Microsoft KB Archive/822142

= How to Help Prevent Users from Logging On When Their Terminal Server User Configuration Data Cannot Be Obtained =

Article ID: 822142

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 4

-



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
Windows 2000 Service Pack 4 (SP4) includes the functionality of the hotfix that is described in the following Microsoft Knowledge Base (KB) article:

331627 Terminal Services Client Cannot Obtain Terminal Services User Configuration from Domain Controller During Logon

By installing this hotfix, you can help prevent a user from logging on when a domain controller does not respond to the request for a user's configuration data (such as a profile path). However, to maintain compatibility with existing installations, this functionality is not enabled when you install Windows 2000 SP4.

This article describes how to enable this functionality.



MORE INFORMATION
To enable the functionality that is described in the &quot;Summary&quot; section of this article, follow these steps.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.  Click Start, click Run, type regedit in the Open box, and then click OK. Locate the following registry subkey:

 Right-click Terminal Server, point to New, and then click DWORD Value. In the New Value #1 box, type FailLogonOnRegUserConfigErrorsForW2K, and then press ENTER. Right-click FailLogonOnRegUserConfigErrorsForW2K, and then click Modify. In the Value data box, type 1 (one), and then click OK.

Note If you want to disable this functionality, either delete the FailLogonOnRegUserConfigErrorsForW2K registry value or set the value to 0 (zero). Quit Registry Editor.</li></ol>

When you enable this functionality, users should not be able to log on to the terminal server remotely if their Terminal Server User Configuration data cannot be obtained. A user who tries to log on to a terminal server under this scenario may receive the following error message:

Your interactive logon privilege has been disabled.

This behavior may occur if the terminal server cannot resolve the host name of a user's computer with a domain controller in the user's local domain. This scenario may occur if both of the following conditions are true:
 * NetBIOS name resolution is not enabled on the terminal server that the user tries to connect to.

-and-
 * The terminal server does not have the user's domain in its Domain Name System (DNS) suffix search list.

To work around this issue, use either of the following methods:
 * Add the user's domain to the DNS suffix search list on the terminal server.

-or-
 * Advise the user to specify the fully qualified domain name (FQDN) of the user's domain in the User name box during logon to the terminal server.

Additional query words: TS roaming profile config denied

Keywords: kberrmsg kbprb KB822142

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.