Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind.
Khasiat sirih merah pdf. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
We have several clients receiving errors after we replaced our TS License server when trying to connect through RDP Web connections. I have been able to fix all of the XP users by deleting the HKEYLocalMachine Software Microsoft MSLicensing sub-key as mentioned in several documents, but this does not work with all Vista or any Windows 7 machines. We have many remote users with mixed clients and some are 32 BIT some 64BIT Vistal and Windows 7. I did find information on running IE as an administrator and this only works on a per session basis. That is not acceptable since a lot of our users are not administrators nor can use admin credentials on company computers. Although it does recreate the MSLicensing key, it will still give the error after that if used normaly from a shortcut created to the RDP Web server. Any help will be appreciated since this is causing major issues for several remote clients.
Nic Nick Laurino. After changing our TS License server, All of our clients were receiving 'The remote computer disconnected the session because of an error in licensing protocol' when trying to access our Windows 2003 Terminal Server using RDP Web.
All the information I could find indicated that deleting the sub keys under: HKEYLOCALMACHINE SOFTWARE Microsoft MSLicensing key should resolve this issue (the applies to was for Windows XP). I did this on several Windows XP clients and it worked okay but, I tried it on a Vista and Windows 7 without any luck. We have a several clients running Vista and Windows 7 (32 or 64 BIT) that need to access our terminal services environment both through VPN or RDP Web sessions. They use both 32 and 64 BIT systems so What can I do to fix this for those clients? Any help is appreciated. Nick Nick Laurino.
I already looked at that and on the 64 BIT machines there are no entries in the HKLM SOFTWARE Microsoft MSLicensing and I changed the users permissions for the HKLM SOFTWARE Wow6432Node Microsoft MSLicensing to Full and it still isn't working on WIN 7 64BIT. I also noticed one 'funny' thing. On one of the Vista 32 BIT machines, the RDP Web connection is working okay, but there are no sub-keys below the HKLM SOFTWARE Microsoft MSLicensing key such as Hardware or Store. I guess it is a non-issue since it works, but is odd since it should have a license key of some sort.
In any case, I am not sure what to do at this point and really need a fix for this. I cannot get any of the Windows 7 machines either 32 or 64 BIT working and only the WinXP and Vista 32 BIT are fixed using this process. Nic Nick Laurino. Has anyone found a solution for this issue yet? I am having the same problem, but on some newly purchased Windows Embedded Standard 7 thin clients. Under the embedded system, the thin clients startup and automatically login under a default 'standard' user account.
This 'standard' account does not have the ability to write to the MSLicensing key and the only way I can get RDP connections to work is to log off as the standard user and log on as an Administrator, connect to our Remote Desktop Server user mstsc.exe, log out of the RDP session, then log out of the thin client as the Administrator. Once the thin client logout is complete, it comes back up automatically logged in as the standard user account and then RDP connection will work without giving the licensing error. The issue is that when imaging these thin clients, one does not want to duplicate the MSLicensing key data from terminal to terminal, so the thin client manufacturer 'Wyse' instructs us delete the MSLicensing key before taking an image of a thin client for distribution. This way the Licensing Key will be unique for each terminal. Unfortunately, the 'standard' user cannot recreate the MSLicensing key info and thus this must be done manually as an Administrator after imaging. I would like not to have to manually execute mstsc.exe as an Administrator on all of our newly purchased thin clients.
Any suggestions? I deleted the key, HKLM SOFTWARE Microsoft MSLicensing on my Windows 7 64Bit and ran the program 'MSTSC.EXE' using /admin, /console, and without any switches and they all failed. I will reboot to verify that it is not the running version of the registry that is still missing the key that I re-imported.
I have verified that both keys have full access for the Local Workstation group 'Users' to make sure that it is not a security issue. I am also logged in with the original account that was created on the workstation and has been an administrator since the computer was setup.
The 'User Account Control' is also set to the lowest level for anyone asking. Still no luck logging in. Any other suggestions to make a Windows 7 workstation work when connecting to a Windows 2003 RS SP2 Standard Server and connecting to Terminal Services?
