One of my customers is having a bit of an odd problem with their 2008 Terminal Server. Basically every time a user logs in it tells them they have to activate the license (and then delays for 10 seconds before it lets you choose to activate later). I’m not very familiar with WTS 2008 and haven’t seen this error before.
I checked in the TS License Manager and it’s listing the License Program as Open with 50 Cals available. Went back to Terminal Services in Server Manager and checked and TS and TS Licensing are both running and installed. When I check event errors it says:
I checked in ADUC and the user groups for the users in question are in the Terminal Server License Servers group (built-in). Looking at TS Manager in Server Manager I see the users all have a red arrow next to them, which means they are definitely not authorized for some reason.
Some additional info that might or might not be useful: This 2008 server is in the domain but not part of AD…it’s simply a server in the domain. Also, it looks like they are using local policies for some reason (my guess is that the domain policies weren’t working right and they just decided to go this route to get it working).
That’s all I can think of information wise. Would REALLY appreciate it if someone has seen this problem before and can direct me to a solution that’s fairly easy. I’ve restarted TS AND the License server (it’s on the same box) just in case, but that didn’t seem to have any effect.
Just checking; the individual user account properties terminal services tab doesn’t have deny TS log on checked right?
Also I assume you’ve checked "Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain “<domain>”. Are the DCs 2008 as well?
Nope, the users are able to log in fine…they just get an activation screen on log in. If they try and activate they get an error saying they aren’t administrators. If they wait, they get a selection that says ‘activate later’…clicking on that lets them log in fine. It’s just a pain in the ass.
As an aside, I tried to log in as domain administrator…same exact error. When I tried to activate I got a weird DNS error (said couldn’t activate because DNS entry was wrong…I checked, the DNS entry for this server is correct). When I log in via a TS using the LOCAL administrator for the server I get no activation error at all (also a little green arrow by the local admin user).
This is a stand alone server in the domain. All the other DC’s are Windows 2003…this is the only 2008 server.
And yes, I checked…the server name for the TS is in that same Terminal Server License Servers group in ADU&C. It all SEEMS to be set up correctly, and it works of course…but every time a domain user logs in they get that activation error and they have to wait 10 seconds before the activate later selection comes up. While this isn’t a major problem, the customer wants it fixed. I’ve got a call in to MS Licensing as well as this thread. Any ideas would be MUCH appreciated.
Yup. And the CALs have been activated to, and are registered as well.
Well, I suppose I should have just said it’s IN the TSLS group in ADU&C…i.e. the server name is in there as well as the user groups who are using the terminal server. If that doesn’t make sense let me know…I’m doing about 5 things at once here.
BTW, appreciate the help!
It’s not an AD controller…it’s in the domain as a stand alone server. Does that make sense? Think of it like a workstation…it’s in the domain, but it’s not participating in the AD.
The users need to be in the “Remote Desktop Users” local group on the TS machine. The TS machine needs to be in the “Terminal Server License Servers” domain group on the DCs.
Users are in the Remote Desktop Users group, yes. As I said, it’s working (it wouldn’t work if they WEREN’T in the RDU group), they are just getting a activation screen on login. The TS is in the TSLS domain group as well…as are the user groups for the users using the TS.
The users need to be removed from the TSLS domain group. Only the TSLS machine should be there. You’re telling it that all the user accounts are licensing servers.
Well, I put em in there because the error code I read said they should be in there. However, I can take them back out…but that would put me back where I started. However, I’ll do that and see if it has any effect.
They are using GPO’s for the domain, and they have some specifically for the TS, but according to the customer they weren’t working properly so they applied local machine policies to lock it down.
I had already tried some of the things in your link (not going to mess with a direct registry edit though), and doesn’t seem to have any effect. I’m totally getting the run around from Microsoft Tech support (one guy suggested I disconnect the server from the network and try to re-activate…no idea what THAT was supposed to accomplish). They are simply passing me back and forth in the queue.
Gods…I HATE Microsoft! WHy is this so hard? Anyway, appreciate the help and suggestions.
Resolved. lol, it WAS an easy problem in the end. Basically the activation was corrupt. It needed to be completely cleared out, and the key code re-applied and re-activated (and it DIDN’T need the internet connection disconnected…lol). And then…it worked like a charm.
Oh well…thanks for the helpage everyone. Sorry it turned out to be such a silly problem. Once I finally actually talked to a tech with a clue at MS they knew exactly what the issue was (I guess they have had this trouble before) and were able to fix it in like 5 minutes.