Forum Discussion
Connection was denied because the user account is not authorised for remote log in
Hi experts,
...
there was a restart of the server that is running as VM in azure... and since then, I've been experiencing some issues that are seriously affecting the company.
When I want to RDP with a required account (lets call it "azvmuser") to the server, I get the message that I'm not authorized. With Administrator account, I can connect with no issues... The only way I could fix it was by adding the "azvmuser" via "User Accounts" -> "Give other users access to this computer" .... This works for a while however at some point the issue returns and when I check the Users Accounts again, the "azvmuser" is missing there again and have to add it again...
There is a task created in "Task Scheduler" that runs for that user and due to the issue above, the task is failing... When I add the user to "Give other users access...", the Task runs fine...
Any idea how to fix it? ... for now, I just manually check the VM and add the user "azvmuser" when I get the error message...
It is happening for a business critical VM..... other 3 VMs we have in Azure are working fine 😕
Below are the steps to make sure the access:
Hi... I've checked those... and the user is part of "Remote Desktop Users" and also the that group is included in "Allow log on through Remote Desktop Services".... I've re-added it but didn't help...
Looks like the issue is not with this part.... but the issue is that the users disappears from "User Accounts" almost every 30mins-1hr.... Only when I am connected to the VM as that user, it stays there.... but after I disconnect, it will disappear after a whileUPDATE: so it disappear even when I'm connected to VM.... but I can still be logged in... After I disconnect, I need to add the user back to "User Accounts". Also, when I add the user as "User", I get the same error message... If I add it as "Administrator", I can connect.
MiSum83 It sounds like you indeed are fixing the issue (by adding the user to the Remote Desktop Users group), but there is a Group Policy managing this group via Restricted Groups and the accounts are removed when the policy refreshes.
Use Resultant Set of Policy (RSoP) on the server to find the policies applied, I suspect you will find a policy that contains restricted groups. It could possibly be applied in Group Policy Preferences as well, as that can also be set to remove members from a group.
