OK. If you are sure the following are true:
1. Your resultant GPO policy allows Domain Admins, and does not deny anyone, and your local policy also reflects this (i.e. Allow Domain Admins, no denies)
2. You are a member of Domain Admins. Domain Admins is still a member of Administrators
3. Your user has the Allow Log On Locally rights through the correct group membership, nor is there any deny.
4. Your user object in AD has the 'Allow logon to terminal Server' box checked in the 'Terminal Service Profile' tab.
5. In Terminal Services Configuration, your user has 'User Access' rights to the rdp-tcp connection.
Then by rights really you should be able to get in.
Check the Event logs on the server for 'userenv' errors when updating policy (you could also use the verbose logging I described earlier). Also check the File replication Service event log for any FRS errors - this is how SYSVOL and consequently group policy is replicated. If you're concerned about AD replication, use replmon from the Window Support Tools (download from MS and install on the server) to check that replication is occurring successfully. Also use netdiag and dcdiag to uncover any other problems in your domain. Are the DCs also Global Catalogs?
One other thing - how long have the DCs been set up? Licencing wise - if you've got the DC in 'Application Mode' rather than 'Remote Desktop for Administration' and you haven't installed TS Licencing, you'll be refused access after 120 days. You should be in the latter mode. Check Terminal Services configuration (in Server Settings). It's a bit of a long shot but you never know :0)
