Event ID 4871 — Startup Management
Applies To: Windows Server 2008 R2
The RD Connection Broker server communicates with the RD Virtualization Host server when a user requests a connection to a virtual desktop.
Event Details
Product: | Windows Operating System |
ID: | 4871 |
Source: | Microsoft-Windows-TerminalServices-TSV-VmHostAgent |
Version: | 6.1 |
Symbolic Name: | EVENT_ERR_FAIL_START_SEMO_MONITORING |
Message: | Failed to start session monitoring. Verify permissions in guest OS to enumerate sessions. VM=%1, Hr=%2 |
Resolve
Identify and fix configuration issues with a virtual desktop
To determine how to fix this error condition, examine the error code reported in the event message text.
The event message can report the following error codes:
- RPC_S_SERVER_UNAVAILABLE (800706ba)
- E_ACCESSDENIED (80070005)
To perform these procedures, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.
RPC_S_SERVER_UNAVAILABLE (800706ba)
To resolve this issue, you should enable Remote RPC and ensure that Remote Service Management is allowed through the Windows Firewall.
To enable Remote RPC:
- On the virtual desktop computer, open Registry Editor. To open Registry Editor, click Start, click Run, type regedit.exe and then press ENTER.
- Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer.
- Double-click the AllowRemoteRPC registry entry; in the Value data box, type 1 and then click OK.
- Close Registry Editor.
- If this does not resolve your issue, use the procedure named "To ensure that Remote Service Management is allowed through the Windows Firewall."
You can allow Remote Service Management through the Windows Firewall by using the Windows Firewall console.
To ensure that Remote Service Management is allowed through the Windows Firewall:
- On the virtual desktop computer, open the Windows Firewall console. To open the Windows Firewall console, click Start, click Control Panel, click System and Security, and then click Allow a program through Windows Firewall.
- Select the Remote Service Management check box, and then click OK.
E_ACCESSDENIED (8007005)
To resolve this issue, you should enable Remote Desktop, add the appropriate user accounts to the Remote Desktop Users security group on the virtual desktop, and then add the appropriate RDP protocol permissions.
To enable Remote Desktop:
- On the virtual desktop, open the System control panel. To open the System control panel, click Start, right-click Computer, and then click Properties.
- Click Remote settings.
- Click one of the following options:
- If you want to enforce Network Level Authentication, click the Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) option.
- If you do not want to enforce Network Level Authentication, click the Allow connections from computers running any version of Remote Desktop (less secure) option.
- Click OK to close the System Properties dialog box.
- If the issue is not resolved, use the procedure named "To add the appropriate user account to the Remote Desktop Users security group on the virtual desktop."
You can add user accounts to the Remote Desktop Users security group by using the Local Users and Groups console.
To add the appropriate user account to the Remote Desktop Users security group on the virutal desktop:
- On the virtual desktop, click Start, type lusrmgr.msc and then press ENTER.
- Click Groups.
- Right-click Remote Desktop Users, and then click Add to Group.
- Click Add.
- In the Select Users, Computers, Service Accounts, or Groups dialog box, in the Enter the object names to select box, type the name of the user account, and then click OK.
- Click OK to close the Remote Desktop Users Properties dialog box.
- If the issue is not resolved, use the procedure named "Add the appropriate RDP protocol permissions."
You must add the appropriate RDP protocol permissions by using an elevated command prompt.
To add the appropriate RDP protocol permissions:
- On the virtual desktop, open an elevated command prompt. To open an elevated command prompt, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
- Type the following commands where domain is the name of the domain* and server* **is the name of the RD Virtualization Host server:
- wmic /node:localhost RDPERMISSIONS where TerminalName="RDP-Tcp" CALL AddAccount "domain\server$",1
- wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='domain\\server$'" CALL ModifyPermissions 0,1
- wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='domain\\server$'" CALL ModifyPermissions 2,1
- wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='domain\\server$'" CALL ModifyPermissions 9,1
Verify
To verify that the virtual desktops are started correctly and that the RD Virtualization Host server can communicate with the RD Connection Broker server, you can connect to a virtual desktop by using RD Web Access.
To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.
To connect to a virtual desktop:
- On a client computer, open Internet Explorer. To open Internet Explorer, click Start, point to All Programs, and then click Internet Explorer.
- In the Address bar, type https://servername/RDWeb where servername is the fully qualified domain name of the RD Web Access server, and then press ENTER.
- In the Domain\user name box, type the name of a user account that has access to a virtual desktop.
- In the Password box, type the specified password, and then click Sign in.
- Click the appropriate virtual desktop, and then click Connect.
- Verify that the virtual desktop opens without error.