none
How to log as admin after RDS grace period expires?

    Question

  • I have a remote machine with Windows Server 2008 R2, on which I installed the RDS Host Services. I was installing the CALs a few days ago, but unfortunately the grace period expired before I finished the process. I had 5 CALs on hand and needed to purchase another 5 CALs for the rest of the users.

    Now I cannot access the server anymore. I tried to login as Administrator using "mstsc /admin", but it doesn't work. I have access to the filesystem of the server, because I can mount it on another system. But I cannot login thru the Remote Desktop Connection. And I don't have physical access to the server.

    How can I login and finish the RDS License setup? Or what should I change on the filesystem so I can reboot the machine, login and finish the RDS setup?

    Thanks.
    Saturday, February 02, 2013 12:21 AM

Answers

  • Hi,

    I had the default firewall settings that came with the AWS W2K8R2 Dataserver edition AMI, so I imagine that the event log is not accessible remotely by default. Besides, the machine sits outside my network, and the tools I have seen so far for remote event log access seem to require having the client machine on the same network. Furthermore, there is an external firewall around the machine which opens only the RDP port currently. What is the port required for remote event log auditing?

    In any case, this issue had many moving parts:

    - the expired grace period kills RDC client for mac, as there is a bug currently that does not renew the local certificate when a RDS license is changed remotely. I found a thread here with a link to version 2.1.2 of the client, but the official website only provides  2.1.1 which has this bug on OSX10.7.

    - I moved my AWS W2K8R2 machine from one availability zone to the other, and it seems that the password retrieval tool stopped working... that is the password it was giving me was incorrect

    In the end I used a virtual machine with Win7 in order to log with "mstsc /admin". I then tried all the previous admin passwords this machine has had... and the original admin password that was set on this machine in its previous availability zone was the one that worked. With that, I could log in and apply 10 additional licenses I just purchased. I still don't know why the password tool on ec2 is now out of sync with the server, but the licensing issue per say is resolved.

    S


    • Marked as answer by Seb2012 Monday, February 04, 2013 7:51 PM
    • Edited by Seb2012 Monday, February 04, 2013 7:53 PM
    Monday, February 04, 2013 7:51 PM

All replies

  • Hi,

    You should be able to connect using the /admin connection even if the grace period has expired.

    What is the precise error message you receive and/or the incorrect behavior you see when you attempt to connect to this server using Remote Desktop?

    Have you checked the event log for errors/warnings?  You should be able to access the event log remotely if the firewall permits it.

    -TP

    Saturday, February 02, 2013 6:48 AM
    Moderator
  • Hi,

    I had the default firewall settings that came with the AWS W2K8R2 Dataserver edition AMI, so I imagine that the event log is not accessible remotely by default. Besides, the machine sits outside my network, and the tools I have seen so far for remote event log access seem to require having the client machine on the same network. Furthermore, there is an external firewall around the machine which opens only the RDP port currently. What is the port required for remote event log auditing?

    In any case, this issue had many moving parts:

    - the expired grace period kills RDC client for mac, as there is a bug currently that does not renew the local certificate when a RDS license is changed remotely. I found a thread here with a link to version 2.1.2 of the client, but the official website only provides  2.1.1 which has this bug on OSX10.7.

    - I moved my AWS W2K8R2 machine from one availability zone to the other, and it seems that the password retrieval tool stopped working... that is the password it was giving me was incorrect

    In the end I used a virtual machine with Win7 in order to log with "mstsc /admin". I then tried all the previous admin passwords this machine has had... and the original admin password that was set on this machine in its previous availability zone was the one that worked. With that, I could log in and apply 10 additional licenses I just purchased. I still don't know why the password tool on ec2 is now out of sync with the server, but the licensing issue per say is resolved.

    S


    • Marked as answer by Seb2012 Monday, February 04, 2013 7:51 PM
    • Edited by Seb2012 Monday, February 04, 2013 7:53 PM
    Monday, February 04, 2013 7:51 PM