Log Name: System
Source: Microsoft-Windows-TerminalServices-Licensing
Event ID: 4105
Level: Warning
Description:
The Remote Desktop license server cannot update the license attributes for user "user" in the Active Directory Domain "domain.com". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in Active Directory domain "domain.com".If the license server is installed on a domain controller, the Network Service account also needs to be a member of the Terminal Server License Servers group.If the license server is installed on a domain controller, after you have added the appropriate accounts to the Terminal Server License Servers group, you must restart the Remote Desktop Licensing service to track or report the usage of RDS Per User CALs.Win32 error code: 0x80070005
This issue is caused by missing Terminal server attributes on Windows 2008 R2 Active Directory Domains. This issue can cause issues on Citrix logins.
Solution:
Run the following powershell script. The script MUST run on PowerShell 2.0 and with administrator permissions (right click on the powershell icon and select Run as Administrator. Modify the domain name in the script.
$URL = ldap://DC=mydomain,DC=com/;
cls
$root = New-Object DirectoryServices.DirectoryEntry
$URL$ds = New-Object DirectoryServices.DirectorySearcher
$ds.SearchRoot = $root
$ds.filter = "objectCategory=Person"
$src = $ds.findall()
write-host "Found" $src.count "user objects.`n"
$src %{
$de = $_.getdirectoryentry()
$accessrules = $de.get_objectsecurity().getaccessrules($true, $false,[System.Security.Principal.SecurityIdentifier]) ?{$_.ObjectType -eq "5805bc62-bdc9-4428-a5e2-856a0f4c185e"}
if ((measure-object -inputobject $accessrules).count -eq 0)
{
$ar = new-object System.DirectoryServices.ActiveDirectoryAccessRule([System.Security.Principal.SecurityIdentifier]"S-1-5-32-561", 48, "Allow", [guid]"5805bc62-bdc9-4428-a5e2-856a0f4c185e")
$de.get_objectsecurity().addaccessrule($ar)
$de.commitchanges()
write-host -f yellow ("Added:`t" + $de.properties["sAMAccountName"])
start-sleep -m 200
}
else
{
write-host -f green ("OK:`t" + $de.properties["sAMAccountName"])
}
}