Mindless999
asked on
Terminal Licensing server error 0x80070005
I have an issue with one Terminal Licensing server that it cannot active the license.
The following event log warning I always get:
The Terminal Services license server cannot update the license attributes for user "Username" in the Active Directory Domain "domain.local". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "domain.local".
If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group.
If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Terminal Services Licensing service to track or report the usage of TS Per User CALs.
Win32 error code: 0x80070005
I have found the following topic on how to see if you have this problem and what could be the issue (http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/a8bd1444-e5db-4158-acba-cecfcd13aff6/?ffpr=0) and noticed I have the same issue, I only do not know how to resolve this issue.
The enviorment is:
Server 2003 R2 (old) Licensing server /DC
Server 2008 x64 (new) Licensing server /DC (this one gives the warnings)
Server 2008 R2 Terminal Server
The server is in the group "Terminal Server License Servers group" and also the Network Service Account is a member of that group.
How should I resolve this issue?
The following event log warning I always get:
The Terminal Services license server cannot update the license attributes for user "Username" in the Active Directory Domain "domain.local". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "domain.local".
If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group.
If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Terminal Services Licensing service to track or report the usage of TS Per User CALs.
Win32 error code: 0x80070005
I have found the following topic on how to see if you have this problem and what could be the issue (http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/a8bd1444-e5db-4158-acba-cecfcd13aff6/?ffpr=0) and noticed I have the same issue, I only do not know how to resolve this issue.
The enviorment is:
Server 2003 R2 (old) Licensing server /DC
Server 2008 x64 (new) Licensing server /DC (this one gives the warnings)
Server 2008 R2 Terminal Server
The server is in the group "Terminal Server License Servers group" and also the Network Service Account is a member of that group.
How should I resolve this issue?
This is a great resouce for TS: http://technet.microsoft.com/en-us/windowsserver/ee236407.aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So for the script i just need to change the LDAP Settings to my own domain and run the script?
# Description: This script will add missing permissions for the Terminal
#Server License Server group to user objects in Active Directory.
# This may solve problems with TS CALs not beeing issued and event id
#4105 being logged at the license server.
# Constants
$URL = "LDAP://DC=mydomain,DC=com";
cls
$root = New-Object DirectoryServices.DirectoryEntry $URL
$ds = New-Object DirectoryServices.DirectorySearcher
$ds.SearchRoot = $root
$ds.filter = "objectCategory=Person"
$src = $ds.findall()
write-host "Found" $src.count "user objects.`n"
$src | %{
$de = $_.getdirectoryentry()
$accessrules = $de.get_objectsecurity().getaccessrules($true, $false,[System.Security.Principal.SecurityIdentifier]) | ?{$_.ObjectType -eq "5805bc62-bdc9-4428-a5e2-856a0f4c185e"}
if ((measure-object -inputobject $accessrules).count -eq 0)
{
$ar = new-object System.DirectoryServices.ActiveDirectoryAccessRule([System.Security.Principal.SecurityIdentifier]"S-1-5-32-561", 48, "Allow", [guid]"5805bc62-bdc9-4428-a5e2-856a0f4c185e")
$de.get_objectsecurity().addaccessrule($ar)
$de.commitchanges()
write-host -f yellow ("Added:`t" + $de.properties["sAMAccountName"])
start-sleep -m 200
}
else
{
write-host -f green ("OK:`t" + $de.properties["sAMAccountName"])
}
}
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am only getting the following errors when I run the script
At E:\TerminalserverAccessRights.ps1:29 char:51
+ write-host -f green ("OK:`t" + $de.properties[" <<<< sAMAccountName"])
Exception calling "get_objectsecurity" with "0" argument(s): "Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME))"
At E:\TerminalserverAccessRights.ps1:18 char:38
+ $accessrules = $de.get_objectsecurity( <<<< ).getaccessrules($true, $false,[System.Security.Principal.SecurityIdentifier]) | ?{$_.ObjectType -eq "5805bc62-bdc9-4428-a5e2-856a0f4c185e"}
Unable to index into an object of type System.Management.Automation.PSMethod.
At E:\TerminalserverAccessRights.ps1:29 char:51
+ write-host -f green ("OK:`t" + $de.properties[" <<<< sAMAccountName"])
ASKER
I have found out that running the script with Powershell v1 does not work. When I installed Powershell V2 it worked.
(http://support.microsoft.com/kb/968929)
Thanks for the help
(http://support.microsoft.com/kb/968929)
Thanks for the help
ASKER
When Powershell v2 was installed the script will work. Without V2 it will not work.