Event ID 1067 — Terminal Server Connections
Applies To: Windows Server 2008
Users can connect to a terminal server to run programs, save files, and use network resources on that server. When a user disconnects from a session, all processes running in the session, including applications, will continue to run on the terminal server.
The user logon mode on the terminal server can be configured to prevent new user sessions from being created on the terminal server. You might want to prevent new user sessions from being created on the terminal server when you are planning to take the terminal server offline for maintenance or to install new applications.
Event Details
Product: | Windows Operating System |
ID: | 1067 |
Source: | Microsoft-Windows-TerminalServices-RemoteConnectionManager |
Version: | 6.0 |
Symbolic Name: | EVENT_TS_REGISTERING_SPN_FAILED |
Message: | The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: %1. |
Resolve
Register the Service Principal Name for the terminal server
To resolve this issue, manually register the Service Principal Name (SPN) for the terminal server.
Note: Terminal Services attempts to register the SPN every time the computer is started. To register the SPN, the terminal server must be able to contact an Active Directory domain controller. If the SPN is not registered, Kerberos authentication will not be available for client connections. NTLM authentication can be used if it has not been disallowed by the administrator.
To perform this procedure, you must have membership in the Domain Admins group in the domain, or you must have been delegated the appropriate authority.
To register the SPN:
On the terminal server, open a Command Prompt window. To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
At the command prompt, type setspn -A host ServicePrincipalName (where host is the name of the terminal server and ServicePrincipal Name is the SPN to register), and then press ENTER.
For example, to register the SPN for Server1, type the following at the command prompt: setspn -A TERMSERV/Server1 Server1
Note: After you have successfully registered the SPN, you might see that Event ID 1067 is still being logged, stating that the terminal server cannot register the SPN. You can ignore Event ID 1067 in those cases.
Verify
To verify that connections to the terminal server are working properly, establish a remote session with the terminal server.