Error “The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license” !!

One of our clients had recently configured Remote Desktop Services on a Windows Server 2012 R2 OS. Since it was a small infrastructure, all the remote desktop roles were installed on the single server. The RDP CALs were installed on the Remote Desktop Licensing Manager console as well.

However, every time the client tries to RDP to the RDP server, it shows the below error :

RDP1

 

Other than this, in the RD Licensing Manager, the RDS per user CAL information was not being displayed. When accessing the Remote Desktop Services Overview option from Server Manager, all it show is :

RDP2

 

At the same time, when trying to find the configuration details from the PowerShell by executing the command Get-RDLicenseConfiguration, you get

 

Upon checking the event log errors and the Remote Desktop License Diagnoser some errors were displayed. Once of the error reported as follows :

RDP4

Another error was,

RDP5

The second error was resolved by deleting the binary key L$RTMTIMEBOMB from the GracePeriod registry in the location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod.

Note: In order to delete this key, you will have to take full permission of the GracePeriod registry key or you may receive an error as shown below:

RDP6

You may have to reboot your server as well. However, the issue persisted even after performing the above steps. In order to check whether the licensing server is configured you can execute the below command in PowerShell

$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting

$obj.GetSpecifiedLicenseServerList()

RDP7

As you can see, in the above image the SpecifiedLSList is shown as empty. Run the below commands to enable the per user mode and also to manually specify the LicenseServer.

  1. Open an elevated Windows PowerShell prompt
  2. Type the following command on the PS prompt and press Enter:$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
  3. Run the following command to set the licensing mode:
    Note: Value = 2 for Per device, Value = 4 for Per User$obj.ChangeMode(value)
  4. Run the following command to replace the machine name with License Server:$obj.SetSpecifiedLicenseServerList(“servername”)
  5. Run the following command to verify the settings that are configured using above mentioned steps:$obj.GetSpecifiedLicenseServerList()

The result will be

RDP8

The RD Licensing Manager will also display the RDS per user details.

RDP

The RDP to the server worked as a charm too..

 

Reference : http://social.technet.microsoft.com/Forums/windowsserver/en-US/ebc032e2-ab2d-4acd-aef7-28ed548be569/how-to-set-up-remote-desktop-licensing-mode-in-windows-server-2012?forum=winserverTS

Advertisements

Resolve error – “The local policy of this system does not permit you to logon interactively.”

Recently one of our client who has an SBS 2003 (also acts as a Domain Controller), faced an issue in logging to the server using the Administrator account. The following error was received “The local policy of this system does not permit you to logon interactively“.

This issue was resolved by removing the Administrator account from the Remote Operators group and from the Domain Power Users group.

Note that the Domain Power Users group will always be a member of the Remote Operators group, which should not be changed.

remo

By default, the built-in Administrator in Windows SBS is a member of following groups:

  • Administrators
  • Domain Admins
  • Domain Users
  • Enterprise Admins
  • Group Policy Creator Owners
  • Mobile Users
  • Schema Admins

Admin

You might also notice the following error in event viewer:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 534
Date: date
Time: time
User: NT AUTHORITY\SYSTEM
Computer: computername
Description:
Logon Failure:
Reason: The user has not been granted the requested logon type at this machine
User Name: administrator
Domain: EXAMPLE
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: computername
Caller User Name: computername$
Caller Domain: EXAMPLE
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 5828
Transited Services: –
Source Network Address: 127.0.0.1
Source Port: 0

Once, the Administrator user has been removed from the group log in to server and confirm.

 

Reference : http://support.microsoft.com/kb/841188

Enable multiple RDP sessions on Windows Server Operating Systems

By default in Windows Operating Systems, a user account is entitled only for a single RDP session. That means once you are logged in to a server remotely using a user account say Administrator, a simultaneous connection to the server again using the Administrator account will result in the disconnection of the previous session.

This can be taken care of within the Windows itself by enabling multiple RDP sessions. You can achieve the same by any of the below mentioned methods :

Through registry modifications :->

  •  Log in to the Windows Server
  • Launch Registry Editor from Run by typing the command regedit
  • Navigate to the following registry key :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

  • Select the key fSingleSessionPerUser, double click the same
  • To enable multiple sessions, set the decimal value to 0 and to disable use the decimal value 1
  • Try logging in to the server simultaneously and confirm the same

Reg

Through local group policy editor:->

  • Log in to the server
  • Launch Local group policy editor from Run using the command gpedit.msc
  • Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections
  • Select the policy “Restrict Remote Desktop Services users to a single Remote Desktop Services session
  • In order to enable multiple sessions, change the policy setting to “Disabled”  and update the policy

remote

 

The above settings can also be deployed via a group policy as well. Only difference is that you will have to launch the Group Policy Management Console [gpmc.msc] and create a new group policy.

Display and reset remote sessions using QWINSTA and RWINSTA !!

Each and every one of you might have at times faced issues connecting to a Windows Server or desktop machine due to disconnected sessions. At first, you might try to connect using the admin console only to know that a console session already exists. There are chances people even might think of remote rebooting the server/desktop. If so, WAIT & take a glance below !!

Steps to display remote sessions on a machine :

  • Launch CMD
  • Execute the command qwinsta /server:servername. eg :

qwintsa

  • Note the session IDs of the remote sessions on the server

Steps to reset or kill remote sessions on a machine :

  • Launch CMD
  • Execute the command rwinsta ID /server:servername. eg :

rwinsta

  •  Check and confirm that the remote sessions have been removed.