Hello, I am trying to remote into Windows Server 2012, which I did for months, but am now getting this error: 'The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license' How can I fix this and why do I need a license server? I just want to log in to do administration, which doesn't require a CAL per below. Do I have to acquire RDS CALs if I am only remotely administering Windows Server operating systems by using Remote Desktop for Administration? Up to two users may connect to the Windows Server operating system simultaneously to perform administrative functions without needing any RDS CALs.
Additional administrative users need the appropriate RDS CALs. I am stuck right now. Any pointers please? Thanks for any help. Ok, I think I have it figured it out and consider this (a) bad product design and (b) a Server 2012 bug. The graphical management tools for RDS Session Host Management are disabled when not oprerating a Domain (why?). The fall back is configuration via group policy: Local Computer Policy - Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Licensing Use the specified RD license servers = Set the Remote Desktop licensing mode = Per User This got us to a stage where Licensing diagnostics looked good and no related local errors showed up in the server logs but remote sessions were still refused, leading to.
Force-removing the RDS licensing time-bomb registry entry: computer hkeylocalmachine system CurrentControlSet Control Terminal Server RCM GracePeriod RegEdit alone couldn't do it. It had to actually be run under highest privileges with the help of Sysinternals: psexec -s -i regedit.exe After another reboot things seem to be working now. However, I am somewhat suspicious that this only hacked the time bomb but did not actually activate the CAL licenses (none show used in RD License Manager). Anyway, hope this helps someone not to waste hours.
Hi, It looks like the full Remote Desktop Services have been deployed/installed on this server causing the server to look for the RDS License server. Have a look in the Server Manager to see if you have Remote Desktop Services listed on Left panel were you can select all the installed roles for administration. If this has been installed and you only need the two build in administrative sessions then you can remove the RDS role.
Danny van Dam, Citrix CCIA/CCEE Microsoft MCSE Server Infrastructure/MCSE Desktop Infrastructure/MCSA Server 2008, Cisco CCNA, VMware VCP 3/4/5 http://www.rds-support.eu. Hi - thanks for following up. We actually ended up installing CALs as we want to run Hyper-V on this machine.
However, the error message is still present and we cannot RDP into the server. The server is in a Workgroup, no Domain. The CAL license server was installed and licenses provisioned.
Everything seems to work. Remote Desktop Services licensing was configured through the group policy and RD licensing diagnostics shows everything is good.
However, we can only log into 2 VMs, but not into the server and some other VMs. Ok, I think I have it figured it out and consider this (a) bad product design and (b) a Server 2012 bug.
The graphical management tools for RDS Session Host Management are disabled when not oprerating a Domain (why?). The fall back is configuration via group policy: Local Computer Policy - Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Licensing Use the specified RD license servers = Set the Remote Desktop licensing mode = Per User This got us to a stage where Licensing diagnostics looked good and no related local errors showed up in the server logs but remote sessions were still refused, leading to. Force-removing the RDS licensing time-bomb registry entry: computer hkeylocalmachine system CurrentControlSet Control Terminal Server RCM GracePeriod RegEdit alone couldn't do it. It had to actually be run under highest privileges with the help of Sysinternals: psexec -s -i regedit.exe After another reboot things seem to be working now. However, I am somewhat suspicious that this only hacked the time bomb but did not actually activate the CAL licenses (none show used in RD License Manager).
Anyway, hope this helps someone not to waste hours. Ok, I think I have it figured it out and consider this (a) bad product design and (b) a Server 2012 bug. The graphical management tools for RDS Session Host Management are disabled when not oprerating a Domain (why?). The fall back is configuration via group policy: Local Computer Policy - Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Licensing Use the specified RD license servers = Set the Remote Desktop licensing mode = Per User This got us to a stage where Licensing diagnostics looked good and no related local errors showed up in the server logs but remote sessions were still refused, leading to. Force-removing the RDS licensing time-bomb registry entry: computer hkeylocalmachine system CurrentControlSet Control Terminal Server RCM GracePeriod RegEdit alone couldn't do it.
It had to actually be run under highest privileges with the help of Sysinternals: psexec -s -i regedit.exe After another reboot things seem to be working now. However, I am somewhat suspicious that this only hacked the time bomb but did not actually activate the CAL licenses (none show used in RD License Manager). Anyway, hope this helps someone not to waste hours. Thank you so much. Removing the RDS licensing time-bomb registry entry with sysinternals pexec (downloaded from resolved the problem: 1. Download psexec from 2. Execute psexec -s -i regedit.exe 3.
Grant your user full control permission to the key computer hkeylocalmachine system CurrentControlSet Control Terminal Server RCM GracePeriod 4. Remove the key computer hkeylocalmachine system CurrentControlSet Control Terminal Server RCM GracePeriod.
Note: If the OS uses the Windows Embedded Compact Standard Shell, you must instead configure these user preferences by using the corresponding keywords located in the.rdp file. See for more information. Name Type Description Default Value alternate shell REGSZ Specifies the path to the server program that starts automatically when you connect to the server with Remote Desktop Protocol (RDP), for example, 'C: ProgramFiles Office Word.exe.' In the Remote Desktop Connection dialog box, on the Programs tab, corresponds to the Program path and file name box ' ' audioMode REGDWORD Indicates where audio plays. Set to 0 (zero) to play audio on the host server.
Set to 1 to play audio on the device. Set to 2 to prevent playing audio. In the Remote Desktop Connection dialog box, on the Local Resources tab, corresponds to the Remote audio Settings button.
0 authentication level REGDWORD Defines the server authentication level. Set to 0 (zero) to establish a connection to a Terminal Server without authenticating the connection to the server. Set to 1 to require a valid Transport Layer Security (TLS) certificate from the Terminal Server to authenticate the connection to the server. Set to 2 to try to use TLS to authenticate the connection to the server. If either the server or the device does not support TLS, the device still establishes a connection. 2 autoReconnection Enabled REGDWORD Indicates how the device and server automatically try to reconnect if the connection is lost. Set to 0 (zero) for the device to try to reconnect to the server.
Set to 1 for the server to try to reconnect to the device. 1 bitmapCacheSize REGDWORD The size, in KB, of the bitmap cache in memory. The system attempts to allocate approximately twice this amount of memory. If the allocation attempt fails, the system disables persistent caching for bitmaps and uses RAM caching instead.
1500 bitmapPersistCacheLocation REGSZ The location of the bitmap cache. Temp compression REGDWORD Enables file and directory compression. Set to 1 to enable compression. Set to 0 to disable compression.
1 connect to console REGDWORD Enables the host console session to connect from the command line. Set to 0 (zero) for the command line to connect to a Terminal Services session. Set to 1 for the command line to connect to the host console session. This setting only works when you connect to a computer running Windows Server 2003. Windows XP Professional does not respond to this setting because it always connects the user to the console.
Windows NT 4.0 Terminal Server Edition and Windows 2000 Server with Terminal Services do not support this setting. 0 desktopheight REGDWORD The height of the display, in pixels. This value can range from 200 to 2048. 0 When set to 0 (zero), the default value becomes the height value of the resolution dimensions that the OS uses when it starts. Desktopwidth REGDWORD The width of the display, in pixels. This value can range from 200 to 4096. 0 When set to 0, the default value becomes the width value of resolution dimensions that the OS uses when it starts.
Disable cursor setting REGDWORD Indicates whether cursor blinking is enabled during a Terminal Services session. Set to 0 (zero) to enable cursor blinking. Set to 1 to disable cursor blinking. 0 disable full window drag REGDWORD Indicates whether the contents of a window are visible while the user drags it in a Terminal Services session.
Set to 0 (zero) to display the contents of the window. Set to 1 to not display the contents of a window. In the Remote Desktop Connection dialog box, on the Experience tab, corresponds to the Show contents of window while dragging check box 1 disable menu anims REGDWORD Indicates whether menu and window animations are enabled. Set to 0 (zero) to enable animations. Set to 1 to disable animations. In the Remote Desktop Connection dialog box, on the Experience tab, corresponds to the Menu and window animation check box.
1 disable themes REGDWORD Indicates whether themes are permitted when you log on to a remote server. Set to 0 (zero) to enable themes. Set to 1 to disable themes. In the Remote Desktop Connection dialog box, on the Experience tab, corresponds to the Themes check box. 0 disable wallpaper REGDWORD Indicates whether wallpaper is enabled. Set to 0 (zero) to disable wallpaper. Set to 1 to enable wallpaper.
