5

I'm in the middle of a migration from an old virtualized Windows 2003 Terminal Server to a 2008 R2 RDS host. The environment is a mix of several generations of HP thin clients, as well as some Axel hardware terminals.

The first batch of users migrated well, but as we encountered people with older HP devices, we discovered that some simply could not connect to the Windows 2008 R2 server.

  • One device type is Linux-based. HP thinconnect... and RDP sessions initiated to the new terminal server disconnect immediately. That issue has been traced back to the Linux rdesktop capabilities.

  • The other device type, of which there are many in the environment, is the HP T5510 Thin Client. It runs Windows CE 4. New connections to the terminal server result in:

Because of a security error, the client could not connect to the terminal server

Connecting to the old Windows 2003 server works fine. So this is specific to the HP Thin Client interaction. Network Level Authentication (NLA) is disabled.

Any tips on resolving this?

Will new thin clients need to be purchased?

ewwhite
  • 194,921
  • 91
  • 434
  • 799

1 Answers1

7

I fear that you may be having a problem with "licensing". I saw something similar with a couple Wyse thin clients but rather than troubleshoot the issue the Customer just opted to replace the hardware (because they only had two of the devices).

This long thread on social.technet.microsoft.com is filled with users having a similar experience. The users there seem to have tied the problems to activating the license server. Their devices worked properly before the grace period expired.

There's a disheartening statement in that thread: "The official word from Microsoft is 2008R2 RDS does not support clients below 6.0. Microsoft support did not offer any further assistance other than to go to the thin client vendor." That's pretty disappointing if it's true.

There's also a proposed solution that involves deleting some registry values from under the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM" registry key that some reported success with. I'm pasting it here, slightly edited, for reference, but the credit goes to EricWy:

  • Open Remote Desktop Licensing Manager
  • Right-click your Licensing Server name select Properties.
  • Change Connection Method to 'Web Browser'
  • Go back to the Licensing Server, right click your server. Select `Advanced / Reactivate Server'
  • Reactive server via the given Wizard + web browser
  • Delete the following registry values below the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM (the values will be re-created automatically when you reboot):Certificate, X509 Certificate, X509 Certificate ID, X509 Certificate2
  • Reboot
Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • It worked! This fixed the woes with the Windows CE devices. I'm still searching for a tool to handle the updates on the HP Linux-based thin clients. – ewwhite Feb 01 '13 at 23:39
  • The above process also helped me connecting Windows Mobile 6.x device to RDS2012. The x509 keys change from autogenerated 4096 key-length SHA2 to 2048 key.length SHA1 certiifactes after the reboot! Very interesting hidden feature, or is there any tool to control the key -length and security algorythm? – josef Mar 11 '14 at 18:11
  • I'm experiencing same problem. Your solution looks pretty good. I have already a few licenses in my license server installed, I also have some Win CE 6.0 thin clients set up. Any chances I'll have to reinstall licenses or re-configure those thin clients after removing those registry entries or reactivating licensing server? – dotz Feb 08 '16 at 00:22
  • This fixed an issue with Windows 2003 clients not able to connect to Windows 2008R2. – rufo Apr 27 '16 at 19:02