Event ID 1020 — TS Session Broker Security Group Configuration

Updated: January 5, 2012

Applies To: Windows Server 2008

yellow

The Terminal Services Session Broker (TS Session Broker) server will not accept any connections from a terminal server whose computer account is not a member of the Session Directory Computers local group on the TS Session Broker server. By default, the Terminal Services Session Broker service creates the local group, but the group is initially empty.

Note:  TS Session Broker was formerly called Terminal Services Session Directory.

Event Details

Product: Windows Operating System
ID: 1020
Source: Microsoft-Windows-TerminalServices-SessionBroker
Version: 6.0
Symbolic Name: EVENT_SD_GROUP_EMPTY
Message: The %1 group is empty. For the Terminal Services Session Broker service to work correctly, you must add the computer accounts of terminal servers to this group.

Resolve

Populate the Session Directory Computers group

To resolve this issue, add the computer accounts for the terminal servers that will be members of the load-balanced terminal server farm to the Session Directory Computers local group on the TS Session Broker server.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To add computer accounts for terminal servers to the Session Directory Computers local group:

  1. On the TS Session Broker server, open the Local Users and Groups snap-in. To open Local Users and Groups, click Start, click Run, type lusrmgr.msc, and then click OK.
  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  3. In the left pane, click Groups.
  4. In the right pane, right-click the Session Directory Computers group, and then click Properties.
  5. Click Add.
  6. In the Select Users, Computers, or Groups dialog box, click Object Types.
  7. Select the Computers check box, and then click OK.
  8. Locate and then add the computer account for each terminal server that will use the TS Session Broker server.
  9. Click OK to close the Select Users, Computers, or Groups dialog box, and then click OK to close the Session Directory Computers Properties dialog box.

Verify

To verify that the Session Directory Computers local group on the TS Session Broker server is configured correctly, ensure both of the following:

  • The Session Directory Computers local group exists on the TS Session Broker server.
  • The computer accounts of the terminal servers that use the TS Session Broker server are members of the group.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To check the configuration of the Session Directory Computers local group:

  1. On the TS Session Broker server, open the Local Users and Groups snap-in. To open Local Users and Groups, click Start, click Run, type lusrmgr.msc, and then click OK.
  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  3. In the left pane, click Groups. Ensure that the Session Directory Computers group is listed.
  4. In the right pane, right-click the Session Directory Computers group, and then click Properties.
  5. Under Members, ensure that the computer accounts for all the terminal servers that use the TS Session Broker server are listed.

Related Management Information

TS Session Broker Security Group Configuration

Terminal Services

Community Additions

ADD
Show: