You may receive one of the following error messages:
The remote session was disconnected because the local computer’s client access license could not be upgraded or renewed. Please contact the server administrator.
• The remote computer disconnected the session because of an error in the licensing protocol. Please try connecting to the remote computer again or contact your server administrator.
• The remote session was disconnected because there were network problems during the licensing protocol. Please try connecting to the remote computer again.
• Licensing error occurred while the client was attempting to connect. (Licensing timed out.) Please try connecting to the remote computer again.
• Because of a security error, the client could not connect to the terminal server. After making sure that you are logged on to the network, try connecting to the server again.

Protocol Driver error

A client user/device may face this issue if when a the relevant Terminal Services temporary/full CAL has expired and cannot be renewed or upgraded. The renewal or upgrade process will fail if the client that is logged in does not have write access to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing.

Provide users with full control of the above key or at least write access.
Terminal Services UncategorizedTerminal Services Uncategorized

No Comments »
Filed under: Terminal Services

No licenses are being issued from the available licenses

• Verify the licensing mode of the terminal server. Is it in Per User mode or in Per Device mode?

Per User licensing is not managed and no licenses will be issued from this pool.

• If it is in Per Device mode, are temporary licenses being issued?
• Are the licenses that are installed Per User CALs or Per Device CALs? If the terminal server is in Per User mode, and Per Device CALs are installed, no licenses will be issued.

Terminal Services Terminal Services licensesTerminal Services Terminal Services licenses

No Comments »
Filed under: Terminal Services

Terminal server cannot find the terminal server license server or Event ID 1010 in the system event log

To troubleshoot this problem, follow these steps:

1. Try to open Terminal Server Licensing. If you are prompted for the name of the license server, discovery is not working. Add the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters

Name: DefaultLicenseServer

Data type: REG_SZ

Data value: <ServerName>

<ServerName> is a placeholder for the NetBIOS name or for the IP address of the license server that you want to use. (Do not use \\servername.)

2. Determine whether licensing has been installed in the domain role or in the enterprise role. In this environment, licensing must be in the domain role:

HKLM\System\CurrentControlSet\Services\TermServLicensing\Parameters\Role

REG_DWORD 0×00000000

0 = Domain Role

1 = Enterprise Role

3. Make sure that the Remote Registry service is enabled on the terminal server license server.

4. Verify the registry key for RestrictAnonymous on the terminal server license server:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA

Value: RestrictAnonymous

Value Type: REG_DWORD

Value Data: 0×2 (Hex)

5. If this value is set to 2, follow these steps to verify the Group Policy settings on the terminal server licenses server:

a. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.

 

Note If Administrative Tools does not appear in the Programs list, click Start, point to Settings, point to Control Panel, click Administrative Tools, and then click Local Security Policy.

b. Under Security Settings, double-click Local Policies, and then click Security Options.

c. Double-click Additional restrictions for anonymous connections, and then click No access without explicit anonymous permissions under Local policy setting.

 

Important After this registry key or policy is changed, you must restart the server for changes to take effect.

6. Verify that the admin shares are shared on the terminal server license server:

a. At a command prompt, type net share, and then press ENTER.

b. Make sure that the default shares, such as C$, Admin$, and IPC$, are returned.

7. Verify that File and Printer Sharing is bound to the Network Adapter and that the internal Network Adapter is at the top of the binding order.

8. Test by using the RDP client.

 

9. Test deleting the whole MSLicensing key:

HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing

10. Verify the permissions on the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing

Users must have at least read permissions.

licensing errors mslicensing Terminal Services terminal services licensinglicensing errors mslicensing Terminal Services terminal services licensing

No Comments »
Filed under: Terminal Services

Terminal ServicesTerminal Services

No Comments »
Filed under: Terminal Services

When you try to use Terminal Server Client to connect to a Terminal Server computer, you may receive the following error message:

Event Type: Error
Event Source: TermService
Event ID: 1004
Description:
The terminal server cannot issue a client license.

This error might be caused by one of the following conditions:

1. The licensing mode for the terminal server does not match the type of TS CALs installed on the license server.
2. The RDP encryption levels on the terminal server and the client are not compatible.
3. The certificate on the terminal server is corrupted.
4. Sections of the Windows 2000 registry on Terminal Server Client are changed from the default permission level

The licensing mode for the terminal server does not match the type of TS CALs installed on the license server

To resolve this issue, specify the Terminal Services licensing mode on the terminal server.

