Windows Server 2008 R2 Remote Desktop - The requested session access is denied RRS feed

  • Question

  • Hi, I have been using Windows Server 2008 R2 since it was released, and have 100 servers up and running. I configured Allow Remote Desktop on all of them and have been able to connect to them and manage them via RDP since then. I also have two servers configured as Remote Desktop Services.

    That was up until yesterday. Yesterday afternoon I started getting the The requested session access is denied. I managed all Terminal services via Group Policy and have three users entered.

    I am connecting to the servers via Windows XP SP3 and Windows 7. Both clients have been updated to the latest Remote Desktop Services client.

    I have been searching for the answer, and I am not finding it.

    I have also tried KB954369 without any success. 





    Tuesday, March 23, 2010 12:25 PM


All replies

  • I am having the same issue but when i clear the admin console connection I have started to get 

    the desktop you are trying to open is currently unavailable, contact your administrator to confirm that the correct settings are in the place for your client connection.


    Tuesday, April 6, 2010 11:49 PM
  • Ok, from my trials and tribulations and discussions with Microsoft I have identified the following;


    A. My terminal server is in domain widget

    B. All the users are in domain contoso

    1. I had the Terminal Server configurured with a specific Login, which would launch a specific application only and not give them any desktop functions. Wiht this configured this way, I get the error I wrote about.

    2. If I turn the specific login off, then I can login normally and perform the functions as Administrator that I need/want to do.

    3. Microsoft said to configure the Terminal Server with Single Sign-on. I did as instructed and went thru all the steps, however because my terminal server is in domain widget, the users get prompted twice each time for login. Once on the website, and then again as the application launches. Microsoft said that the users needed to Remote Desktop Client 7.x or the self-signed certificate that I have has to be included in the domain contoso certificate authority so that they will not be prompted for the second sign-on.

    4. Conclusions - I need to have a chat with our enterprise security team about including the self-signed certificate in the contoso certificate authority. I need to also work on my RDWeb website so that it meets our company standard look.

    Here are the links that Microsoft provided;


    Enable RDC Client Single Sign-On for Remote Desktop Services

    Blogs -


    I hope this help you in your troubleshooting.





    Wednesday, April 7, 2010 12:44 PM
  • Deleted
    Wednesday, October 6, 2010 9:34 AM
  • See this was awhile back so not sure if you still need this but for other readers' :

    Sounds like the expiration for 120 days to configure to your licensing server. This is for the Remote Desktop Services setting. It should be in the alerts logs as well. This is my first guess. Good luck !


    Tuesday, August 2, 2011 6:53 PM

    A user trying to connect to a RDS host 2008 R2 (workgroup environment) got the error message "requested session access is denied". The user is member of the local remotedesktop user group and
    the permission "Allow logon via Remotedesktop servies" is granted.
    When granting administrative rights the issue will not appear.

    Solution: Remove the /admin parameter in the remote desktop connection. The user was trying to connect to the RDS host console session. This of course will not work with user rights.

    mstsc /admin

    mstsc /console


    Thursday, November 24, 2011 7:40 PM
  • If your are getting "Access is Denied" error upon logon through RDP. Check "Remote desktop services" on the server you are trying to logon. If it is starting with "Local System" account, configure it to start with "Network Service" account. If you want to verify that, compare HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService with healthy machine.

    Saturday, June 16, 2012 8:24 AM
  • I had this issue (Windows 2008R2, user is a local admin and gets Access Denied for Remote desktop sessions) as well.  I discovered that the users account had "Use Kerberos DES encryption..." selected in his Active Directory account (scroll down under Account options).  Turning it off allowed him to login.
    Wednesday, March 26, 2014 9:57 PM
  • Worked for me removing the /admin  parameter. 


    Tuesday, December 2, 2014 12:57 PM
  • Ok But How to specific Remove the /admin parameter in the remote desktop connection?

    Please give me your steps remove this paramater

    Monday, November 21, 2016 9:42 PM
  • When you go to Start - Run just type "mstsc" nothing more, nothing less, no /admin or anything.

    BTW, removing the /admin worked. The person I was helping was a member of "remote desktop users" and not a local admin of the box and could probably be the reason they were getting that error.

    Saturday, July 15, 2017 10:41 AM
  • With notepad, in the saved mstsc file, I have removed the line "administrative session:i:1". 

    This line works only if the user have admin rights on the server.

    If not, the user receive : "the requested session access is denied". 

    Tuesday, June 12, 2018 12:32 PM
  • This error was driving me crazy as I was testing a new users setup. 
    Forgot that I had my shortcut with the console paramter. 

    Tnx for the help :)
    Sunday, February 24, 2019 6:01 PM