Connection to a Windows CVM through Remote Desktop was denied

Last updated: 2019-10-17 13:27:20

PDF

Problem Description

Problem 1

When trying to connect to a Windows instance via Remote Desktop from Windows, you get the following message: “The connection was denied because the user account is not authorized for remote login.”

Problem 2

When trying to connect to a Windows instance via Remote Desktop from Windows, you get the following message: “To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Remote Desktop Users group have this right. If the group you’re in doesn’t have the right, or if the right has been removed from the Remote Desktop Users group, you need to be granted the right manually.”

Problem Analysis

The user is not allowed to log in to the Windows instance via Remote Desktop Connections:

Solution

  • If you encounter the problem 1 when trying to connect to a Windows instance through Remote Desktop, you will need to add the user account to the list of accounts that are allowed by the Windows instance to log in through Remote Desktop Services. For details, see Configuring the right that allows remote login.
  • If you encounter the problem 2 trying to connect to a Windows instance through Remote Desktop, you will need to remove the user account from the list of accounts that are denied by the Windows instance to log in through Remote Desktop Services.. For details, see Configuring the right that denies remote login.

Directions

Logging in to the CVM using VNC

  1. Log in to the CVM Console.

  2. In the Instance page, find the CVM and click Log in as shown below:

  3. In the “Log into Windows Instance” window, select “Alternative login methods (VNC)”, click Log In Now to log in to the CVM.

  4. In the login window, select “Send CtrlAltDel” in the top left corner, and click Ctrl-Alt-Delete to enter the system login interface as shown below:

Configuring the right that allows remote login

The following operations take Windows Server 2016 as an example.

  1. In the operating system interface, click , enter gpedit.msc, and press Enter to open the Local Group Policy Editor.

  2. In the left navigation tree, choose Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment, and right-click Allow log on through Remote Desktop Services as shown below:

  3. In the Allow log on through Remote Desktop Services Properties window, check whether the user account you want to use for remote login is on the user list of “Allow log on through Remote Desktop Services” as shown below:

    • If the user is not on the list, please take Step 4
    • If the user is on the list, please submit a ticket.
  4. Click Add User or Group to open the "Select User or Group" window.

  5. Enter the account you want to use for remote login and click OK.

  6. Click OK and close the Local Group Policy Editor.

  7. Restart the instance and try again to connect to the Windows instance with the account through Remote Desktop.

Configuring the right that denies remote login

The following operations take Windows Server 2016 as an example.

  1. In the operating system interface, click , enter gpedit.msc, and press Enter to open the Local Group Policy Editor.

  2. In the left navigation tree, choose Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment, and double-click Deny log on through Remote Desktop Services as shown below:

  3. In the Deny log on through Remote Desktop Services Properties window, check whether the user account you want to use for remote login is on the user list of “Deny log on through Remote Desktop Services”.

    • If the user is on the list, remove the user account from the list and restart the instance.
    • If the user is not on the list, please submit a ticket.