Old HP thin clients cannot connect to Windows 2008 R2 RDS server

rdsterminal-serverthin-clientwindows-server-2008-r2

I'm in the middle of a migration from an old virtualized Windows 2003 Terminal Server to a 2008 R2 RDS host. The environment is a mix of several generations of HP thin clients, as well as some Axel hardware terminals.

The first batch of users migrated well, but as we encountered people with older HP devices, we discovered that some simply could not connect to the Windows 2008 R2 server.

One device type is Linux-based. HP thinconnect… and RDP sessions initiated to the new terminal server disconnect immediately. That issue has been traced back to the Linux rdesktop capabilities.
The other device type, of which there are many in the environment, is the HP T5510 Thin Client. It runs Windows CE 4. New connections to the terminal server result in:

Because of a security error, the client could not connect to the
terminal server

Connecting to the old Windows 2003 server works fine. So this is specific to the HP Thin Client interaction. Network Level Authentication (NLA) is disabled.

Any tips on resolving this?

Will new thin clients need to be purchased?

Best Answer

I fear that you may be having a problem with "licensing". I saw something similar with a couple Wyse thin clients but rather than troubleshoot the issue the Customer just opted to replace the hardware (because they only had two of the devices).

This long thread on social.technet.microsoft.com is filled with users having a similar experience. The users there seem to have tied the problems to activating the license server. Their devices worked properly before the grace period expired.

There's a disheartening statement in that thread: "The official word from Microsoft is 2008R2 RDS does not support clients below 6.0. Microsoft support did not offer any further assistance other than to go to the thin client vendor." That's pretty disappointing if it's true.

There's also a proposed solution that involves deleting some registry values from under the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM" registry key that some reported success with. I'm pasting it here, slightly edited, for reference, but the credit goes to EricWy:

Open Remote Desktop Licensing Manager
Right-click your Licensing Server name select Properties.
Change Connection Method to 'Web Browser'
Go back to the Licensing Server, right click your server. Select `Advanced / Reactivate Server'
Reactive server via the given Wizard + web browser
Delete the following registry values below the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM (the values will be re-created automatically when you reboot):Certificate, X509 Certificate, X509 Certificate ID, X509 Certificate2
Reboot

Related Solutions

Thin-Client to connect and use virtual-machines on a server

There's really a few different was you can go about doing this. You can either for a full blown VDI solution (such as VMware View) or just create the handful of VMs and connect remotely.

If you want a Thin Client that can connect to both Linux and Windows, there's tons of devices, such as HP and Wyse. Look for devices that support XDMCP.

PXE bootable image for terminal server

Get Software Assurance licensing for the 300 PCs, install Windows Thin PC. Use GPO to configure:

Windows Firewall
Certificates (To install your Code Signing Cert)
RDP Pass-Through Authentication.
I like to also configure the Remote Registry service to Auto Start (Delayed), makes some maintenance easier.

Set the users shell to a script in the netlogon folder:

Set shell = CreateObject("WScript.Shell")
shell.Run "mstsc.exe /multimon \\yourdomain\netlogon\term_serv.rdp", 1, true
shell.Run "logoff"

You may want to configure some other basic security stuff, like not caching credentials locally. Configuring the Write Filter is a good idea too (then WinTPC doesn't need AV and can't save a virus). Don't forget to sign the RDP file with rdpsign.

We use both old PCs and HP ThinClients to run the above configuration.

Terminal Server licensing is necessary, and unfortunately a barred topic here as the specifics for each businesses are unique, you really need to contact a MS Reseller who can walk you through the process (TS CALs cost about $100/user last I looked; IIRC per-device licensing was slightly more).

Running a Terminal Server Farm for 300 clients isn't exactly trivial. Depending on your needs it can be quite a bit cheaper than buying 300 new desktops (on a 3-4 year averaged basis); or in the wrong situations can cost several times more (really depends on how similar your desktop configurations are, and how much CPU/RAM/GPU each user requires - in general lower requirements fit TS/VDI better than high requirements).

WinPE is licensed strictly for Installation and Maintenance only. While mstsc.exe can be grafted into it, you're not allowed to use it for "production" purposes. Also, the difficulty in installing drivers, changing most settings (like monitor resolution), and the lack of WiFi or graphics acceleration support (particularly RemoteFX features) makes it a pain the work within.

Best Answer

Related Solutions

Thin-Client to connect and use virtual-machines on a server

PXE bootable image for terminal server

Related Topic