Remote Desktop Services Client Access License (RDS CAL) Availability on Remote Desktop Session Host

Microsoft.Windows.Server.10.0.RemoteDesktopServices.NewUnitMonitor_18 (UnitMonitor)

This object monitors the availability of the Remote Desktop Services client access licenses on Remote Desktop Session Host servers.

Knowledge Base article:

Summary

An RD Session Host server must be able to contact a Remote Desktop license server to request Remote Desktop Services client access licenses (RDS CALs) for users or computing devices that are connecting to the RD Session Host server. In addition, the Remote Desktop licensing mode configured on an RD Session Host server must match the type of RDS CALs available on the license server.

Resolutions

To resolve this issue, check the event ID, and then view the troubleshooting information for that event in the sections below.

Resolution steps for the following event ID: 1028

To resolve this issue, do the following:

Determine if the RD Session Host server can discover a license server.
Identify and fix any network connectivity problems between the RD Session Host server and the license server.
Identify and fix any license server discovery configuration problems.

To perform these tasks, refer to the following sections.

Determine if the RD Session Host server can discover a license server

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To use Licensing Diagnosis in Remote Desktop Session Host Configuration:

1. On the Remote Desktop Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.

2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

3. In the left pane, click Licensing Diagnosis.

4. Under Remote Desktop Services License Server Information, at least one license server should be listed as discovered.

If Licensing Diagnosis does not list any license servers as discovered, there might be a network connectivity or license server discovery configuration problem. Use the following procedures to identify and correct these types of issues.

Identify and fix any network connectivity problems between the RD Session Host server and the license server

To resolve this issue, identify and fix any network connectivity problems between the RD Session Host server and the license server by doing the following:

Determine if there is a network connectivity problem by using the ping command.
Perform additional troubleshooting steps, if necessary, to help identify the cause of the problem.

To perform these tasks, refer to the following sections.

Note: The following procedures include steps for using the ping command to perform troubleshooting. Therefore, before performing these steps, check whether the firewall or Internet Protocol security (IPsec) settings on your network allow Internet Control Message Protocol (ICMP) traffic. ICMP is the TCP/IP protocol that is used by the ping command.

To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

Determine if there is a network connectivity problem

To determine if there is a network connectivity problem between the RD Session Host server and the license server:

1. On the RD Session Host server, click Start, click Run, type cmd, and then click OK.

2. At the command prompt, type ping server_FQDN, where server_FQDN is the fully qualified domain name (FQDN) of the license server (for example, server1.contoso.com), and then press ENTER.

If the ping was successful, you will receive a reply similar to the following:

Reply from IP_address: bytes=32 time=3ms TTL=59

Reply from IP_address: bytes=32 time=20ms TTL=59

Reply from IP_address: bytes=32 time=3ms TTL=59

Reply from IP_address: bytes=32 time=6ms TTL=59

3. At the command prompt, type ping IP_address, where IP_address is the IP address of the license server, and then press ENTER.

If you can successfully ping the license server by IP address, but not by FQDN, this indicates a possible issue with DNS host name resolution.

If you cannot successfully ping the license server by IP address, this indicates a possible issue with network connectivity, firewall configuration, or IPsec configuration.

Perform additional troubleshooting steps

The following are some additional troubleshooting steps that you can perform to help identify the root cause of the problem:

Ping other computers on the network to help determine the extent of the network connectivity issue.
If you can ping other servers but not the license server, try to ping the license server from another computer. If you cannot ping the license server from any computer, first ensure that the license server is running. If the license server is running, check the network settings on the license server.
Check the TCP/IP settings on the local computer by doing the following:

1. Click Start, click Run, type cmd, and then click OK.

2. At the command prompt, type ipconfig /all, and then press ENTER. Make sure that the information listed is correct.

3. Type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with your network adapter.

4. Type ping IP_address, where IP_address is the IP address assigned to the computer. If you can ping the localhost address but not the local address, there may be an issue with the routing table or with the network adapter driver.

5. Type ping DNS_server, where DNS_server is the IP address assigned to the DNS server. If there is more than one DNS server on your network, you should ping each one. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or with the network between the computer and the DNS servers.

If the license server is on a different subnet, try to ping the default gateway. If you cannot ping the default gateway, this might indicate a problem with the network adapter, the router or gateway device, cabling, or other connectivity hardware.
In Device Manager, check the status of the network adapter. To open Device Manager, click Start, click Run, type devmgmt.msc, and then click OK.
Check network connectivity indicator lights on the computer and at the hub or router. Check network cabling.
Check firewall settings by using the Windows Firewall with Advanced Security snap-in.
Check IPsec settings by using the IP Security Policy Management snap-in.

Identify and fix any license server discovery configuration problems

You can use Review Configuration in RD Licensing Manager to identify and possibly correct issues that prevent the license server from being automatically discovered by RD Session Host servers.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To use Review Configuration:

1. Open TS Licensing Manager on the license server. To open TS Licensing Manager, click Start, point to Administrative Tools, point to Terminal Services, and then click TS Licensing Manager.

2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

3. In the left pane, click All Servers, click the name of the license server, and then on the Action menu, click Review Configuration.

4. In the Configuration dialog box, review any messages that indicate that terminal servers will not be able to automatically discover this license server.

5. If the discovery scope for the license server is set to Forest, but the license server is not published in Active Directory Domain Services (AD DS), you can click Publish in AD DS in the Configuration dialog box to publish the license server to AD DS. To publish the license server in AD DS, you must be logged on as an enterprise administrator to the forest in which the license server is a member.

6. If the discovery scope for the license server is set to Domain, but the license server is not a domain controller, you should consider changing the discovery scope of the license server to Forest. To change the discovery scope of the license server, click Change Scope in the Configuration dialog box.

Resolution steps for the following event ID: 1043

To resolve this issue, add the computer account for the RD Session Host server to the Terminal Server Computers local group on the Remote Desktop license server.

Note: When the License server security group Group Policy setting is enabled and applied to a license server, the license server will respond only to license requests from RD Session Host servers whose computer accounts are members of the Terminal Server Computers local group. This Group Policy setting is located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Licensing.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To add the computer account for the RD Session Host server to the Terminal Server Computers group:

1. On the license server, open the Local Users and Groups snap-in. To open Local Users and Groups, click Start, click Run, type lusrmgr.msc, and then click OK.

2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

2. In the left pane, click Groups.

3. In the right pane, right-click the Terminal Server Computers group, and then click Properties.

4. Click Add.

5. In the Select Users, Computers, or Groups dialog box, click Object Types.

6. Select the Computers check box, and then click OK.

7. Locate and then add the computer account for the RD Session Host server that you want to add.

8. Click OK to close the Select Users, Computers, or Groups dialog box, and then click OK to close the Terminal Server Computers Properties dialog box.

Note: If the license server is installed on an Active Directory domain controller, use the Active Directory Users and Computers snap-in to create the Terminal Server Computers group. To create the Terminal Server Computers group on a domain controller, you must have membership in the Domain Admins group in AD DS, or you must have been delegated the appropriate authority. To open Active Directory Users and Computers, click Start, click Run, type dsa.msc, and then click OK.

Resolution steps for the following event ID:1011

To resolve this issue, ensure that the RD Session Host server can contact a Remote Desktop license server with a sufficient number of the appropriate type of Remote Desktop Services client access licenses (RDS CALs). For an RD Session Host server to receive RDS CALs for its clients from a license server, the following needs to be true:

The license server must have a sufficient number of RDS CALs installed to support the number of remote connections being made to the RD Session Host server.
The licensing mode for the RD Session Host server must match the type of RDS CALs installed on the license server.
There must be network connectivity between the RD Session Host server and the license server.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To use Licensing Diagnosis in Remote Desktop Session Host Configuration:

1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.

2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

3. In the left pane, click Licensing Diagnosis.

4. Review the following information in Licensing Diagnosis to help determine the root cause of the issue:

5. Under Remote Desktop Session Host Server Configuration Details, ensure that the value for Number of RDS CALs available for clients is greater than 0.

6. Under Remote Desktop Services License Server Information, ensure that at least one license server is listed as discovered.

7. Ensure that any license server that is listed as discovered has a sufficient number of the appropriate type of RDS CALs installed to support the number of remote connections being made to the RD Session Host server. Information about the type and number of RDS CALs installed on a license server is listed under License Server Configuration Details, which is displayed when you click a license server listed as discovered under Remote Desktop Services License Server Information.

8. Ensure that any license server that is listed as discovered has the appropriate type of RDS CALs installed. The Remote Desktop licensing mode configured on an RD Session Host server must match the type of RDS CALs available on the license server. The licensing mode for the RD Session Host server is listed under License Server Configuration Details.

Use the following procedures to resolve any issues that have been identified by Licensing Diagnosis.

The license server does not have a sufficient number of RDS CALs installed to support the number of remote connections being made to the Remote Desktop Session Host server

To resolve this issue, install RDS CALs onto a license server by using RD Licensing Manager. For more information about installing RDS CALs onto a license server, see "Install Remote Desktop Services Client Access Licenses" in the RD Licensing Manager Help in the Windows Server Technical Library ( http://go.microsoft.com/fwlink/?LinkId=177605). Ensure that the Remote Desktop licensing mode specified on the RD Session Host server matches the type of RDS CALs installed on the license server.

The licensing mode for the RD Session Host server does not match the type of RDS CALs installed on the license server

To resolve this issue, ensure that the Remote Desktop licensing mode specified on the RD Session Host server matches the type of RDS CALs installed on the license server. The Remote Desktop licensing mode determines the type of RDS CALs that an RD Session Host server will request from a license server on behalf of a client connecting to the RD Session Host server. Therefore, the Remote Desktop licensing mode specified on an RD Session Host server must match the type of RDS CALs available on the license server.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To specify the Remote Desktop licensing mode:

2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

3. Under Licensing, double-click Remote Desktop licensing mode.

4. Select either Per Device or Per User, depending on your environment. For more information about the two options, see "Specify the Remote Desktop Licensing Mode for an RD Session Host Server" in the Remote Desktop Session Host Configuration Help in the Windows Server Technical Library ( http://go.microsoft.com/fwlink/?LinkId=177606).

5. Click OK.

Note: You can also specify the Remote Desktop licensing mode for an RD Session Host server by using Group Policy.

6. To specify the Remote Desktop licensing mode for an RD Session Host server by using Group Policy, enable the Set Remote Desktop licensing mode Group Policy setting. This Group Policy setting is located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing. Note that the Group Policy setting will take precedence over the setting configured in Remote Desktop Session Host Configuration.

7. To configure the Group Policy setting in Active Directory Domain Services (AD DS), use the Group Policy Management Console (GPMC). To configure the Group Policy setting locally on an RD Session Host server, use the Local Group Policy Editor. For more information about configuring Group Policy settings, see either the Local Group Policy Editor Help ( http://go.microsoft.com/fwlink/?LinkId=143317) or the GPMC Help ( http://go.microsoft.com/fwlink/?LinkId=143867) in the Windows Server Technical Library.

There is a network connectivity problem between the RD Session Host server and the license server

To resolve this issue, identify and fix any network connectivity problems between the RD Session Host server and the license server by doing the following:

Determine if there is a network connectivity problem by using the ping command.
Perform additional troubleshooting steps, if necessary, to help identify the cause of the problem.

To perform these tasks, refer to the following sections.

To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

Determine if there is a network connectivity problem

To determine if there is a network connectivity problem between the RD Session Host server and the license server:

1. On the RD Session Host server, click Start, click Run, type cmd, and then click OK.

2. At the command prompt, type ping server_FQDN, where server_FQDN is the fully qualified domain name (FQDN) of the license server (for example, server1.contoso.com), and then press ENTER.

If the ping was successful, you will receive a reply similar to the following:

Reply from IP_address: bytes=32 time=3ms TTL=59

Reply from IP_address: bytes=32 time=20ms TTL=59

Reply from IP_address: bytes=32 time=3ms TTL=59

Reply from IP_address: bytes=32 time=6ms TTL=59

3. At the command prompt, type ping IP_address, where IP_address is the IP address of the license server, and then press ENTER.

If you can successfully ping the license server by IP address, but not by FQDN, this indicates a possible issue with DNS host name resolution.

If you cannot successfully ping the license server by IP address, this indicates a possible issue with network connectivity, firewall configuration, or IPsec configuration.

Perform additional troubleshooting steps

The following are some additional troubleshooting steps that you can perform to help identify the root cause of the problem:

Ping other computers on the network to help determine the extent of the network connectivity issue.
If you can ping other servers but not the license server, try to ping the license server from another computer. If you cannot ping the license server from any computer, first ensure that the license server is running. If the license server is running, check the network settings on the license server.
Check the TCP/IP settings on the local computer by doing the following:
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type ipconfig /all, and then press ENTER. Make sure that the information listed is correct.
Type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with your network adapter.
Type ping IP_address, where IP_address is the IP address assigned to the computer. If you can ping the localhost address but not the local address, there may be an issue with the routing table or with the network adapter driver.
Type ping DNS_server, where DNS_server is the IP address assigned to the DNS server. If there is more than one DNS server on your network, you should ping each one. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or with the network between the computer and the DNS servers.
If the license server is on a different subnet, try to ping the default gateway. If you cannot ping the default gateway, this might indicate a problem with the network adapter, the router or gateway device, cabling, or other connectivity hardware.
In Device Manager, check the status of the network adapter. To open Device Manager, click Start, click Run, type devmgmt.msc, and then click OK.
Check network connectivity indicator lights on the computer and at the hub or router. Check network cabling.
Check firewall settings by using the Windows Firewall with Advanced Security snap-in.
Check IPsec settings by using the IP Security Policy Management snap-in.

Resolution steps for the following event ID: 1061

To resolve this issue, identify and fix any network connectivity problems between the RD Session Host server and the Active Directory domain controller by doing the following:

Determine if there is a network connectivity problem by using the ping command.
Perform additional troubleshooting steps, if necessary, to help identify the cause of the problem.

To perform these tasks, refer to the following sections.

Note: The following procedures include steps for using the ping command to perform troubleshooting. Therefore, before performing these steps, check whether the firewall or Internet Protocol security (IPsec) settings on your network allow Internet Control Message Protocol (ICMP) traffic. ICMP is the TCP/IP protocol that is used by the ping command.

To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

Determine if there is a network connectivity problem

To determine if there is a network connectivity problem between the RD Session Host server and the domain controller:

On the RD Session Host server, click Start, click Run, type cmd, and then click OK.
At the command prompt, type ping server_FQDN, where server_FQDN is the fully qualified domain name (FQDN) of the domain controller (for example, server1.contoso.com), and then press ENTER.

If the ping was successful, you will receive a reply similar to the following:

Reply from IP_address: bytes=32 time=3ms TTL=59

Reply from IP_address: bytes=32 time=20ms TTL=59

Reply from IP_address: bytes=32 time=3ms TTL=59

Reply from IP_address: bytes=32 time=6ms TTL=59

3. At the command prompt, type ping IP_address, where IP_address is the IP address of the domain controller, and then press ENTER.

If you can successfully ping the domain controller by IP address, but not by FQDN, this indicates a possible issue with DNS host name resolution.

If you cannot successfully ping the domain controller by IP address, this indicates a possible issue with network connectivity, firewall configuration, or IPsec configuration.

Perform additional troubleshooting steps

The following are some additional troubleshooting steps that you can perform to help identify the root cause of the problem:

Ping other computers on the network to help determine the extent of the network connectivity issue.
If you can ping other servers but not the domain controller, try to ping the domain controller from another computer. If you cannot ping the domain controller from any computer, first ensure that the domain controller is running. If the domain controller is running, check the network settings on the domain controller.
Check the TCP/IP settings on the local computer by doing the following:
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type ipconfig /all, and then press ENTER. Make sure that the information listed is correct.
Type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with your network adapter.
Type ping IP_address, where IP_address is the IP address assigned to the computer. If you can ping the localhost address but not the local address, there may be an issue with the routing table or with the network adapter driver.
Type ping DNS_server, where DNS_server is the IP address assigned to the DNS server. If there is more than one DNS server on your network, you should ping each one. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or with the network between the computer and the DNS servers.
If the domain controller is on a different subnet, try to ping the default gateway. If you cannot ping the default gateway, this might indicate a problem with the network adapter, the router or gateway device, cabling, or other connectivity hardware.
In Device Manager, check the status of the network adapter. To open Device Manager, click Start, click Run, type devmgmt.msc, and then click OK.
Check network connectivity indicator lights on the computer and at the hub or router. Check network cabling.
Check firewall settings by using the Windows Firewall with Advanced Security snap-in.
Check IPsec settings by using the IP Security Policy Management snap-in.

Resolution steps for the following event IDs: 1068, 1069

To resolve this issue, specify the Remote Desktop licensing mode on the RD Session Host server.

The Remote Desktop licensing mode determines the type of Remote Desktop Services client access licenses (RDS CALs) that an RD Session Host server will request from a license server on behalf of a client connecting to the RD Session Host server. Although there is a licensing grace period during which no license server is required, after the grace period ends, clients must receive a valid RDS CAL issued by a license server before they can log on to an RD Session Host server.

Important: The Remote Desktop licensing mode configured on an RD Session Host server must match the type of RDS CALs available on the license server.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To specify the Remote Desktop licensing mode:

On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
Under Licensing, double-click Remote Desktop licensing mode.
Select either Per Device or Per User, depending on your environment.
Click OK.

Note: You can also specify the Remote Desktop licensing mode for an RD Session Host server by using Group Policy.

To specify the Remote Desktop licensing mode for an RD Session Host server by using Group Policy, enable the Set the Remote Desktop licensing mode Group Policy setting. This Group Policy setting is located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing. Note that the Group Policy setting will take precedence over the setting configured in Remote Desktop Session Host Configuration.
To configure the Group Policy setting in Active Directory Domain Services (AD DS), use the Group Policy Management Console (GPMC). To configure the Group Policy setting locally on an RD Session Host server, use the Local Group Policy Editor. For more information about configuring Group Policy settings, see either the Local Group Policy Editor Help ( http://go.microsoft.com/fwlink/?LinkId=143317) or the GPMC Help ( http://go.microsoft.com/fwlink/?LinkId=143867) in the Windows Server Technical Library.

Resolution steps for the following event ID: 1004

This error might be caused by one of the following conditions:

The licensing mode for the RD Session Host server does not match the type of RDS CALs installed on the license server.
The RDP encryption levels on the RD Session Host server and the client are not compatible.
The certificate on the RD Session Host server is corrupted.

The licensing mode for the RD Session Host server does not match the type of RDS CALs installed on the license server

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To determine the licensing mode for the RD Session Host server:

On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
In the left pane, click Licensing Diagnosis.
Review the following information in Licensing Diagnosis:
Under RD Session Host Server Configuration Details, note the licensing mode for the RD Session Host server.
Under Remote Desktop Services License Server Information, note the type of RDS CALs installed on any license server that is listed as discovered. Information about the type of RDS CALs installed on a license server is listed under License Server Configuration Details, which is displayed when you click a license server listed as discovered under Remote Desktop Services License Server Information.
If the licensing mode for the RD Session Host server does not match the type of RDS CALs installed on the license server, see the section titled "Specify the licensing mode for the RD Session Host server."

The RDP encryption levels on the RD Session Host server and the client are not compatible

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To determine the RDP encryption level compatibility:

On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
Under Connections, right-click the connection (for example, RDP-Tcp), and then click Properties.
On the General tab, note the value of Encryption level. For more information about encryption levels, see "Configure Server Authentication and Encryption Levels" in the Remote Desktop Session Host Configuration Help in the Windows Server Technical Library ( http://go.microsoft.com/fwlink/?LinkId=177586).
On the client computer, start Remote Desktop Connection. To start Remote Desktop Connection, click Start, click Run, type mstsc.exe, and then press ENTER.
Click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. Look for the phrase "Maximum encryption strength" in the About Remote Desktop Connection dialog box. This value is the maximum encryption strength supported by the version of Remote Desktop Connection running on the computer.
If the maximum encryption strength supported by the version of Remote Desktop Connection running on the client computer is not supported by the encryption level configured on the RD Session Host server, see the section titled "Change the RDP encryption level on the RD Session Host server."

The certificate on the RD Session Host server is corrupted

If the licensing mode for the RD Session Host server matches the type of RDS CALs installed on the license server, and the RDP settings on the RD Session Host server and the client are compatible, the certificate on the RD Session Host server might be corrupted. To resolve this issue, see the section titled "Delete the appropriate registry subkey."

Resolution steps for the following event ID: 1003

To resolve this issue, delete the MSLicensing registry subkey on the client computer, restart the client computer, and then try again to connect remotely to the RD Session Host server from the client computer. If the issue persists, delete the Certificate, X509 Certificate, X509 Certificate2, and X509 Certificate ID registry entries on the RD Session Host server, restart the RD Session Host server, and then try again to connect to the RD Session Host server from the client computer.

Delete the MSLicensing registry subkey

To perform this procedure on the client computer, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To delete the MSLicensing registry subkey:

Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

On the client computer, open Registry Editor. To open Registry Editor, click Start, click Run, type regedit, and then click OK.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
Locate the HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing registry subkey.
Click MSLicensing.
Before deleting the MSLicensing subkey, back up the subkey. To back up the subkey, do the following:
Right-click MSLicensing, and then click Export.
In the File name box, type mslicensingbackup, and then click Save. If you need to restore this registry subkey, double-click mslicensingbackup.reg.
To delete the MSLicensing subkey, on the Edit menu, click Delete, and then click Yes.
Close Registry Editor, and then restart the client.
After the client computer is restarted, try again to connect remotely to the RD Session Host server from the client computer.

Delete the appropriate registry entries on the RD Session Host server

If the issue persists, delete the Certificate, X509 Certificate, X509 Certificate2, and X509 Certificate ID registry entries on the RD Session Host server.

To perform this procedure on the RD Session Host server, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To delete the appropriate registry entries:

Caution: Incorrectly editing the registry can severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

On the RD Session Host server, open Registry Editor. To open Registry Editor, click Start, click Run, type regedit, and then click OK.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
Locate the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM registry subkey.
Click RCM.
Before deleting the subkeys, back up the RCM subkey. To back up the subkey, do the following:
Right-click RCM, and then click Export.
In the File name box, type rdsrcm, and then click Save. If you need to restore this registry subkey, double-click rdsrcm.reg.
To delete the Certificate, X509 Certificate, X509 Certificate2, and X509 Certificate ID registry entries, right-click each entry, click Delete, and then click Yes.
Close Registry Editor, and then restart the RD Session Host server.
After the RD Session Host server is restarted, try again to connect remotely to the RD Session Host server from the client computer.

If the issue persists, do the following:

On the client computer, back up and then delete the MSLicensing registry key and its subkeys.
On the RD Session Host server, back up and then delete the Certificate, X509 Certificate, X509 Certificate2, and X509 Certificate ID registry entries.
Deactivate and then reactivate the license server. For information about deactivating and reactivating a license server, see the topic "Managing Remote Desktop Licensing" in the RD Licensing Manager Help in the Windows Server Technical Library ( http://go.microsoft.com/fwlink/?LinkId=177615).

Restart the RD Session Host server and the client computer and then try again to connect remotely to the RD Session Host server from the client computer.

Element properties:

Target

Microsoft.Windows.Server.10.0.RemoteDesktopServicesRole.Service.RDSessionHost

Parent Monitor

System.Health.AvailabilityState

Category

Custom

Enabled

True

Alert Generate

True

Alert Severity

MatchMonitorHealth

Alert Priority

High

Alert Auto Resolve

True

Monitor Type

Microsoft.Windows.2SingleEventLogManualReset3StateMonitorType

Remotable

True

Accessibility

Public

Alert Message

Remote Desktop Services Client Access License (RDS CAL) Availability on Remote Desktop Session Host Alert

Event ID: {0} -- Description: {1}

RunAs

Default

Source Code:

<UnitMonitor ID="Microsoft.Windows.Server.10.0.RemoteDesktopServices.NewUnitMonitor_18" Accessibility="Public" Enabled="true" Target="Microsoft.Windows.Server.10.0.RemoteDesktopServicesRole.Service.RDSessionHost" ParentMonitorID="SystemHealth!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.2SingleEventLogManualReset3StateMonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="Microsoft.Windows.Server.10.0.RemoteDesktopServices.NewUnitMonitor_18_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>High</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/EventDisplayNumber$</AlertParameter1>

      <AlertParameter2>$Data/Context/EventDescription$</AlertParameter2>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="UIGeneratedOpStateIdf151203610bb43eb80cc285e7c5c915c" MonitorTypeStateID="ManualResetEventRaised" HealthState="Success"/>

    <OperationalState ID="UIGeneratedOpStateId24216c92f0f44f7396cea4c1ebb55714" MonitorTypeStateID="SecondEventRaised" HealthState="Warning"/>

    <OperationalState ID="UIGeneratedOpStateIdde080f5c8afc4b7b9ca0ec8371bd450a" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <FirstComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>

    <FirstLogName>System</FirstLogName>

    <FirstExpression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Microsoft-Windows-TerminalServices-RemoteConnectionManager</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">1004</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">1028</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">1003</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">1043</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">1069</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </Or>

        </Expression>

      </And>

    </FirstExpression>

    <SecondComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>

    <SecondLogName>System</SecondLogName>

    <SecondExpression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Microsoft-Windows-TerminalServices-RemoteConnectionManager</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">1011</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">1068</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">1061</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </Or>

        </Expression>

      </And>

    </SecondExpression>

  </Configuration>

</UnitMonitor>