Voiced by Amazon Polly |
Overview
There is a grace period of 120 days during which Windows Server’s Remote Desktop Services (RDS) can function without requiring CALs or a Remote Desktop License Server. Standard RDP access, including for administrators, is restricted after this time, which causes serious access problems. This blog post explains how to use the mstsc /admin command to get around the license limitation, restore administrator access, and, if desired, reset the grace period in recovery or lab scenarios.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Introduction
When Remote Desktop Services (RDS) is installed on a Windows Server, Microsoft provides a 120-day grace period during which RDS can be used without a license server or Client Access Licenses (CALs). Once this grace period expires, standard Remote Desktop Protocol (RDP) sessions will be blocked. Even administrators may find themselves unable to log in through normal RDP methods. In this guide, we explain how to regain access using the /admin switch in MSTSC and reset the grace period if needed.
What Happens After the Grace Period Ends?
After the 120-day RDS grace period expires:
- Users will see an error such as:
“The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license.”
- Even administrator accounts will be blocked from initiating standard RDP sessions.
Solution: Open RDP Sessions with Administrative Rights Using MSTSC /admin
The /admin switch in the Remote Desktop Client (MSTSC) allows administrators to connect without consuming an RDS CAL. This is critical for regaining access when licensing has expired.
Step-by-Step Guide
Follow these instructions to execute the mstsc /admin command to launch an RDP session with administrative rights. This technique guarantees you complete control over the distant system to carry out necessary operations.
- Launch the Run command
The Run dialog box can be accessed by pressing Windows + R on your keyboard.
Using this shortcut, you can quickly activate tools and run commands without going through menus. - Type the command MSTSC.
Enter the command mstsc /admin in the Run box.
In order to run the command, press Enter.
Remote Desktop is instructed to start a session with elevated administrative privileges by this action.
- Specify the Server
In the interface for Remote Desktop Connection that displays:
In the “Computer” section, type the target server’s or computer’s name or IP address.
To view more sophisticated connection settings, click “Show Options.”
- Enter your credentials
In the extended settings:
In the “User name” column, type your username. Verify that the target system grants administrative privileges to this user account.
Enter your login information in the following way for domain environments: DOMAIN\Username
To continue, click “Connect.”
- Authenticate Your Session
A prompt asking for the password for the supplied username will show up.
Press OK after entering the password correctly and without typos.
Then, proceed to delete the grace period.
Troubleshooting Common Issues when Using MSTSC/Admin to Open an RDP Session
Here’s a detailed guide to troubleshoot and resolve common problems:
- The issues with the connection
Concern: The remote system could not be connected to it.
Solutions:- Check Remote Desktop Settings:
- Make sure the destination machine has the Remote Desktop turned on.
Go to System > Remote Settings under Control Panel - Verify that the user account is authorized to connect by selecting Allow Remote Connections.
- Verify the configuration of the network:
- Verify that the distant computer can be accessed across the network.
- Verify that the client’s and server’s firewall settings allow access to port 3389, the default RDP port.
- Rules for Firewalls:
- Create a Windows Firewall exemption for RDP:
Control Panel > Windows Defender Firewall > Configure Windows - Defender Firewall to Permit an App or Feature
Alternatively, set up the firewall so that port 3389 is open to inbound connections.
- Create a Windows Firewall exemption for RDP:
- Authentication Issues
- Rules for Firewalls:
Concerns: The login credentials are not accepted.
Solutions:
- Verify Admin Privileges:
Verify that your account on the target system has administrative rights.
- Format for a Domain Account:
Use the format DOMAIN\Username for domain environments.
- Change the password again:
Use the Active Directory console or the system administrator to reset the password if you think there may be a problem.
Conclusion
Drop a query if you have any questions regarding Remote Desktop Services and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner, Amazon CloudFront Service Delivery Partner, Amazon OpenSearch Service Delivery Partner, AWS DMS Service Delivery Partner, AWS Systems Manager Service Delivery Partner, Amazon RDS Service Delivery Partner, AWS CloudFormation Service Delivery Partner and many more.
FAQs
1. What is mstsc/admin used for?
ANS: – It circumvents licensing checks during emergencies or administration by enabling administrators to connect to a Windows server without using a Remote Desktop Services CAL.
2. What is the maximum number of times I can reset the RDS grace period?
ANS: – Although resetting it frequently in laboratory settings is technically impossible, this is not a sustainable solution. The right license ought to be used.

WRITTEN BY Ritushree Dutta
Comments