- Remove From My Forums
-
Question
-
I have a single Server 2012 R2 running RDS. RD Clients can connect and work. This is a clean install and has been running for about 1 month.
However I have experienced the following error 2 days in a row and found the following in the Microsoft-Windows-TerminalServices-SessionBroker Logs with event id 2056, which occurs each time just before the service hangs:
The Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database.
Pooled virtual desktop collection name: NULL
Error: Logon to the database failed.When this happens ALL remote sessions hang and eventually disconnect. All works again after restarting the server.
The server is in the connection broker list.
Anyone know why this is happening and how to fix it?
-
Edited by
Wednesday, August 26, 2015 12:48 PM
-
Edited by
Answers
-
Auto update is enabled on server so I presume all KB’s are installed.
The error occurred again this week. I noticed that the DNS setting on the server interface was not pointing to a DNS that would resolve the local machine name. Instead it was pointing to a public DNS which did not resolve this server name. I’ve fixed the
DNS so lets wait and see if that might have been an issue.On a previous occasion one of the admins accidentally changed the server MAC address in the NIC settings which caused the same crash.
-
Proposed as answer by
TP []MVP
Tuesday, September 8, 2015 8:13 AM -
Marked as answer by
Amy Wang_
Tuesday, September 8, 2015 9:54 AM
-
Proposed as answer by
Hi,
I have RDS enabled on Win 2016 R2 Datcenter. I have 2 servers, one runs every role and the other is only RDSH. Everything was working fine, but the server started logging these events in the event log:
Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
Event ID: 103
The Remote Desktop Gateway service does not have sufficient permissions to access the Secure Sockets Layer (SSL) certificate that is required to accept connections. To resolve this issue, bind (map) a valid SSL
certificate by using RD Gateway Manager. For more information, see «Obtain a certificate for the RD Gateway server» in the RD Gateway Help. The following error occurred: «2148073494».
This is strange because the certificate is not expired and it was working fine, so there is nothing wrong with ther certificate.
The second event which is logged is:
Log Name: Microsoft-Windows-TerminalServices-SessionBroker/Operational
Event ID: 2056
Task Category: RD Connection Broker Database Plugin
Level: Error
User: NETWORK SERVICE
Description:
The Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database.
Pooled virtual desktop collection name: NULL
Error: Logon to the database failed.
I added the RDS server to «Windows Authorization Access Group» as suggested by some folks but it did not help.
- Ahmir
- Comments Off on Why is asymmetric encryption recommended to use 2056 bit keys or larger?
- November 3, 2022
Why is asymmetric encryption recommended to use 2056 bit keys or larger?
The event log shows TerminalServices-SessionBroker Error 2056 “The Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database.” This error shows up before and after re-adding the TS back to the domain. After re-adding it I don’t see the error cropping back up besides once right away.
Updated June 2023: Stop error messages and fix your computer problem with this tool. Get it now at this link
- Download and install the software.
- It will scan your computer for problems.
- The tool will then fix the issues that were found.
Asymmetric encryption is more secure when someone uses larger keys (like a 2048-bit key). This is because it requires more encryption processes and two separate keys than two identical copies of the same key.
How do I program my ISX 2056 Remote?
1) Turn on the device, 2) Press the button of the device (TV, DVD, etc.), 3) Press and hold SETUP (LED blinks twice), 4) Press 9-9-1 (LED blinks twice), 5) Determine device type: 1 press for TV Press 2 for DVD/VCR Press 3 for audio
What is Section 2056 of the Internal Revenue Code?
Section 2056(a) provides that the value of taxable property, unless reduced under section 2056(b), is determined by deducting from the value of the outrageous property an amount equal to the present value of all shares in equivalent property that pass from the decedent to the surviving spouse. .
Why is asymmetric encryption recommended to use 2056 bit keys or larger?
Asymmetric encryption shield is more secure if you use a larger key (for example, a 2048-bit key). This is because information technology involves the use of more scalable encryption processes and two keys per side rather than two identical copies attached to one key.
How do I program my ISX 2056 Remote?
