Troubleshooting Amazon RDS Access Issues After Windows Server License Grace Period

Overview

There is a grace period of 120 days during which Windows Server’s Remote Desktop Services (RDS) can function without requiring CALs or a Remote Desktop License Server. Standard RDP access, including for administrators, is restricted after this time, which causes serious access problems. This blog post explains how to use the mstsc /admin command to get around the license limitation, restore administrator access, and, if desired, reset the grace period in recovery or lab scenarios.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Introduction

When Remote Desktop Services (RDS) is installed on a Windows Server, Microsoft provides a 120-day grace period during which RDS can be used without a license server or Client Access Licenses (CALs). Once this grace period expires, standard Remote Desktop Protocol (RDP) sessions will be blocked. Even administrators may find themselves unable to log in through normal RDP methods. In this guide, we explain how to regain access using the /admin switch in MSTSC and reset the grace period if needed.

What Happens After the Grace Period Ends?

After the 120-day RDS grace period expires:

Users will see an error such as:

“The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license.”

Even administrator accounts will be blocked from initiating standard RDP sessions.

Solution: Open RDP Sessions with Administrative Rights Using MSTSC /admin

The /admin switch in the Remote Desktop Client (MSTSC) allows administrators to connect without consuming an RDS CAL. This is critical for regaining access when licensing has expired.

Step-by-Step Guide

Follow these instructions to execute the mstsc /admin command to launch an RDP session with administrative rights. This technique guarantees you complete control over the distant system to carry out necessary operations.

Launch the Run command
The Run dialog box can be accessed by pressing Windows + R on your keyboard.
Using this shortcut, you can quickly activate tools and run commands without going through menus.
Type the command MSTSC.

Enter the command mstsc /admin in the Run box.
In order to run the command, press Enter.
Remote Desktop is instructed to start a session with elevated administrative privileges by this action.

Specify the Server

In the interface for Remote Desktop Connection that displays:

In the “Computer” section, type the target server’s or computer’s name or IP address.

To view more sophisticated connection settings, click “Show Options.”

Enter your credentials

In the extended settings:

In the “User name” column, type your username. Verify that the target system grants administrative privileges to this user account.

Enter your login information in the following way for domain environments: DOMAIN\Username

To continue, click “Connect.”

Authenticate Your Session

A prompt asking for the password for the supplied username will show up.

Press OK after entering the password correctly and without typos.

Then, proceed to delete the grace period.

Troubleshooting Common Issues when Using MSTSC/Admin to Open an RDP Session

Here’s a detailed guide to troubleshoot and resolve common problems:

The issues with the connection
Concern: The remote system could not be connected to it.
Solutions:
- Check Remote Desktop Settings:

Make sure the destination machine has the Remote Desktop turned on.
Go to System > Remote Settings under Control Panel
Verify that the user account is authorized to connect by selecting Allow Remote Connections.
- Verify the configuration of the network:
Verify that the distant computer can be accessed across the network.
Verify that the client’s and server’s firewall settings allow access to port 3389, the default RDP port.
- Rules for Firewalls:
  1. Create a Windows Firewall exemption for RDP:
    Control Panel > Windows Defender Firewall > Configure Windows
  2. Defender Firewall to Permit an App or Feature
    Alternatively, set up the firewall so that port 3389 is open to inbound connections.
- Authentication Issues

Concerns: The login credentials are not accepted.

Solutions:

Verify Admin Privileges:

Verify that your account on the target system has administrative rights.

Format for a Domain Account:

Use the format DOMAIN\Username for domain environments.

Change the password again:

Use the Active Directory console or the system administrator to reset the password if you think there may be a problem.

Conclusion

When the 120-day RDS grace period expires, and standard RDP logins fail, using mstsc /admin is vital for regaining access. From there, you can address licensing, install CALs, or reset the grace period for testing. Always ensure you remain compliant with Microsoft licensing in production environments.

Drop a query if you have any questions regarding Remote Desktop Services and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

Accelerated cloud migration
End-to-end view of the cloud environment

Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

FAQs

1. What is mstsc/admin used for?

ANS: – It circumvents licensing checks during emergencies or administration by enabling administrators to connect to a Windows server without using a Remote Desktop Services CAL.

2. What is the maximum number of times I can reset the RDS grace period?

ANS: – Although resetting it frequently in laboratory settings is technically impossible, this is not a sustainable solution. The right license ought to be used.