Austlink Help Centre

Follow

Windows Server 2012 - Remote Desktop Licensing without a Domain

In their infinite wisdom, Microsoft has decided to not allow a Remote Desktop Server to operate outside of a domain. This is in spite of the fact that it technically works fine. The issue only arises with licensing.

 

In this case the Terminal Server / Remote Desktop Server was unable to find a TS license server and as it has already passed it's 120 day grace period no one was able via a standard Remote Desktop session.

To Connect you will need to use the following command:

"MSTSC/ admin"

 

This provides an admin connection and as such does not require a Remote Desktop license.

 

In the situation below the Remote desktop server was not part of a domain. The license Server service was installed on this machine and activated. Licenses were installed all apparently without any issue. 

 

WindowsRemoteDesktopLicensesWorkGroup01a.jpg

The problem is that the Remote Desktop Licensing Diagnoser does not recognize them. 

 

WindowsRemoteDesktopLicensesWorkGroup01.jpg

 

To resolve this we have to open up a Microsoft Management Console - Just search for MMC

 

 

WindowsRemoteDesktopLicensesWorkGroup02.jpg

 

From the File menu select "Add/Remove Snap-in..."

 

WindowsRemoteDesktopLicensesWorkGroup03.jpg

 

Add the Group Policy Object which will show up on the right as the "Local Computer Policy"

 

WindowsRemoteDesktopLicensesWorkGroup04.jpg

 

Navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing

  • Use the specified RD license servers = <server IP> (Which in this case is the IP address of this machine)
  • Set the Remote Desktop licensing mode = Per User

 

 

WindowsRemoteDesktopLicensesWorkGroup05.jpg

 

Now you notice that the Remote Licensing Diagnoser is able to see the licenses. Unfortunately if the 120 day grace period is over people will still not be able to log in even if you reboot. This apparently is a recognized bug within Windows 2012 Server.

 

WindowsRemoteDesktopLicensesWorkGroup06.jpg

 

Resetting the Remote Desktop 120 Day Grace period

 

To resolve this issue you need to delete a key in the registry. As usual make sure you have a backup before you start.

Open up regedit and navigate to the following key: 

  • hkey_local_machine\system\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod

Right click on the GracePeriod Key and select Permissions...

 

 

WindowsRemoteDesktopLicensesWorkGroup07.jpg

 

Select the Advanced Button

 

WindowsRemoteDesktopLicensesWorkGroup08.jpg.

You need to change the owner from the "Network Service" to the "Administrator". In this case the administrator is a local administrator as there is no domain.

 

WindowsRemoteDesktopLicensesWorkGroup09.jpg

 

Ensure that the administrator has full control of the GracePeriod key

Now you need to delete the key "L$RTMTIMEBOMB_1320153D-8DA3-4e8e-B27B-0D888223A588" 

 

WindowsRemoteDesktopLicensesWorkGroup10.jpg

 

You now need to reboot the server or just restart the "Remote Desktop Services" service.

 

NOTE: If this is a virtual machine then you must use the restart facility. If you stop the service then you will be locked out of this system.

 

WindowsRemoteDesktopLicensesWorkGroup11.jpg

 

 

Automating the removal of the GracePeriod Key

 

Now, I am not sure but I suspect that in 120 days I will have this issue happening again as the key is regenerated the moment someone new logs on to the server.

To control this you may need to schedule a batch file which automatically deletes the key, say once a week

~~~~~~ RemoveGracePeriodKey.bat ~~~~~~~~~~~~~~
@echo off

REG DELETE \\ServerName\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod /v L$RTMTIMEBOMB_1320153D-8DA3-4e8e-B27B-0D888223A588

net stop termservice

timeout 30

net start termservice

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Note: You will need to replace the \\ServerName\ with the name of your server

 

You will need to ensure that the scheduled service runs in the context of the administrator and that it "Runs with the highest privileges" Make sure you schedule it at a time when no one will be using the system e.g. Sunday Morning at 3 am.

 

I have not personally tried this batch file so please test on a non production server before you execute it on your server.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    oboz

    I have a question, the license expires in 4 days, I wanted to lose, and to renew the license for another 120 days, all did as instructed but the license is not renewed, what to do?

  • Avatar
    oboz

    please, help

  • Avatar
    Yogesh Tikone

    You are great !!! It fixed my issue...

This entire document, including design, text, videos,graphics, and photographs are Copyright © 2014 Austlink Plus Pty Ltd, All Rights Reserved.
No part of this document may be reproduced in any way or by any means for commercial or any other purposes, without prior written permission of Austlink Plus Pty Ltd. Use of any data for the purpose of creating promotional materials or producing a printed or electronic catalog of any kind is expressly forbidden without prior written permission of Austlink Plus Pty Ltd.

Powered by Zendesk