1) Turn on the device, 2) Press the device (TV button, DVD, etc.), 3) Press and hold SETUP (LED blinks twice), 4) Press 9-9-1 (LED blinks twice), 5) Assign device type: Press 1 for TV Press 2 for DVD/VCR Press 3 for audio
Updated: June 2023
Are you grappling with persistent PC problems? We have a solution for you. Introducing our all-in-one Windows utility software designed to diagnose and address various computer issues. This software not only helps you rectify existing problems but also safeguards your system from potential threats such as malware and hardware failures, while significantly enhancing the overall performance of your device.
- Step 1 : Install PC Repair & Optimizer Tool (Windows 10, 8, 7, XP, Vista).
- Step 2 : Click Start Scan to find out what issues are causing PC problems.
- Step 3 : Click on Repair All to correct all issues.
What is Section 2056 of the Internal Revenue Code?
Section 2056(a) provides that, except as prohibited by section 2056(b), the value of a person’s taxable property is determined by deducting from the value of all property an amount equal to the value of all transferred shares of that house. the surviving spouse can be the testator.
TB-TK-TERMINAL1 2056 Error Microsoft-Windows-TerminalServices-SessionBroker Microsoft-Windows-TerminalServices-SessionBroker/Operational 02/06/2018 10:53:33 RD Connection Broker server failed to enumerate destination type for provider, mission named NULL Database.
Description: It’s hard to find a description for event ID 2056 from the Microsoft-Windows-TerminalServices-SessionBroker source. Either the component that improves this event is not installed locally on your machine, or the project is corrupted. In addition, you can install the repair component on the city computer.
This event is typically logged when the Terminal Services Session Broker service refuses to execute a remote procedure call (RPC) from an unauthorized computer. To work around this issue, add the private computer account for the terminal server to the local Session Directory Computers category on the Internet Terminal Services session broker computer.
RECOMMENATION: Click here for help with Windows errors.
I’m Ahmir, a freelance writer and editor who specializes in technology and business. My work has been featured on many of the most popular tech blogs and websites for more than 10 years. Efficient-soft.com is where I regularly contribute to my writings about the latest tech trends. Apart from my writing, I am also a certified project manager professional (PMP).
Обновлено 10.07.2020
Добрый день! Уважаемые читатели и гости одного из крупнейших IT порталов по системному администрированию Pyatilistnik.org. В прошлый раз мы с вами распространяли на доменные компьютеры компании библиотеку vcruntime140.dll, средствами групповой политики. Сегодня я хочу рассмотреть еще одну проблему с которой вы можете столкнуться в ходе своей работы, это проблема подключения к RDS ферме. На данном сервере появилась ошибка «The Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database».
Описание ситуации
Начали поступать жалобы на подключение к удаленному рабочему столу на базе Windows Server 2016. Пользователи были разные, у кого-то компьютеры на базе Windows 10, кто-то использовал MacOS. Ошибки были такого плана:
We couldn’t connect to the remote PC. Make sure the PC is turned on and connected to the network, and that remote access is enabled. If this keeps happening, contact your network administrator for assistance. Error code: 0X7
Или до более знакомую ошибку в Windows, которую я уже решал в двух статьях:
-
Не удается подключиться к удаленному компьютеру с Windows Server 2008 R2
- Не удается подключиться к удаленному компьютеру с Windows Server 2012 R2
This computer can’t connect to the remote computer. Try connecting again. If the promlem continues, contact the owner of the remote computer or your network administrator.
Как устранять данную проблему
Как я и писал выше, методы описанные с статьях про ошибку с подключением мне не помогли, поэтому я как и любой системный администратор стал искать ошибки в журналах. Хочу еще немного описать свой виртуальный сервер, на нем установлена Windows Server 2016 и локально поднята стандартная установка Remote Desktop Services, все роли несет на себе данный хост. Напоминаю, что логи Windows можно смотреть через «Просмотр событий» или же использовать для этого веб-инструмент Windows Admin Center. Где смотреть логи RDS сервера я рассказывал, меня заинтересовал журнал «Microsoft-Windows-TerminalServices-SessionBroker/Operational«. В нем я обнаружил два интересных события:
Ошибка с кодом ID 2056: The Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database. Pooled virtual desktop collection name: NULL. Error: Logon to the database failed.
Так же вы можете еще обнаружить событие ID 770:
Ошибка ID 770: RD Connection Broker failed while adding Target server name.
Farm Name = CRM.
Error: Invalid pointer
Явно видно, что с нашим брокером, что-то не так и он не может воспользоваться своей локальной базой подключений. Изучив данный вопрос с ошибками ID 770 и ID 2056, есть несколько вариантов решения.
- Первое, что я вам советую, это перезагрузить сервер, как ни странно это может помочь в большинстве случаев и будет гораздо быстрее, нежели вы будите заниматься траблшутингом. Если у вас есть активные сеансы на данном RDS сервере, то переведите его в режим стока и оповестите пользователей, о предстоящих работах, чтобы они смогли сохранить все свои данные.
- Если перезагрузка не помогла, то как советуют на одном обсуждении Microsoft, вам необходимо добавить ваш сервер в определенную группу Active Directory.
Ветка обсуждения — https://social.technet.microsoft.com/Forums/Azure/en-US/aef50c99-0f0e-4da2-bc4c-d5435692cb8b/server-2012-rds-remote-desktop-connection-broker-client-failed-to-redirect-the-user?forum=winserver8gen или https://support.microsoft.com/en-us/help/331951/some-applications-and-apis-require-access-to-authorization-information
Откройте оснастку «Active Directory — Пользователи и компьютеры» и перейдите в раздел Bultin и найдите группу «Группа авторизации доступа Windows (Windows Authorization Access Group)». Откройте ее свойства и в членах группы, добавьте ваш сервер.
- Если это не помогло, то с большой вероятностью у вас повредилась локальная база подключений RDCB. Открыть ее можно с помощью инструмента Server Management Studio. В качестве адреса подключения нужно использовать.
\.pipeMICROSOFT##WIDtsqlquery
Удостоверьтесь, что у локальной учетной записи nt authoritynetwork service есть права на базу (sysadmin). На этом у меня все, мы успешно восстановили работу RDS сервера, решили ошибку «The Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database», короче мир спасен. С вами был Иван Семин, автор и создатель IT портала Pyatilistnik.org.
| title | description | services | documentationcenter | author | manager | tags | ms.service | ms.subservice | ms.topic | ms.workload | ms.collection | ms.tgt_pltfrm | ms.devlang | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Troubleshoot Azure VM RDP connection issues by Event ID |
Use event IDs to troubleshoot various issues that prevent a Remote Desktop protocol (RDP) connection to an Azure Virtual Machine (VM). |
virtual-machines-windows |
Deland-Han |
dcscontentpm |
virtual-machines |
vm-cannot-connect |
troubleshooting |
infrastructure-services |
windows |
vm-windows |
azurecli |
11/01/2018 |
delhan |
Troubleshoot Azure VM RDP connection issues by Event ID
This article explains how to use event IDs to troubleshoot issues that prevent a Remote Desktop protocol (RDP) connection to an Azure Virtual Machine (VM).
Symptoms
You try to use a Remote Desktop protocol (RDP) session to connect to an Azure VM. After you input your credentials, the connection fails, and you receive the following error message:
This computer can’t connect to the remote computer. Try connecting again, if the problem continues, contact the owner of the remote computer or your network administrator.
To troubleshoot this issue, review the event logs on the VM, and then refer to the following scenarios.
Before you troubleshoot
Create a backup snapshot
To create a backup snapshot, follow the steps in Snapshot a disk.
Connect to the VM remotely
To connect to the VM remotely, use one of the methods in How to use remote tools to troubleshoot Azure VM issues.
Scenario 1
Event logs
In a CMD instance, run the following commands to check whether event 1058 or event 1057 is logged in the System log within the past 24 hours:
wevtutil qe system /c:1 /f:text /q:"Event[System[Provider[@Name='Microsoft-Windows-TerminalServices-RemoteConnectionManager'] and EventID=1058 and TimeCreated[timediff(@SystemTime) <= 86400000]]]" | more wevtutil qe system /c:1 /f:text /q:"Event[System[Provider[@Name='Microsoft-Windows-TerminalServices-RemoteConnectionManager'] and EventID=1057 and TimeCreated[timediff(@SystemTime) <= 86400000]]]" | more
Log Name: System
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date: time
Event ID: 1058
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: computer
Description:
The RD Session Host Server has failed to replace the expired self signed certificate used for RD Session Host Server authentication on TLS connections. The relevant status code was Access is denied.
