- Windows Server 2008 R2 Domain
- Windows Server 2008 R2 Remote Desktop Server with following roles:
- Remote Desktop Session Host
- Remote Desktop Licensing (User CALs)
- Remote Desktop Web Access
Every time non-administrator user logs on via Remote Desktop connection, following Warning is logged in System Logs:
Event ID: 4105
The Remote Desktop license server cannot update the license attributes for user "<user.name>" in the Active Directory Domain "<domain.local>". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "domain.local".
If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group.
If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Remote Desktop Licensing service to track or report the usage of RDS Per User CALs.
Win32 error code: 0x80070005
Microsoft KB2030310 article list 3 possible reasons for this behaviour:
- The license server is not a member of the Terminal Server License Servers group in the domain in which the users reside.
- The license server is installed on a domain controller, and the Network Service account is not a member of the Terminal Server License Servers group.
- If the user accounts existed before the domain was upgraded to Windows Server 2003, the Terminal Server License Servers group might be missing in the discretionary access control list (DACL) of the user objects in Active Directory directory service. Or, the group is in the DACL, but the group does not have permissions to update the Terminal Services Licensing information for the user account.
After checking that first 2 reasons do not apply I assumed that issue was cased by domain existence prior to Windows Server 2003.
Issue was resolved by adding read/write permissions to the Terminal Server License Servers group for all users.
- Open Active Directory Users and Computers
- Right click on the domain > Delegate Control > Next
- Add Terminal Server License Servers group > Next
- Select Create a custom task to delegate > Next
- Select Only the following objects in the folder, scroll down and check User objects > Next
- Check General, scroll down and check Read and Write Terminal Server license server > Next > Finish