RDS server manager 2016 - RD Connection Broker service denied the remote procedure call (RPC) from an unauthorized computer. RRS feed

  • Question

  • I am getting the above error from our server manager and as a result i am not able to see the users logged on or shadow them from the server manager. Logons are working fine. Server version is 2016  v1607. The enviroment is a single RD session host and another server running Connection broker, gateway, licensing and web access.

    What i have tried so far:

    Reboot both the terminal server and the connection broker

    Removin the terminal server from the collection and adding it again

    Checked licensing

    Checked DNS

    Only other solution i have found was trying this:

    But this is for 2008 servers and it is not possible to access the local users and groups since the connection broker is also functioning as DC for the location.

    Any suggestions?

    Monday, September 16, 2019 11:53 AM

All replies

  • Hi,


    1.When and where did the error message prompted? Are there any more errors could be found in event logs when issue occurred?


    2. For the error message you paste, same resolution found after internal research. But here is a workaround you may test to get list of users logged on and shadow them.


    Quoted the command from TP as below:

    First create a security group in your domain and add the users as members that you would like to have shadow permission. 

    Next log on to each 2012 R2 RDSH server, open an administrator command prompt, and enter the following command (substitute your domain and group name)


    wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\group",2


    The non-admin user can use the query session command to retrieve a list of logged-on users


    Reference link:


    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Tuesday, September 17, 2019 6:40 AM
  • 1. The error shows up in the server manager --> remote dekstop services --> server, under events when selecting the connection broker server, it is repeating every 30 seconds. I have looked through a lot of logs in the eventviewer and i am not able to find anything that seems related.

    2. User are able to log on, but they are just not showing up in the connections view when selecting the server collection.

    The solution you linked seem to refer to if you do not want the user to shadow other users to be administrator on the server. The account i am using is a domain administrator.

    Wednesday, September 18, 2019 7:05 AM
  • Hi,

    Thanks for the update. The steps provided are used for non-admin users to get shadow permission.


    If you are using administrator account, you could use query user or query session or Get-RDUserSession, then type in mstsc /shadow: session ID to view.


    Reference link:


    If you would like to troubleshoot further to figure out the cause or something more, you could try to contact Microsoft Customer Support and Services where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.


    You may find phone number for your region accordingly from the link below:

    Global Customer Service phone numbers



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Wednesday, September 18, 2019 8:15 AM