Log Name: System
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date: time
Event ID: 1058
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: computer
Description:
RD Session host server has failed to create a new self-signed certificate to be used for RD Session host server authentication on TLS connections, the relevant status code was object already exists.
Log Name: System
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date: time
Event ID: 1057
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: computer
Description:
The RD Session Host Server has failed to create a new self signed certificate to be used for RD Session Host Server authentication on TLS connections. The relevant status code was Keyset does not exist
You can also check for SCHANNEL error events 36872 and 36870 by running the following commands:
wevtutil qe system /c:1 /f:text /q:"Event[System[Provider[@Name='Schannel'] and EventID=36870 and TimeCreated[timediff(@SystemTime) <= 86400000]]]" | more wevtutil qe system /c:1 /f:text /q:"Event[System[Provider[@Name='Schannel'] and EventID=36872 and TimeCreated[timediff(@SystemTime) <= 86400000]]]" | more
Log Name: System
Source: Schannel
Date: —
Event ID: 36870
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: computer
Description: A fatal error occurred when attempting to access the TLS server credential private key. The error code returned from the cryptographic module is 0x8009030D.
The internal error state is 10001.
Cause
This issue occurs because the local RSA encryption keys in the MachineKeys folder on the VM can’t be accessed. This issue can occur for one of the following reasons:
-
Wrong permissions configuration on the Machinekeys folder or the RSA files.
-
Corrupted or missing RSA key.
Resolution
To troubleshoot this issue, you have to set up the correct permissions on the RDP Certificate by using these steps.
Grant permission to the MachineKeys folder
-
Create a script by using the following content:
remove-module psreadline icacls C:ProgramDataMicrosoftCryptoRSAMachineKeys /t /c > c:tempBeforeScript_permissions.txt takeown /f "C:ProgramDataMicrosoftCryptoRSAMachineKeys" /a /r icacls C:ProgramDataMicrosoftCryptoRSAMachineKeys /t /c /grant "NT AUTHORITYSystem:(F)" icacls C:ProgramDataMicrosoftCryptoRSAMachineKeys /t /c /grant "NT AUTHORITYNETWORK SERVICE:(R)" icacls C:ProgramDataMicrosoftCryptoRSAMachineKeys /t /c /grant "BUILTINAdministrators:(F)" icacls C:ProgramDataMicrosoftCryptoRSAMachineKeys /t /c > c:tempAfterScript_permissions.txt Restart-Service TermService -Force
-
Run this script to reset the permissions of the MachineKey folder and to reset the RSA files to the default values.
-
Try to access the VM again.
After running the script, you can check the following files that are experiencing permissions issues:
- c:tempBeforeScript_permissions.txt
- c:tempAfterScript_permissions.txt
Renew RDP self-signed certificate
If the issue persists, run the following script to make sure that the RDP self-signed certificate is renewed:
Import-Module PKI Set-Location Cert:LocalMachine $RdpCertThumbprint = 'Cert:LocalMachineRemote Desktop'+((Get-ChildItem -Path 'Cert:LocalMachineRemote Desktop').thumbprint) Remove-Item -Path $RdpCertThumbprint Stop-Service -Name "SessionEnv" Start-Service -Name "SessionEnv"
If you can’t renew the certificate, follow these steps to try to delete the certificate:
-
On another VM in the same VNET, open the Run box, type mmc, and then press OK.
-
On the File menu, select Add/Remove Snap-in.
-
In the Available snap-Ins list, select Certificates, and then select Add.
-
Select Computer account, and then select Next.
-
Select Another computer, and then add the IP address of the VM that has problems.
[!Note]
Try to use the internal network to avoid using a virtual IP address. -
Select Finish, and then select OK.
:::image type=»content» source=»media/event-id-troubleshoot-vm-rdp-connecton/select-computer.png» alt-text=»Screenshot of the Another computer option in the Select Computer dialog.»:::
-
Expand the certificates, go to the Remote DesktopCertificates folder, right-click the certificate, and then select Delete.