In the Remote Desktop Connection dialog box, on the Experience tab, corresponds to the Desktop background check box. 1 displayconnectionbar REGDWORD Indicates whether the connection bar is displayed on the remote desktop when in full-screen mode. Set to 0 (zero) to remove the connection bar. Set to 1 to display the connection bar.
In the Remote Desktop Connection dialog box, on the Display tab, corresponds to the Display the connection bar when in full-screen mode check box. 1 EnableCredSspSupport REGDWORD Enables support for Credential Security Support Provider protocol (CredSSP) if it is present on the Remote Desktop device. Set to 0 to disable support. Set to 1 to enable support.
1 keyboardhook REGDWORD Indicates whether Windows key combinations will work on the server. Set to 0 (zero) to disable support for Windows key combinations on the server. To enable Windows key combinations, set to one of the following:. Set to 1 to enable support for Windows key combinations on the server. Set to 2 to enable support for Windows key combinations on the server only while in full-screen mode. In the Remote Desktop Connection dialog box, on the Local Resources tab, corresponds to the Keyboard drop-down list.
2 redirectclipboard REGDWORD Indicates whether the clipboard is automatically redirected during a Terminal Services session. Set to 0 (zero) to disable clipboard redirection. Set to 1 to enable clipboard redirection. 1 redirectdrives REGDWORD Indicates whether disk drives are automatically redirected when the user logs on to a remote server.
Set to 0 (zero) to disable drive redirection. Set to 1 to enable drive redirection. In the Remote Desktop Connection dialog box, on the Local Resources tab, corresponds to the Disk Drives check.
0 redirectcomports REGDWORD Indicates whether COM ports are automatically redirected when the user connects to a remote server. Set to 0 (zero) to disable COM port redirection. Set to 1 to enable COM port redirection. In the Remote Desktop Connection dialog box, on the Local Resources tab, corresponds to the Serial Ports box. 0 redirectprinters REGDWORD Indicates whether printers are automatically redirected when the user logs on to a remote server. Set to 0 (zero) to disable printer redirection.
Set to 1 to enable printer redirection. In the Remote Desktop Connection dialog box, on the Local Resources tab, corresponds to the Printers check box. 1 redirectsmartcards REGDWORD Indicates whether the device redirects Smart Cards during server authentication.
Set to 0 (zero) to disable redirection of Smart Cards. Set to 1 to enable redirection of Smart Cards. In the Remote Desktop Connection dialog box, on the Local Resources tab, corresponds to the Smart cards check box.
1 Screen Mode Id REGDWORD Indicates whether the device displays the remote desktop in full-screen mode or normal mode. Set to 0 (zero) to display it in full-screen mode. E2 vision amd update. Set to 1 to display it in normal mode, in which it is displayed inside a window on the desktop. 0 session bpp REGDWORD Defines the bits per pixel (bpp) depth for an RDP session. Set to one of the following:.
15 15 bpp. 16 16 bpp.
24 24 bpp. 32 32 bpp Corresponds to the color depth that you select in Colors on the Display tab of the Remote Desktop Connection client. Uses the bit depth of the local system shell working directory REGSZ If an alternate shell was specified, this value indicates a valid path of the folder in which the startup application is located. In the Remote Desktop Connection dialog box, on the Programs tab, corresponds to the Program path and file name. ' ' Span Monitors REGDWORD Enables monitor spanning. Set to 0 (zero) to disable monitor spanning. Set to 1 to enable monitor spanning.
Drive redirection redirects the path of a drive on a remote server to a new location on the local device. You can configure drive redirection by using the following registry entry, located in the key HKEYCURRENTUSER Software Microsoft Terminal Server Client. Name Type Description Default value EnableDriveRedirection REGDWORD Set to 1 to enable drive redirection. Set to 0 (zero) to disable drive redirection. 1 If drive redirection is enabled, you can configure the folder redirection filter by using the following entry, located in the key HKEYLOCALMACHINE System StorageManager AutoLoad FilterFsd.
