JSI Tip 6031. When you upgrade a Windows NT 4.0 domain to Windows 2000, Terminal Services clients receive 'Because of a security error, the client could not connect to the Terminal server'?
December 2, 2002
After upgrading your domain to Windows 2000, your Terminal Services clients are denied access. The Terminal Services client may receive any of the following:
- Because of a security error, the client could not connect to the Terminal server. After making sure that you are logged on to the network, try connecting to the server again.
- Remote desktop disconnected. Because of a security error, the client could not connect to the remote computer. Verify that you are logged onto the network and then try connecting again.
The terminal server event log may contain any of the following:
Event ID: 50
Event Source: TermDD
Event Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
Event ID: 1008
Event Source: TermService
Event Description: The terminal services licensing grace period has expired and the service has not registered with a license server. A terminal services license server is required for continuous operation. A terminal server can operate without a license server for 90 days after initial start up.
Event ID: 1004
Event Source: TermService
Event Description: The terminal server cannot issue a client license.
Event ID: 1010
Event Source: TermService
Event Description: The terminal services could not locate a license server. Confirm that all license servers on the network are registered in WINSDNS, accepting network requests, and the Terminal Services Licensing Service is running.
Event ID: 28
Event Source: TermServLicensing
Event Description: Terminal Services Licensing can only be run on Domain Controllers or Server in a Workgroup. See Terminal Server Licensing help topic for more information.
These errors can be the result of a corrupted certificate on the terminal server.
To fix this problem:
1. Use Regedit to navigate to:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermServicesParameters.
2. Use the Registry menu to Export Registry File to a TSParameters.reg file, incase you have to restore the entries that you delete in step 3.
3. Right-click each of the following and press Delete and Yes to confirm:
Certificate
X509 Certificate
X509 Certificate ID
4. Exit Regedit.
5. Reactivate the Terminal Services Licensing server by using the Telephone connection method in the Licensing Wizard.
NOTE: See HOW TO: Deactivate or Reactivate a License Server Using Terminal Services Licensing.
NOTE: See Windows XP Clients Cannot Connect to a Windows 2000 Terminal Services Server.
About the Author
You May Also Like