-
Restart the Remote Desktop Configuration service:
net stop SessionEnv net start SessionEnv
[!Note]
At this point, if you refresh the store from mmc, the certificate reappears.
Try to access the VM by using RDP again.
Update TLS/SSL certificate
If you set up the VM to use a TLS/SSL certificate, run the following command to get the thumbprint. Then check whether it’s the same as the certificate’s thumbprint:
reg query "HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v SSLCertificateSHA1Hash
If it isn’t, change the thumbprint:
reg add "HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v SSLCertificateSHA1Hash /t REG_BINARY /d <CERTIFICATE THUMBPRINT>
You can also try to delete the key so that the RDP uses the self-signed certificate for RDP:
reg delete "HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v SSLCertificateSHA1Hash
Scenario 2
Event log
In a CMD instance, run the following commands to check whether SCHANNEL error event 36871 is logged in the System log within the past 24 hours:
wevtutil qe system /c:1 /f:text /q:"Event[System[Provider[@Name='Schannel'] and EventID=36871 and TimeCreated[timediff(@SystemTime) <= 86400000]]]" | more
Log Name: System
Source: Schannel
Date: —
Event ID: 36871
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: computer
Description:
A fatal error occurred while creating a TLS server credential. The internal error state is 10013.
Cause
This issue is caused by security policies. When older versions of TLS (such as 1.0) are disabled, RDP access fails.
Resolution
RDP uses TLS 1.0 as the default protocol. However, the protocol might be changed to TLS 1.1, which is the new standard.
To troubleshoot this issue, see Troubleshoot authentication errors when you use RDP to connect to Azure VM.
Scenario 3
If you have installed the Remote Desktop Connection Broker role on the VM, check whether there’s event 2056 or event 1296 within the past 24 hours. In a CMD instance, run the following commands:
wevtutil qe system /c:1 /f:text /q:"Event[System[Provider[@Name=' Microsoft-Windows-TerminalServices-SessionBroker '] and EventID=2056 and TimeCreated[timediff(@SystemTime) <= 86400000]]]" | more wevtutil qe system /c:1 /f:text /q:"Event[System[Provider[@Name=' Microsoft-Windows-TerminalServices-SessionBroker-Client '] and EventID=1296 and TimeCreated[timediff(@SystemTime) <= 86400000]]]" | more
Log Name: Microsoft-Windows-TerminalServices-SessionBroker/Operational
Source: Microsoft-Windows-TerminalServices-SessionBroker
Date: time
Event ID: 2056
Task Category: (109)
Level: Error
Keywords:
User: NETWORK SERVICE
Computer: computer fqdn
Description:
The description for Event ID 2056 from source Microsoft-Windows-TerminalServices-SessionBroker cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
NULL
NULL
Logon to the database failed.
Log Name: Microsoft-Windows-TerminalServices-SessionBroker-Client/Operational
Source: Microsoft-Windows-TerminalServices-SessionBroker-Client
Date: time
Event ID: 1296
Task Category: (104)
Level: Error
Keywords:
User: NETWORK SERVICE
Computer: computer fqdn
Description:
The description for Event ID 1296 from source Microsoft-Windows-TerminalServices-SessionBroker-Client cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
text
text
Remote Desktop Connection Broker is not ready for RPC communication.
Cause
This issue occurs because the host name of the Remote Desktop Connection Broker server is changed, which is not a supported change.
The hostname has entries and dependencies on the Windows Internal Database, which is required by Remote Desktop Service farm in order to be able to work. Changing the hostname after the farm is already built causes many errors and can cause the broker server to stop working.
Resolution
To fix this issue, the Remote Desktop Connection Broker role and the Windows Internal Database must be reinstalled.
Next Steps
Schannel Events
Schannel SSP Technical Overview
RDP Fails with Event ID 1058 & Event 36870 with Remote Desktop Session Host Certificate & SSL Communication
Schannel 36872 or Schannel 36870 on a Domain Controller
Event ID 1058 — Remote Desktop Services Authentication and Encryption
[!INCLUDE Azure Help Support]