Name Type Description Default value RootPath REGSZ The root directory that is available within the RDP session. Set to ' ' to make all of the file system available. ' ' Terminal Server Client Configuration. You can configure the Terminal Services Client by using the following registry entries, located in the key HKEYLOCALMACHINE Software Microsoft Terminal Server Client. Name Type Description Default value BitmapPersistCacheLocation REGSZ The path of the folder where the cache file is stored.
Temp CEConfig REGSZ Indicates whether Terminal Services Client runs in the Windows Thin Client Shell. Set to one of the following:. WBT to run the Terminal Services Client in a Windows Thin Client Shell.
This value is set when SYSGENWBTSHELL = 1. When WBT is set: Windows Embedded Compact disables file change notifications through protected server library (PSL) calls. Windows Embedded Compact disables keyboard hooks for the Windows Thin Client Shell. Additional registry migration occurs for Windows Thin Client OS designs because the connections are started through registry settings and not through.rdp files. Maxall to run the Terminal Services Client in a program other than the Windows Thin Client Shell.
The following list describes issues that a Windows Thin Client might encounter if this value is set to Maxall:. The Filesys.exe may stop responding when drive redirection is enabled and an attempt is made to copy a file by using the clipboard. The Windows Embedded Compact Terminal Services Client CETSC user interface appears in the Windows Thin Client Shell when the user closes the dialog box to enable drive redirection. Keyboard shortcut messages might be sent to remote sessions. Maxall CEDisableRFXDecoder REGDWORD Explicitly disables RemoteFX on a RemoteFX-enabled device. Set to 0 (zero) to enable the RemoteFX decoder. Set to 1 to disable the RemoteFX decoder.
0 DisableFileAccess REGDWORD Indicates whether the user has access to the local file system. Set to 0 (zero) to enable access to the local file system. Set to 1 to disable access to the local file system and to hide the Save As and Open options on the context menus of the UI of the client device OS. 1 DisableRDP7BitmapCompression REGDWORD Disables the support for Remote Desktop Protocol 7.0 bitmap compression on RDP Client.
Kaspersky License Regedit
When establishing a RemoteFX session, the server may send non-RemoteFX data to the client in addition to RemoteFX data. Non-RemoteFX data may use an RDP 7.0 bitmap codec for compression, which requires support for the Streaming SIMD Extensions 2 (SSE2) instruction set in the processor. If a platform does not support the SSE2 instruction set, the RDP 7.0 bitmap codec will not be used. Set to 0 (zero) to enable the codec. Set to 1 to disable the codec. 0 FullScreenRFXOnly REGDWORD Enables full-screen-only mode for hardware-assisted RemoteFX and disables the Graphics Device Interface (GDI) (or windowed) mode.
The FullScreenRFXOnly setting is not used in software decoding in RemoteFX. If this setting is used with software decoding, the contents of the device display screen might not update. When FullScreenRFXOnly is enabled, the RDP client does not call the ESCAPECOPY2BMP escape function. When this key is enabled, the RDP client will not present any RemoteFX data on screen and it becomes the responsibility of the display driver to handle the display of decoded RemoteFX data. When this key is enabled the blue connection bar will be hidden in RemoteFX sessions. Set to 0 (zero) to disable support.
Set to 1 to enable support. 0 FullScreenAlways REGDWORD Indicates whether the RDP session runs in full-screen mode or windowed mode. Set to 0 (zero) to run in windowed mode. Set to 1 to run in full-screen mode. The user does not have the option to select a remote desktop size in the Remote Desktop Connection dialog box, on the Display tab.
In the Standard Shell, the default is 0. In the Windows Thin Client Shell, the default is 1. Redir0 REGDWORD Indicates whether smart cards are automatically redirected when the user logs onto a remote server.
Set to 0 (zero) to disable smart card redirection. Set to 1 enable to smart card redirection. 1 Redir1 REGDWORD Indicates whether drives are automatically redirected when the user logs on to a remote server. Set to 0 (zero) to disable drive redirection. Set to 1 enable drive redirection.
1 Redir2 REGDWORD Indicates whether serial ports are automatically redirected when the user logs on to a remote server. Set to 0 (zero) to disable serial port redirection. Set to 1 to enable serial port redirection. 1 Redir3 REGDWORD Indicates whether printers are automatically redirected when the user logs on to a remote server.
