Hi, I was hoping you might be able to help me with the following issue.
I have a Windows Server 2008 R2 SP1 member server that I’m moving from one domain with a W2K8 R2 SP1 DC as well as a W2K3 SP2 DC to a new domain with a single W2K8 R2 SP1 DC. I was able to successfully remove it from the old domain and join it to the new domain; however no users are able to remotely access the member server once it was moved to the new domain. The same users are able to logon to the server from the console, though. We do not currently have Remote Desktop Services or Terminal Service running in this environment so users are remotely accessing the servers via Remote Desktop.
I currently have a GPO configured in the new domain to push a domain security group out to the Built-In Remote Desktop Users group of each member server so that members of this security group can remotely logon to the server. Both Group Policy Modeling and Group Policy Results believe that this GPO should be successfully applied to the member server but the domain security group does not appear as a member of the Remote Desktop Users group on the member server. Running RSOP on the member server and looking at the local security policy Restricted Groups settings I can see that the security group appears to be present but is not successfully applied. Instead of the group name all that is displayed is the SID. Looking at the properties I can see that there was an error preventing the GPO from being applied which refers me to the winlogon.log file.
The following is an excerpt from the winlogon.log file:
----Configure Group Membership...
Configure *s-1-5-21-3629377674-4160658571-2317812463-1282.
Error 1332: No mapping between account names and security IDs was done.
No system mapping was found for *s-1-5-21-3629377674-4160658571-2317812463-1282.
Configure *s-1-5-21-3629377674-4160658571-2317812463-1223.
Error 1332: No mapping between account names and security IDs was done.
No system mapping was found for *s-1-5-21-3629377674-4160658571-2317812463-1223.
Configure *s-1-5-21-1161451625-1223646944-692785335-1155.
Error 1332: No mapping between account names and security IDs was done.
No system mapping was found for *s-1-5-21-1161451625-1223646944-692785335-1155.
Group Membership configuration was completed successfully.
Additionally, by looking at the local security policy of the RSOP results on the member server I can see that another GPO I have configured to disable UAC on all systems in the domain does appear to be applied successfully.
I attempted to apply MS hotfix Windows6.1-KB977695-x64 to the DC but it notified me that this hotfix did not apply to the server.
Any suggestions you may have that can help resolve this will be greatly appreciated. Thanks…