Recently I was faced with a problem at one of our clients' Remote Desktop Licensing Services not starting up in services.msc.
The error received when trying to start up the service through the Services snap in, was not efficient in trouble shooting the issue.
To troubleshoot this issue effectively, please take the following steps:
- Open Server Manager
- Expand Roles and click on Remote Desktop Services.
- You should see an error in the events of this role.
Go through the errors and see if you spot the following error:
The Remote Desktop Licensing service cannot start. The following error occurred: Can't initialize Cryptographic - error code 5.
After going through numerous articles on how to solve this to no avail, I decided to look deeper into the issue.
This issue is being caused by the RSA cryptographic files loosing their permissions, thus locking out the licensing manager and disabling it naturally.
To solve this issue, open up Run on your server and insert the following path:
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
Please verify if all permissions on these files are set correctly. On Server 2008, you should see a little "lock" symbol over the files if the permissions are set incorrectly. Please ensure the following permissions are set:
System: Full Control
Administrator: Full Control
Domain Admins: Full Control
Network Service: Full Control
After these permissions have been set successfully, try and start the RD Licensing Service now, which should solve your problem.
If you are still having issues, go one folder back up and verify that the other folder as well has the correct permissions.
I hope that this has been informative to you as I spent quite some time on this one and hope to save you some time.
Yours Truly,
Sakkie
Dare to Dream.
You are the BEST!! This resolved my issue!!
ReplyDeleteAwesome! Glad I could help!
DeleteEXCELLENT! All other articles were fruitless, this one solved my issue. Thank you Sir! :-)
ReplyDeleteThis saved my bacon today. Had issues with RD Licensing and couldn't find the answer anywhere, thanks very much!
ReplyDeleteWorks like magic :)
ReplyDeleteThank a lot!
ReplyDeleteWorks.... If you can not apply the permission, take the ownership of the directory and add Network Services, give the Full Control.
ReplyDeleteWoohoo! Thank you so much. I had this issue on Windows Server 2016. Added Network Service with Full Control and it worked!!
ReplyDeleteThanks for the post. I used your info into an icacls command in cmd (run as administrator):
ReplyDeleteicacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" /grant "NT AUTHORITY\NetworkService":(OI)(CI)(F)
bless you sir! Was struggling with the above individually as there were soooo many keys... but this cmd was perfect! one file was wrong, and it corrected it - and terminal server works!
DeleteTwo words: Thank you!
ReplyDeleteAwesome and Great Resolution. My Team was struggling since last two days but no luck. I found this URL and apply this fix and it works. Thank you so much!
ReplyDeleteThank you! Had this happen twice to a customer of ours.
ReplyDeleteExcelente, funciona a la perfección , muchÃsimas gracias Brother !!
ReplyDeleteThis worked for Server 2012 R2 in 2021 so this is still applicable. Worked like a champ.
ReplyDeleteThank you SO MUCH for this post! This ended up being the issue, after days worth of searching for a resolution!
ReplyDeleteYou are my god! THANK YOU XDD
ReplyDeleteThank you, I'm not sure what caused this issue, but your solution to it works well.
ReplyDelete