Microsoft KB Archive/329896

= Because of a security error, the client could not connect to the Terminal Server =

Article ID: 329896

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q329896



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
After you upgrade a Microsoft Windows NT domain to Microsoft Windows 2000 or Microsoft Windows Server 2003, Windows 2000 Terminal Services clients may be repeatedly denied access to the terminal server. If you are using a Terminal Services client to log on to the terminal server, you may receive one of the following error messages:

Because of a security error, the client could not connect to the Terminal server. After making sure that you are logged on to the network, try connecting to the server again.

-or-

Remote desktop disconnected. Because of a security error, the client could not connect to the remote computer. Verify that you are logged onto the network and then try connecting again.

Additionally, the following event ID messages may be logged in Event Viewer on the terminal server:

Event ID: 50

Event Source: TermDD

Event Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.

-and-

Event ID: 1008

Event Source: TermService

Event Description: The terminal services licensing grace period has expired and the service has not registered with a license server. A terminal services license server is required for continuous operation. A terminal server can operate without a license server for 90 days after initial start up.

-and-

Event ID: 1004

Event Source: TermService

Event Description: The terminal server cannot issue a client license.

-and-

Event ID: 1010

Event Source: TermService

Event Description: The terminal services could not locate a license server. Confirm that all license servers on the network are registered in WINS\DNS, accepting network requests, and the Terminal Services Licensing Service is running.

-and-

Event ID: 28

Event Source: TermServLicensing

Event Description: Terminal Services Licensing can only be run on Domain Controllers or Server in a Workgroup. See Terminal Server Licensing help topic for more information.



CAUSE
This issue may occur if a certificate on the terminal server is corrupted.



RESOLUTION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To resolve this issue, back up and then remove the X509 Certificate registry keys, restart the computer, and then reactivate the Terminal Services Licensing server. To do this, follow these steps.

NOTE: Perform the following procedure on each of the terminal servers.  Make sure that the terminal server registry has been successfully backed up. Start Registry Editor. Locate and then click the following registry subkey:  On the Registry menu, click Export Registry File. Type exported-parameters in the File name box, and then click Save.

NOTE: If you have to restore this registry subkey in the future, double-click the Exported-parameters.reg file that you saved in this step. Under the Parameters registry subkey, right-click each of the following values, click Delete, and then click Yes to confirm the deletion:

Certificate

X509 Certificate

X509 Certificate ID

</li> Quit Registry Editor, and then restart the server.</li> Reactivate the Terminal Services Licensing server by using the Telephone connection method in the Licensing Wizard.

NOTE: If you activate the Terminal Services Licensing server using the Telephone option, the licensing server uses a different form of certificate.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

306578 How to deactivate or reactivate a License Server using Terminal Services Licensing

323597 Windows XP clients cannot connect to a Windows 2000 Terminal Services Server

Keywords: kbprb KB329896

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.