In their infinite wisdom, Microsoft has decided to not allow a Remote Desktop Server to operate outside of a domain. This is in spite of the fact that it technically works fine. The issue only arises with licensing.
In this case the Terminal Server / Remote Desktop Server was unable to find a TS license server and as it has already passed it's 120 day grace period no one was able via a standard Remote Desktop session.
To Connect you will need to use the following command:
This provides an admin connection and as such does not require a Remote Desktop license.
In the situation below the Remote desktop server was not part of a domain. The license Server service was installed on this machine and activated. Licenses were installed all apparently without any issue.
The problem is that the Remote Desktop Licensing Diagnoser does not recognize them.
To resolve this we have to open up a Microsoft Management Console - Just search for MMC
From the File menu select "Add/Remove Snap-in..."
Add the Group Policy Object which will show up on the right as the "Local Computer Policy"
Navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing
- Use the specified RD license servers = <server IP> (Which in this case is the IP address of this machine)
- Set the Remote Desktop licensing mode = Per User
Now you notice that the Remote Licensing Diagnoser is able to see the licenses. Unfortunately if the 120 day grace period is over people will still not be able to log in even if you reboot. This apparently is a recognized bug within Windows 2012 Server.
Resetting the Remote Desktop 120 Day Grace period
To resolve this issue you need to delete a key in the registry. As usual make sure you have a backup before you start.
Open up regedit and navigate to the following key:
- hkey_local_machine\system\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod
Right click on the GracePeriod Key and select Permissions...
Select the Advanced Button
You need to change the owner from the "Network Service" to the "Administrator". In this case the administrator is a local administrator as there is no domain.
Ensure that the administrator has full control of the GracePeriod key
Now you need to delete the key "L$RTMTIMEBOMB_1320153D-8DA3-4e8e-B27B-0D888223A588"
You now need to reboot the server or just restart the "Remote Desktop Services" service.
NOTE: If this is a virtual machine then you must use the restart facility. If you stop the service then you will be locked out of this system.
Automating the removal of the GracePeriod Key
Now, I am not sure but I suspect that in 120 days I will have this issue happening again as the key is regenerated the moment someone new logs on to the server.
To control this you may need to schedule a batch file which automatically deletes the key, say once a week
~~~~~~ RemoveGracePeriodKey.bat ~~~~~~~~~~~~~~
REG DELETE \\ServerName\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod /v L$RTMTIMEBOMB_1320153D-8DA3-4e8e-B27B-0D888223A588
net stop termservice
net start termservice
Note: You will need to replace the \\ServerName\ with the name of your server
You will need to ensure that the scheduled service runs in the context of the administrator and that it "Runs with the highest privileges" Make sure you schedule it at a time when no one will be using the system e.g. Sunday Morning at 3 am.