Connection to a Windows CVM through Remote Desktop was denied

Last updated: 2021-02-26 14:21:47

    Error Description


    Case 1: When trying to connect to a Windows instance via Remote Desktop from Windows, the user sees an error that says The connection was denied because the user account is not authorized for remote login.


    Case 2: When trying to connect to a Windows instance via Windows Remote Desktop, the user sees an error that says To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you’re in doesn’t have the right, or if the right has been removed from the Remote Desktop Users group, you need to be granted the right manually.

    Possible Reasons

    The user is not allowed to log in to the Windows instance via Remote Desktop connections.

    Solution

    • For Case 1, add the user account to the list of accounts that are permitted by the Windows instance to log in through Remote Desktop Services. For detailed directions, see Allowing remote login.
    • For Case 2, remove the user account from the list of accounts that are denied by the Windows instance to log in through Remote Desktop Services. For detailed directions, see Denying remote login.

    Directions

    Logging in to the CVM using VNC

    1. Log in to the CVM console.
    2. On the instance management page, locate the target CVM instance and click Log In, as shown in the following figure:
      CVM list page
    3. In the Log in to Windows Instance window that appears, select “Alternative login methods (VNC)”, click Log In Now to log in to the CVM.
    4. In the login window that appears, select Send CtrlAltDel in the upper-left corner, and press Ctrl-Alt-Delete to open the system login window, as shown in the following figure:

    Allowing remote login

    Note:

    The following operations take Windows Server 2016 as an example.

    1. On the desktop, click , enter gpedit.msc, and press Enter to open “Local Group Policy Editor”.
    2. In the left navigation tree, choose Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment, and right-click Allow log on through Remote Desktop Services.
    3. In the “Allow log on through Remote Desktop Services Properties” window that appears, check whether the user account you want to use for remote login is in the user list of “Allow log on through Remote Desktop Services”.
      Allow log on through Remote Desktop Services
    4. Click Add User or Group to go to the Select User or Group window.
    5. Enter the account you want to use for remote login and click OK.
    6. Click OK and close “Local Group Policy Editor”.
    7. Restart the instance and try to connect to the Windows instance with the account through Remote Desktop again.

    Denying remote login

    Note:

    The following operations take Windows Server 2016 as an example.

    1. On the desktop, click , enter gpedit.msc, and press Enter to open “Local Group Policy Editor”.
    2. In the left navigation tree, choose Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment, and double-click Deny log on through Remote Desktop Services as shown below:
      Deny log on through Remote Desktop Services
    3. In the pop-up window, check whether the account you want to use for remote login is in the user list of "Deny log in through Remote Desktop Services".
      • If the user is in the list, remove the user account from the list and restart the instance.
      • If the user is not in the list, please submit a ticket.