Logon issues Windows 2008 R2 Remote Desktop Services

Problem 1: When logging on to a Windows 2008 R2 Remote Desktop Services (former known as Terminal Services) you get the a balloon messages saying a temporary profile is loaded. Changes to the profile are not saved by exiting.

Solution: Backup all data in “%SystemDrive%\Users\UserName” or just rename the folder with .bak at the end. (if this is the first time you try to logon with this account there will be no folder with this username.)
Then start the registry editor and browse to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ ProfileList here you will find all user SID’s logged on to this RDS server. You will find here a subkey know as SID.bak take a look probably this will be the key of the user you get this error.
Delete this key and close registry editor (If you are not sure, first make a backup/export of the key before deleteing is). Then logoff and logon again.

Problem 2: When you try to logon to a Windows 2008 R2 Remote Desktop Services (former known as Terminal Services) server, you get the error: “The Group Policy Client service failed the logon.” “Access is denied.” and you are automatically logged off.

Solution: In my case this problem was caused by a corrupted NTUSER.Dat file. I solved it by logging on as a Administrator changed the user profile to local via Control Panel\User Accounts\User Accounts Configure advanced user profile properties. Then I replaced the NTUSER.Dat from the user by the NTUSER.Dat from the temp profile.
Probably this is caused by using a Terminal Server profile that is corrupted. Another Solution could be deleting this profile and building a new profiles for this user.

Posted in Blog, Windows 2008R2 by ronnypot at August 25th, 2010.
Tags: ,

9 Responses to “Logon issues Windows 2008 R2 Remote Desktop Services”

  1. Tom Fuchs says:

    Sometimes the solution is even simpler. I added my first 2008 R2 server to my network as a member server. Tried to log in as admin but kept getting the temporary profile. Verfied tht account works just fine on my other servers (2008 standard (not R2)), 2003). Looked at the profile of my admin account. Had a login script entered in the wrong box (in the path box instead of the script box). Removed the line and then was able to log in as a domain admin on my 2008 R2 box. So the discovery was: (2003,2008) ignore the bad entry in the path field (of the user profile in active directory), but R2 will throw you into temporary profile mode.

  2. ronnypot says:

    Thanks for your reply, in my case this was the same conclusion, on 2003 the user accounts had no problem. But on the 2008 R2 server the get the temporary profile. So 2008 R2 is much more stricter on several points.

  3. Jean says:

    Dear, We have unfortunatly desactivate the terminal service… So we cannot connect anymore to our server. The hosting company dont want to go in front of the machine to reactivate it.
    We have a parralell solution to connect via VNC in WinRescue mode… where we can access Registry and RUN.. functions.
    Is there a solution to reactivtate it?
    Via the registry, we set “fDenyTSConnection” to 0 (as you can read it here and there online)… but it doenst help.
    Another idea?
    Help, we dont want to reinstall everyting

  4. Steve says:

    I had an issue with a single user profile not being created (Problem-1)
    The solution suggested resolved the problem.


  5. ton says:

    thx! it worked. solution 1

  6. Bhavik says:

    i was facing same problem while connecting win 2008r2 RDC – “The Group Policy Client service failed the logon. Access is denied.”
    i fixed the issue by deleting particular user’s folder in C:\Users.

    Thanks hope this will aid u .

  7. Roberto Dimas says:

    Great! It worked in my case, however I had to delete the user’s folder in all 3 terminal servers in our TS Farm.

    I also deleted the registry key from the profile list.

    I am sharing a powershell command (You can tailor it to your needs) for getting the SID for every user in your domain:

    > Get-ADUser -Filter * -Properties * |select SID,SamAccountName,GivenName,Surname,DisplayName,TelephoneNumber,mail,@{n=’LastLogon’;e={[DateTime]::FromFileTime($_.LastLogonTimeStamp)}},Department|out-gridview

  8. Rusty Chapin says:

    Experienced problem 2 from original post while logging in to Windows 7 VM… don’t ask lol… Solution was to delete user folder using an admin account and all is well now.

    Thank you for the concise write up.

Leave a Reply to Tom Fuchs

Sharing Buttons by Linksku