This topic describes how to resolve the issue that the following error message appears when you connect to a Windows Elastic Compute Service (ECS) instance by using Remote Desktop: The connection was denied because the user account is not authorized for remote login.
Problem description
When you connect to a Windows instance by using Remote Desktop, the error message The connection was denied because the user account is not authorized for remote login appears and you cannot connect to the instance.
Causes
This issue may be caused by incorrect configurations of permissions on Windows Remote Desktop. You can use one of the following solutions to resolve the issue:
Solutions
You can use one of the following solutions based on your business needs. In this example, an instance that runs Windows Server 2008 is used.
Solution 1: Troubleshoot the User Rights Assignment settings in the group policy
Connect to the Windows instance by using Virtual Network Computing (VNC).
For more information, see Connect to a Windows instance by using a password.
Right-click the Start icon and select Run. In the Run dialog box, enter
secpol.mscand click OK. Open the Local Security Policy window.Choose Local Policies > User Rights Assignment > Allow log on through Remote Desktop Services.
Check whether the Remote Desktop Users group exists.
If the Remote Desktop Users group does not exist, proceed to the next step.
If the Remote Desktop Users group exists, perform operations described in the Solution 2: Troubleshoot the user group attributes of your user section.
Optional. If the Remote Desktop Users group do not exist, click Add User or Group to add the user group. Then, click OK.
Solution 2: Troubleshoot the user group attributes of your user
Connect to the Windows instance by using VNC.
For more information, see Connect to a Windows instance by using a password.
Right-click the Start icon and select Run. In the Run dialog box, enter
lusrmgr.mscand click OK. Open the Local Users and Groups window.In the left-side navigation pane, click Users. Double-click the username that you used in the failed attempt to connect to the instance.
In the user properties window that appears, click the Member of tab. Make sure that the user is a member of the user group that is granted the remote logon permissions in Solution 1: Troubleshoot the User Rights Assignment settings in the group policy.
Optional. If the user group does not exist, click Add to add the user group. Then, click OK.
Solution 3: Troubleshoot the Remote Desktop Session Host configuration
Connect to the Windows instance by using VNC.
For more information, see Connect to a Windows instance by using a password.
Right-click the Start icon and select Run. In the Run dialog box, enter
tsconfig.mscand click OK. Open the Remote Desktop Session Host Configuration window.Double-click the default remote desktop connection configuration RDP-Tcp or a connection configuration that you added. In the RDP-Tcp Properties window, click the Security tab.
Make sure that the Group or user names section on the Security tab displays your username or the user group that has been granted the remote logon permissions in Solution 1: Troubleshoot the User Rights Assignment settings in the group policy.
Optional. If the user group is not included in the Group or user names section, click Add to add the user group and then click OK.
Restart the ECS instance. For more information, see Restart instances.