Recently, a large number of event records of remote desktop 4105 Warning message,Follows:
The remote desktop authorization server cannot be an Active Directory domain “xxx.com.tw” Of users “bill” Update authorization attributes。Please make sure the computer account of the authorization server is an Active Directory domain “xxx.com.tw” Member of the Terminal Server License Servers group。
There are two users who appeared this message,And they can still log in to the remote desktop server,However, the authorized use of these two accounts will not be recorded in the "RD Authorized Administrator"。After checking the information online,It seems that because the two accounts are in Windows 2000 The period has been established,After the domain upgrade,Some security communication problems caused,So through some settings,Allow the account to correctly obtain the relevant permissions for remote authorization。
【Solution】
◎ Open "Active Directory Users and Computers",Right click on the domain,Select 【Delegation Control】。
◎ Select 【New】。
◎ Input “terminal server license servers“,Press 【OK】。
◎ After the next step,Select [Create an automatic job to delegate],Then press 【Next】。
◎ Select [Only the following objects in this folder],Check [User Object],Uncheck all others,And click 【Next】。
◎ Choose 【General】,Tick [Read and Write Terminal Server Authorization Server],Click 【Next】。
◎ Click 【Finish】。
◎ Back to the "Active Directory Users and Computers" screen,Under "View" check "Advanced Features"。
◎ Right click on the target account,Select 【Content】。
◎ Under the "Security" tab,Click on the "Terminal Sever License Servers" role,Make sure that the permissions of "Read Terminal Server Authorization Server" and "Write Terminal Server Authorization Server" are [Allow]。
After completing the steps of "delegating work" in my environment,Each user will automatically have the permissions for the last step,So just check。After completing the above actions,Will never appear again 4105 Error message,And the authorization record of the user will also appear in the "RD Authorization Manager"。
【Fan Wai Pian 1】
After creating the remote desktop authorization server,Also encountered the same message,And the user who showed the warning message at that time,All from another domain B (Trusted),Therefore, the problem is actually solved as the second half of the message,Just add the computer name of the authorized server to the "Terminal Sever License Servers" group of domain B (I originally only added it to domain A)。
【Fanwai Part Two】
The domain B account recently occurred when connecting to the remote desktop,The error message "Access denied" will pop up,But the server's record can't see any abnormal error message,Later, after trying to remove the authorized server computer in the domain B "Terminal Sever License Servers" group,User in domain B can log in,Then add the computer back,Also normal。
【參考連結】
- FIX Event ID 4105: Remote Desktop license server cannot update the license attributes for user in Active Directory Domain. – wintips.org – Windows Tips & How-tos
- TerminalServices-Licensing 4105 – The Terminal Services license server cannot update the license attributes for user “
” in Active Directory Domain “ ”