Set to 0 (zero) to disable printer redirection. Set to 1 to enable printer redirection. 1 Redir4 REGDWORD Indicates whether audio playback is automatically redirected when the user logs on to a remote server.
Set to 0 (zero) to disable audio playback redirection. Set to 1 to enable audio playback redirection. 1 Redir5 REGDWORD Indicates whether the clipboard is automatically redirected when the user logs on to a remote server.
Set to 0 (zero) to disable clipboard redirection. Set to 1 to enable clipboard redirection. 1 Redir6 REGDWORD Indicates whether audio recording is automatically redirected when the user logs on to a remote server.
Set to 0 (zero) to disable audio recording redirection. Set to 1 to enable audio recording redirection. 1 RightMouseForALT REGDWORD Indicates the effect of pressing the Alt key while clicking the left mouse button. Set to 0 (zero) to send an Alt plus left mouse click to the server when the user presses the Alt key. Set to 1 to send a right mouse click to the server when the user presses the Alt key. 1 Static Virtual Channel Plug-in.
When you include SYSGENAUTHNTLM in a run-time image, you can ensure that the Negotiate security package selects the Windows NT LAN Manager (NTLM) Security Support Provider (SSP) instead of Kerberos as the security provider. NTLM SSP prevents a 15-second delay during authentication over an RDP connection to a computer running Windows Vista. Use this registry entry, located in the key HKEYLOCALMACHINE Comm SecurityProviders Negotiate Packages. Name Type Description Default value Packages REGSZ Specifies the order of security providers that Simple and Protected GSS-API Negotiation (Negotiate SSP) chooses, as a comma-separated string.
Set to 'NTLM' so that Negotiate SSP selects NTLM first.
Event ID 1004 — Remote Desktop Services Client Access License (RDS CAL) Availability. 13 minutes to read In this article Applies To: Windows Server 2008 R2 An RD Session Host server must be able to contact a Remote Desktop license server to request Remote Desktop Services client access licenses (RDS CALs) for users or computing devices that are connecting to the RD Session Host server.
In addition, the Remote Desktop licensing mode configured on an RD Session Host server must match the type of RDS CALs available on the license server. Event Details Product: Windows Operating System ID: 1004 Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager Version: 6.1 Symbolic Name: EVENTCANNOTISSUELICENSE Message: The Remote Desktop Session Host server cannot issue a client license. It was unable to issue the license due to a changed (mismatched) client license, insufficient memory, or an internal error. Further details for this problem may have been reported at the client's computer.
Diagnose This error might be caused by one of the following conditions:. The licensing mode for the RD Session Host server does not match the type of RDS CALs installed on the license server. The RDP encryption levels on the RD Session Host server and the client are not compatible. The certificate on the RD Session Host server is corrupted. The licensing mode for the RD Session Host server does not match the type of RDS CALs installed on the license server To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority. To determine the licensing mode for the RD Session Host server:.
On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. In the left pane, click Licensing Diagnosis. Review the following information in Licensing Diagnosis:. Under RD Session Host Server Configuration Details, note the licensing mode for the RD Session Host server. Under Remote Desktop Services License Server Information, note the type of RDS CALs installed on any license server that is listed as discovered.
Information about the type of RDS CALs installed on a license server is listed under License Server Configuration Details, which is displayed when you click a license server listed as discovered under Remote Desktop Services License Server Information. If the licensing mode for the RD Session Host server does not match the type of RDS CALs installed on the license server, see the section titled 'Specify the licensing mode for the RD Session Host server.'
The RDP encryption levels on the RD Session Host server and the client are not compatible To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority. To determine the RDP encryption level compatibility:. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. Under Connections, right-click the connection (for example, RDP-Tcp), and then click Properties.
On the General tab, note the value of Encyption level. For more information about encryption levels, see 'Configure Server Authentication and Encryption Levels' in the Remote Desktop Session Host Configuration Help in the Windows Server 2008 R2 Technical Library. On the client computer, start Remote Desktop Connection. To start Remote Desktop Connection, click Start, click Run, type mstsc.exe, and then press ENTER. Click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About.
