Event ID 1067 — Remote Desktop Session Host Connections
Applies To: Windows Server 2008 R2
.jpg)
Users can connect to an RD Session Host server to run programs, save files, and use network resources on that server. When a user disconnects from a session, all processes running in the session, including applications, will continue to run on the RD Session Host server.
The user logon mode on the RD Session Host server can be configured to prevent new user sessions from being created on the RD Session Host server. You might want to prevent new user sessions from being created on the RD Session Host server when you are planning to take the RD Session Host server offline for maintenance or to install new applications.
Event Details
| Product: | Windows Operating System |
| ID: | 1067 |
| Source: | Microsoft-Windows-TerminalServices-RemoteConnectionManager |
| Version: | 6.1 |
| Symbolic Name: | EVENT_TS_REGISTERING_SPN_FAILED |
| Message: | The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: %1. |
Resolve
Register the Service Principal Name for the RD Session Host server
To resolve this issue, manually register the Service Principal Name (SPN) for the RD Session Host server.
Note: Remote Desktop Services attempts to register the SPN every time the computer is started. To register the SPN, the RD Session Host server must be able to contact an Active Directory domain controller. If the SPN is not registered, Kerberos authentication will not be available for client connections. NTLM authentication can be used if it has not been disallowed by the administrator.
To perform this procedure, you must have membership in the Domain Admins group in the domain, or you must have been delegated the appropriate authority.
To register the SPN:
On the RD Session Host server, open a Command Prompt window. To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
At the command prompt, type setspn -A hostServicePrincipalName (where host is the name of the RD Session Host server and ServicePrincipal Name is the SPN to register), and then press ENTER.
For example, to register the SPN for Server1, type the following at the command prompt: setspn -A TERMSERV/Server1 Server1
Note: After you have successfully registered the SPN, you might see that Event ID 1067 is still being logged, stating that the RD Session Host server cannot register the SPN. You can ignore Event ID 1067 in those cases.
Verify
To verify that connections to the RD Session Host server are working properly, establish a remote session with the RD Session Host server.