WARNING: as always use at your own risk and take a backup of your registry before trying.
RDP Access Denied when logging in.
What is needed:
- Windows 2008 R2
- Remote Desktop Services role
- AD logins
- May also have failed to renew license events in the event log
Log Name: System
Event ID: 1028
Task Category: None
The remote session could not be established from remote desktop client xxxxxx because its license could not be renewed.
How to check for bug: connect to server via RDP console mode (mstsc /admin) with same login if it works you are getting this bug.
There is a known bug with Windows 2008R2 and the Terminal Services Role with Remote Desktop. Once installed if the following is not performed any user trying to log onto the server using AD credentials will not be allowed to logon.
The registry key affecting this behavior must be created and set. This change is only required on those servers hosting the Remote Desktop Role.
- Go to start menu, run , and type regedit and choose enter.
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
- Create a DWORD value called (IgnoreRegUserConfigErrors) and assign the value 1 to this property.
No reboot required will work for any new RDP connections
This could also be related to token size too, may want to check if you are getting kerberos errors because of token size