"Connection to the server cannot be established" error message when users try to connect to a SharePoint Portal Server workspace using Web folders in a Terminal Services session on a Windows Server 2003 or Windows 2000 Server SP4 computer (838682)


The information in this article applies to:

  • Microsoft SharePoint Portal Server 2001

SYMPTOMS

Users who are not members of the Administrators group cannot connect to a Microsoft SharePoint Portal Server 2001 workspace using Web folders in a Terminal Services session on a computer that is running Microsoft Windows Server 2003 or Microsoft Windows 2000 Server Service Pack 4 (SP4). The users receive the following error message:
A Connection to the server cannot be established. If the problem persists contact your administrator.
Only users who are members of the Administrators group can connect to the SharePoint Portal Server 2001 workspace by using Web folders in a Terminal Services session. However, both administrators and non-administrators can connect to the SharePoint Portal Server 2001 workspace if the users do not use a Terminal Services session to connect to the server.

CAUSE

This issue occurs if the users are not assigned the "Create global objects" user right. The "Create global objects" user right is a Windows policy setting that was introduced in Windows Server 2003 and in Windows 2000 SP4. This user right is required for a user account to create global objects in a Terminal Services session. Users can still create session-specific objects without being assigned this user right. By default, members of the Administrators group, the System account, and services that are started by the Service Control Manager are assigned the "Create global objects" user right.

RESOLUTION

To resolve this issue, assign the users the "Create global objects" user right. To do this, follow these steps:
  1. Click Start, point to Administrative Tools, and then click Local Security Policy.
  2. Expand Local Policies, and then click User Rights Assignment.
  3. In the right pane, double-click Create global objects.
  4. In the Local Security Policy Setting dialog box, click Add.
  5. In the Select Users or Group dialog box, click the user accounts that you want to add, click Add, and then click OK.
  6. Click OK.

MORE INFORMATION

Windows Server 2003 and Windows 2000 SP4 introduce the "Impersonate a client after authentication" user right and the "Create global objects" user right. The "Impersonate a client after authentication" user right and the "Create global objects" user right help increase security in Windows Server 2003 and in Windows 2000. For additional information about the "Impersonate a client after authentication" and the "Create global objects" policy settings in Windows 2000 SP4, click the following article numbers to view the articles in the Microsoft Knowledge Base:

821546 Overview of the "Impersonate a client after authentication" and the "Create global objects" security settings

For more information about SharePoint Portal Server 2001, visit the following Microsoft Web site:

http://www.microsoft.com/sharepoint/previous/default.asp

Modification Type:MajorLast Reviewed:12/23/2004
Keywords:kbprb KB838682 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.