Look for the phrase 'Maximum encryption strength' in the About Remote Desktop Connection dialog box. This value is the maximum encryption strength supported by the version of Remote Desktop Connection running on the computer. If the maximum encryption strength supported by the version of Remote Desktop Connection running on the client computer is not supported by the encryption level configured on the RD Session Host server, see the section titled 'Change the RDP encryption level on the RD Session Host server.' The certificate on the RD Session Host server is corrupted If the licensing mode for the RD Session Host server matches the type of RDS CALs installed on the license server, and the RDP settings on the RD Session Host server and the client are compatible, the certificate on the RD Session Host server might be corrupted. To resolve this issue, see the section titled 'Delete the appropriate registry subkey.' Resolve To resolve this issue, use the resolution that corresponds to the cause you identified in the Diagnose section.
After performing the resolution, see the Verify section to confirm that the feature is operating properly Cause Resolution The RDP encryption levels on the RD Session Host server and the client are not compatible Change the RDP encryption level on the RD Session Host server The certificate on the RD Session Host server is corrupted Delete the appropriate registry subkey The licensing mode for the Remote Desktop Session Host server does not match the type of RDS CALs installed on the license server. Specify the licensing mode for the Remote Desktop Session Host server Change the RDP encryption level on the RD Session Host server To resolve this issue, change the RDP encryption level on the RD Session Host server to a level that is supported by the version of Remote Desktop Connection that is running on the client computer. By default, Remote Desktop Services connections are encrypted at the highest level of security available (128-bit). However, some older versions of Remote Desktop Connection do not support this high level of encryption. If your network contains such legacy clients, you can set the encryption level of the connection to send and receive data at the highest encryption level supported by the client. To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority. To change the RDP encryption level:.
On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
Under Connections, right-click the connection (for example, RDP-Tcp), and then click Properties. On the General tab, change the value of Encyption level to a level that is appropriate for the version of Remote Desktop Connection that is running on the client computer. For more information about encryption levels, see 'Configure Server Authentication and Encryption Levels' in the Remote Desktop Session Host Configuration Help in the Windows Server 2008 R2 Technical Library.
When you change the encryption level, the new encryption level takes effect the next time a user logs on. If you require multiple levels of encryption on one RD Session Host server, install multiple network adapters and configure each adapter separately. Note: You can also change the RDP encryption level on the RD Session Host server by using Group Policy. To set the RDP encryption level for the RD Session Host server by using Group Policy, enable the Set client connection encryption level Group Policy setting.
This Group Policy setting is located in Computer Configuration Administrative Templates Windows Components Remote Desktop Services Remote Desktop Session Host Security. Note that the Group Policy setting will take precedence over the setting configured in Remote Desktop Session Host Configuration. To configure the RD Session Host server to use FIPS as the encryption level by using Group Policy, enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing Group Policy setting. This Group Policy setting is located in Computer Configuration Windows Settings Security Settings Local Policies Security Options.
Note that this Group Policy setting will take precedence over the setting configured in Remote Desktop Session Host Configuration and takes precedence over the Set client connection encryption level policy setting. To configure the Group Policy setting in Active Directory Domain Services (AD DS), use the Group Policy Management Console (GPMC). To configure the Group Policy setting locally on an RD Session Host server, use the Local Group Policy Editor. For more information about configuring Group Policy settings, see either the Local Group Policy Editor Help or the GPMC Help in the Windows Server 2008 R2 Technical Library.
Delete the appropriate registry subkey To resolve this issue, delete the MSLicensing registry subkey on the client computer, restart the client computer, and then try again to connect remotely to the RD Session Host server from the client computer. If the issue persists, delete the Certificate, X509 Certificate, X509 Certificate2, and X509 Certificate ID registry entries on the RD Session Host server, restart the RD Session Host server, and then try again to connect to the RD Session Host server from the client computer. Delete the MSLicensing registry subkey To perform this procedure on the client computer, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority. To delete the MSLicensing registry subkey: Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data. On the client computer, open Registry Editor. To open Registry Editor, click Start, click Run, type regedit, and then click OK.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes. Locate the HKEYLOCALMACHINE Software Microsoft MSLicensing registry subkey. Click MSLicensing. Before deleting the MSLicensing subkey, back up the subkey. To back up the subkey, do the following:. Right-click MSLicensing, and then click Export. In the File name box, type mslicensingbackup, and then click Save.