The Terminal Services licensing mode determines the type of Terminal Services client access licenses (TS CALs) that a terminal server will request from a license server on behalf of a client connecting to the terminal server. Although there is a licensing grace period during which no license server is required, after the grace period ends, clients must receive a valid TS CAL issued by a license server before they can log on to a terminal server.

Important: The Terminal Services licensing mode configured on a terminal server must match the type of TS CALs available on the license server.

To specify the Terminal Services licensing mode:

1. On the terminal server, open Terminal Services Configuration. To open Terminal Services Confiiguration, click Start, point to Administrative Tools, point to Terminal Services, and then click Terminal Services Configuration.

2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

3. Under Licensing, double-click Terminal Services licensing mode.

4. Select either Per Device or Per User, depending on your environment. For more information about the two options, see “Specify the Terminal Services Licensing Mode” in the Terminal Services Configuration Help in the Windows Server 2008 Technical Library (http://go.microsoft.com/fwlink/?LinkId=101638).

5. Click OK, and then click OK.

Note: You can also specify the Terminal Services licensing mode for a terminal server by using Group Policy.
•

To specify the Terminal Services licensing mode for a terminal server by using Group Policy, enable the Set Terminal Services licensing mode Group Policy setting. This Group Policy setting is located in Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Licensing. Note that the Group Policy setting will take precedence over the setting configured in Terminal Services Configuration.

Change the RDP encryption level on the terminal server

To resolve this issue, change the RDP encryption level on the terminal server to a level that is supported by the version of Remote Desktop Connection that is running on the client computer.

By default, Terminal Services connections are encrypted at the highest level of security available (128-bit). However, some older versions of the Terminal Services client do not support this high level of encryption. If your network contains such legacy clients, you can set the encryption level of the connection to send and receive data at the highest encryption level supported by the client.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To change the RDP encryption level:

1. On the terminal server, open Terminal Services Configuration. To open Terminal Services Configuration, click Start, point to Administrative Tools, point to Terminal Services, and then click Terminal Services Configuration.

2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

3. Under Connections, right-click the connection (for example, RDP-Tcp), and then click Properties.

4. On the General tab, change the value of Encyption level to a level that is appropriate for the version of Remote Desktop Connection that is running on the client computer.

Corrupted Licensing Certificates

To resolve this issue, delete the MSLicensing registry subkey on the client computer, restart the client computer, and then try again to connect remotely to the terminal server from the client computer. If the issue persists, delete the Certificate, X509 Certificate, X509 Certificate2, and X509 Certificate ID registry entries on the terminal server, restart the terminal server, and then try again to connect to the terminal server from the client computer.

To perform this procedure on the client computer, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To delete the MSLicensing registry subkey:

Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

1. On the client computer, open Registry Editor. To open Registry Editor, click Start, click Run, type regedit, and then click OK.

2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

3. Locate the HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing registry subkey.

4. Click MSLicensing.

5. Before deleting the MSLicensing subkey, back up the subkey. To back up the subkey, do the following:

1. On the Registry menu, click Export Registry File.

2. In the File name box, type mslicensingbackup, and then click Save. If you need to restore this registry subkey, double-click mslicensingbackup.reg.

6. To delete the MSLicensing subkey, on the Edit menu, click Delete, and then click Yes.

7. Close Registry Editor, and then restart the client.

8. After the client computer is restarted, try again to connect remotely to the terminal server from the client computer.

If the issue persists, delete the Certificate, X509 Certificate, X509 Certificate2, and X509 Certificate ID registry entries on the terminal server.

Sections of the Windows 2000 registry on Terminal Server Client are changed from the default permission level

To resolve this behavior, make sure that Terminal Server is communicating with the Terminal Server License server, and then edit the permissions on the Terminal Server Client computer. To do so, follow these steps:

1. Verify that there is no communication issue between Terminal Server and Terminal Server License server. For additional information about how to check the communication between Terminal Server and Terminal Server License server, click the following article number to view the article in the Microsoft Knowledge Base:
274805 (http://support.microsoft.com/kb/274805/) ” Terminal Server Has Ended the Connection” error message
2. Edit the permissions in the registry on the Terminal Server Client computer:
a. Start Registry Editor (Regedt32.exe).
b. Locate the following key in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing\Store\LICENSE00x
c. Click Security, and then click Permissions.
d. Set the permission for Everyone to Full, and then click OK.
e. Quit Registry Editor.

Terminal ServicesTerminal Services

No Comments »
Filed under: Terminal Services