Last few weeks we ( me and my colleague ) were installing a terminal server 2008 in a windows server 2008 R2 domain. And after logging in with a user we got the message in the event log 4105.
Run powershell as administrator ( right click ) [ note: use the powershell for active directory ]
Log Name: System Source: Microsoft-Windows-TerminalServices-Licensing Date: 1/5/2010 9:46:32 AM Event ID: 4105 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: myserver Description: The Remote Desktop license server cannot update the license attributes for user "myuser" in the Active Directory Domain "mydomain". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "mydomain". If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group. If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Remote Desktop Licensing service to track or report the usage of RDS Per User CALs. Win32 error code: 0x80070005
I was looking for a solution to fix this issue. Because users where getting temporary user profiles every time the logged on. After some searching on the internet i found a nice solution for this event id 4105.
What you have to do is to create a script and use it in power-shell on the domain controller.
# Description: This script will add missing permissions for the Terminal # Description: This script will add missing permissions for the Terminal #Server License Server group to user objects in Active Directory. # This may solve problems with TS CALs not beeing issued and event id #4105 being logged at the license server. # Constants $URL = "LDAP://DC=mydomain,DC=com"; cls $root = New-Object DirectoryServices.DirectoryEntry $URL $ds = New-Object DirectoryServices.DirectorySearcher $ds.SearchRoot = $root $ds.filter = "objectCategory=Person" $src = $ds.findall() write-host "Found" $src.count "user objects.`n" $src | %{ $de = $_.getdirectoryentry() $accessrules = $de.get_objectsecurity().getaccessrules($true, $false,[System.Security.Principal.SecurityIdentifier]) | ?{$_.ObjectType -eq "5805bc62-bdc9-4428-a5e2-856a0f4c185e"} if ((measure-object -inputobject $accessrules).count -eq 0) { $ar = new-object System.DirectoryServices.ActiveDirectoryAccessRule([System.Security.Principal.SecurityIdentifier]"S-1-5-32-561", 48, "Allow", [guid]"5805bc62-bdc9-4428-a5e2-856a0f4c185e") $de.get_objectsecurity().addaccessrule($ar) $de.commitchanges() write-host -f yellow ("Added:`t" + $de.properties["sAMAccountName"]) start-sleep -m 200 } else { write-host -f green ("OK:`t" + $de.properties["sAMAccountName"]) } }
Create from the script above a new powershell script and run it as a Domain Administrator.
Download here a text file with the script ( you need only to change the DC=mydomain,DC=com to your own local domain name )
Pingback: EventID 4105 Terminal Server Windows Server 2008 R2 « LogOn