If you need to restore this registry subkey, double-click mslicensingbackup.reg. To delete the MSLicensing subkey, on the Edit menu, click Delete, and then click Yes. Close Registry Editor, and then restart the client. After the client computer is restarted, try again to connect remotely to the RD Session Host server from the client computer. Delete the appropriate registry entries on the RD Session Host server If the issue persists, delete the Certificate, X509 Certificate, X509 Certificate2, and X509 Certificate ID registry entries on the RD Session Host server. To perform this procedure on the RD Session Host server, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To delete the appropriate registry entries: Caution: Incorrectly editing the registry can severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. On the RD Session Host server, open Registry Editor. To open Registry Editor, click Start, click Run, type regedit, and then click OK. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
Locate the HKEYLOCALMACHINE SYSTEM CurrentControlSet Control Terminal Server RCM registry subkey. Before deleting the subkeys, back up the RCM subkey. To back up the subkey, do the following:. Right-click RCM, and then click Export. In the File name box, type rdsrcm, and then click Save. If you need to restore this registry subkey, double-click rdsrcm.reg.
To delete the Certificate, X509 Certificate, X509 Certificate2, and X509 Certificate ID registry entries, right-click each entry, click Delete, and then click Yes. Close Registry Editor, and then restart the RD Session Host server. After the RD Session Host server is restarted, try again to connect remotely to the RD Session Host server from the client computer. If the issue persists, do the following:. On the client computer, back up and then delete the MSLicensing registry key and its subkeys.
On the RD Session Host server, back up and then delete the Certificate, X509 Certificate, X509 Certificate2, and X509 Certificate ID registry entries. Deactivate and then reactivate the license server.
For information about deactivating and reactivating a license server, see the topic 'Managing Remote Desktop Licensing' in the RD Licensing Manager Help in the Windows Server 2008 R2 Technical Library. Restart the RD Session Host server and the client computer and then try again to connect remotely to the RD Session Host server from the client computer.
Specify the licensing mode for the Remote Desktop Session Host server To resolve this issue, specify the Remote Desktop licensing mode on the RD Session Host server. The Remote Desktop licensing mode determines the type of Remote Desktop Services client access licenses (RDS CALs) that an RD Session Host server will request from a license server on behalf of a client connecting to the RD Session Host server. Although there is a licensing grace period during which no license server is required, after the grace period ends, clients must receive a valid RDS CAL issued by a license server before they can log on to an RD Session Host server. Important: The Remote Desktop licensing mode configured on an RD Session Host server must match the type of RDS CALs available on the license server. To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To specify the Remote Desktop licensing mode:. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Confiiguration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes. Under Licensing, double-click Remote Desktop licensing mode. Select either Per Device or Per User, depending on your environment. Note: You can also specify the Remote Desktop licensing mode for an RD Session Host server by using Group Policy. To specify the Remote Desktop licensing mode for an RD Session Host server by using Group Policy, enable the Set the Remote Desktop licensing mode Group Policy setting. This Group Policy setting is located in Computer Configuration Administrative Templates Windows Components Remote Desktop Services Remote Desktop Session Host Licensing.
Note that the Group Policy setting will take precedence over the setting configured in Remote Desktop Session Host Configuration. To configure the Group Policy setting in Active Directory Domain Services (AD DS), use the Group Policy Management Console (GPMC). To configure the Group Policy setting locally on an RD Session Host server, use the Local Group Policy Editor. For more information about configuring Group Policy settings, see either the Local Group Policy Editor Help or the GPMC Help in the Windows Server 2008 R2 Technical Library. Verify To verify that the RD Session Host server can contact a Remote Desktop license server with the appropriate type of Remote Desktop Services client access licenses (RDS CALs), use Licensing Diagnosis in Remote Desktop Session Host Configuration. To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority. To use Licensing Diagnosis in Remote Desktop Session Host Configuration:.
On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes. In the left pane, click Licensing Diagnosis. Under Remote Desktop Session Host Server Configuration Details, the value for Number of RDS CALs available for clients should be greater than 0. Related Management Information.