After you upgrade a Microsoft Windows NT domain to
Microsoft Windows 2000 or Microsoft Windows Server 2003, Windows
2000 Terminal Services clients may be repeatedly denied access to
the terminal server. If you are using a Terminal Services client to
log on to the terminal server, you may receive one of the following
error messages:
Because of a security error, the client could
not connect to the Terminal server. After making sure that you are
logged on to the network, try connecting to the server again.
-or-
Remote desktop disconnected. Because of a
security error, the client could not connect to the remote computer.
Verify that you are logged onto the network and then try connecting
again.
Additionally, the following event ID messages may be
logged in Event Viewer on the terminal server:
Event ID: 50
Event Source: TermDD
Event
Description: The RDP protocol component X.224 detected an error in
the protocol stream and has disconnected the client.
-and-
Event ID: 1008
Event Source:
TermService
Event Description: The terminal services licensing
grace period has expired and the service has not registered with a
license server. A terminal services license server is required for
continuous operation. A terminal server can operate without a
license server for 90 days after initial start up.
-and-
Event ID: 1004
Event Source:
TermService
Event Description: The terminal server cannot issue a
client license.
-and-
Event ID: 1010
Event Source:
TermService
Event Description: The terminal services could not
locate a license server. Confirm that all license servers on the
network are registered in WINS\DNS, accepting network requests, and
the Terminal Services Licensing Service is running.
-and-
Event ID: 28
Event Source:
TermServLicensing
Event Description: Terminal Services Licensing
can only be run on Domain Controllers or Server in a Workgroup. See
Terminal Server Licensing help topic for more information.
This issue may occur if a certificate on the
terminal server is corrupted.
WARNING: If you use Registry Editor
incorrectly, you may cause serious problems that may require you to
reinstall your operating system. Microsoft cannot guarantee that you
can solve problems that result from using Registry Editor
incorrectly. Use Registry Editor at your own risk.
To
resolve this issue, back up and then remove the
X509
Certificate registry keys, restart the computer, and then
reactivate the Terminal Services Licensing server. To do this,
follow these steps.
NOTE: Perform the following
procedure on each of the terminal servers.
| 1. |
Make sure that the terminal server registry has
been successfully backed up. |
| 2. |
Start Registry Editor. |
| 3. |
Locate and then click the following registry
subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermServices\Parameters |
| 4. |
On the Registry
menu, click Export Registry
File. |
| 5. |
Type exported-parameters in the File name box, and then click Save.
NOTE: If you have to
restore this registry subkey in the future, double-click the
Exported-parameters.reg file that you saved in this
step. |
| 6. |
Under the Parameters registry subkey,
right-click each of the following values, click Delete, and then click Yes to confirm the deletion:
Certificate
X509
Certificate
X509 Certificate ID |
| 7. |
Quit Registry Editor, and then restart the
server. |
| 8. |
Reactivate the Terminal Services Licensing
server by using the Telephone connection method in the
Licensing Wizard.
NOTE: If you activate the
Terminal Services Licensing server using the Telephone option, the licensing server
uses a different form of
certificate. |
For additional information, click the following
article numbers to view the articles in the Microsoft Knowledge
Base:
306578 How to
deactivate or reactivate a License Server using Terminal Services
Licensing
323597 Windows XP
clients cannot connect to a Windows 2000 Terminal Services Server
