Blogs -

    http://blogs.msdn.com/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx

    http://blogs.msdn.com/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx

    http://blogs.msdn.com/rds/archive/2009/06/05/publishing-in-windows-server-2008-r2.aspx

    http://blogs.technet.com/pfe-ireland/archive/2008/09/05/windows-server-2008-terminal-services-presentation-virtualisation-and-windows-xp-clients.aspx

     

    I hope this help you in your troubleshooting.

     

    Brian

     

     

    Wednesday, April 07, 2010 12:44 PM
  • I have encountered this problem also.

    When looking into the RDP-protocol properties, and selecting the security tab, it showed that both the local administrators security group and the Remote Desktop Users security group had been deleted from the ACL.

    After adding these groups and granting the correct permissions (Administrators full control / Remote Desktop Users user access) everything was fine again.

    It's just that the cause of this misery is still unclear.

    Wednesday, October 06, 2010 9:34 AM
  • See this was awhile back so not sure if you still need this but for other readers' :

    Sounds like the expiration for 120 days to configure to your licensing server. This is for the Remote Desktop Services setting. It should be in the alerts logs as well. This is my first guess. Good luck !

     

    Tuesday, August 02, 2011 6:53 PM
  • http://2008release2en.blogspot.com/2011/04/rds-host-requested-session-access-is.html

    A user trying to connect to a RDS host 2008 R2 (workgroup environment) got the error message "requested session access is denied". The user is member of the local remotedesktop user group and
    the permission "Allow logon via Remotedesktop servies" is granted.
    When granting administrative rights the issue will not appear.

    Solution: Remove the /admin parameter in the remote desktop connection. The user was trying to connect to the RDS host console session. This of course will not work with user rights.

    mstsc /admin

    mstsc /console

    mstsc

    Thursday, November 24, 2011 7:40 PM
  • If your are getting "Access is Denied" error upon logon through RDP. Check "Remote desktop services" on the server you are trying to logon. If it is starting with "Local System" account, configure it to start with "Network Service" account. If you want to verify that, compare HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService with healthy machine.

    Saturday, June 16, 2012 8:24 AM
  • I had this issue (Windows 2008R2, user is a local admin and gets Access Denied for Remote desktop sessions) as well.  I discovered that the users account had "Use Kerberos DES encryption..." selected in his Active Directory account (scroll down under Account options).  Turning it off allowed him to login.
    Wednesday, March 26, 2014 9:57 PM