Event ID 1067 — Terminal Server Connections

Updated: January 5, 2012

Applies To: Windows Server 2008

red

Users can connect to a terminal server to run programs, save files, and use network resources on that server. When a user disconnects from a session, all processes running in the session, including applications, will continue to run on the terminal server.

The user logon mode on the terminal server can be configured to prevent new user sessions from being created on the terminal server. You might want to prevent new user sessions from being created on the terminal server when you are planning to take the terminal server offline for maintenance or to install new applications.

Event Details

Product: Windows Operating System
ID: 1067
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Version: 6.0
Symbolic Name: EVENT_TS_REGISTERING_SPN_FAILED
Message: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: %1.

Resolve

Register the Service Principal Name for the terminal server

To resolve this issue, manually register the Service Principal Name (SPN) for the terminal server.

Note:  Terminal Services attempts to register the SPN every time the computer is started. To register the SPN, the terminal server must be able to contact an Active Directory domain controller. If the SPN is not registered, Kerberos authentication will not be available for client connections. NTLM authentication can be used if it has not been disallowed by the administrator.

To perform this procedure, you must have membership in the Domain Admins group in the domain, or you must have been delegated the appropriate authority.

To register the SPN:

  1. On the terminal server, open a Command Prompt window. To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type setspn -A host ServicePrincipalName (where host is the name of the terminal server and ServicePrincipal Name is the SPN to register), and then press ENTER.

    For example, to register the SPN for Server1, type the following at the command prompt: setspn -A TERMSERV/Server1 Server1

Note:  After you have successfully registered the SPN, you might see that Event ID 1067 is still being logged, stating that the terminal server cannot register the SPN. You can ignore Event ID 1067 in those cases.

Verify

To verify that connections to the terminal server are working properly, establish a remote session with the terminal server.

Related Management Information

Terminal Server Connections

Terminal Services

Community Additions

ADD
Show: