Event ID 1016 — TS Session Broker Security Group Configuration
Applies To: Windows Server 2008
.jpg)
The Terminal Services Session Broker (TS Session Broker) server will not accept any connections from a terminal server whose computer account is not a member of the Session Directory Computers local group on the TS Session Broker server. By default, the Terminal Services Session Broker service creates the local group, but the group is initially empty.
Note: TS Session Broker was formerly called Terminal Services Session Directory.
Event Details
| Product: | Windows Operating System |
| ID: | 1016 |
| Source: | Microsoft-Windows-TerminalServices-SessionBroker |
| Version: | 6.0 |
| Symbolic Name: | EVENT_FAIL_RPC_DENY_ACCESS |
| Message: | The TS Session Broker service denied the remote procedure call (RPC) from an unauthorized computer %1. |
Resolve
Add the terminal server to the Session Directory Computers group
To resolve this issue, add the computer account for the terminal server to the Session Directory Computers local group on the TS Session Broker server.
Important: If the computer that was denied access is not part of a terminal server farm that is serviced by the TS Session Broker server where the condition was logged, no further action is required.
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To add the computer account for the terminal server to the Session Directory Computers local group:
- On the TS Session Broker server, open the Local Users and Groups snap-in. To open Local Users and Groups, click Start, click Run, type lusrmgr.msc, and then click OK.
- If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- In the left pane, click Groups.
- In the right pane, right-click the Session Directory Computers group, and then click Properties.
- Click Add.
- In the Select Users, Computers, or Groups dialog box, click Object Types.
- Select the Computers check box, and then click OK.
- Locate and then add the computer account for the terminal server that will use the TS Session Broker server.
- Click OK to close the Select Users, Computers, or Groups dialog box, and then click OK to close the Session Directory Computers Properties dialog box.
Verify
To verify that the Session Directory Computers local group on the TS Session Broker server is configured correctly, ensure both of the following:
- The Session Directory Computers local group exists on the TS Session Broker server.
- The computer accounts of the terminal servers that use the TS Session Broker server are members of the group.
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To check the configuration of the Session Directory Computers local group:
- On the TS Session Broker server, open the Local Users and Groups snap-in. To open Local Users and Groups, click Start, click Run, type lusrmgr.msc, and then click OK.
- If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- In the left pane, click Groups. Ensure that the Session Directory Computers group is listed.
- In the right pane, right-click the Session Directory Computers group, and then click Properties.
- Under Members, ensure that the computer accounts for all the terminal servers that use the TS Session Broker server are listed.