The server failed to retrieve the SID of Session BRoker

[Kristin L. Griffin]

Hi Folks,

I have a weird issue.
Even through the session broker server says my terminal servers joined ok,
the terminal server system logs say differently. I get this message:

The server failed to retrieve the security identifier (SID) of the TS
Session Broker server.
Win32 error code: 0x534.

All terminal services connections go to only one server - they are not
dispersed.

Here are some network details and things I have ruled out:

This is a Win2k8 environment.
I have a farm of terminal servers (obviously)
This is a completely virtual server environment, using HyperV
I am not having network, dhcp, dns issues. Everything is running fine in
that respect.

I have:
Gotten rid of NLB and went back to round robin DNS
reinstalled session broker
rebooted all machines
cleared dns cache on all machines
checked pings and connectivity to each machine
ruled out network firewall by removing it (even thoug
no firewall is turned on on any servers.

TS Team, any ideas here?

Thanks,

Kristin

 

[Kristin L. Griffin]

RE: The server failed to retrieve the SID of Session BRoker

More info:

Moving a terminal server into a workgroup and back into the domain did not
help.
Uninstalling SB on one server and installing it on another did not help.
Changing the farm name; adding the terminal servers to another farm did not
help
Changing from using GPO to TS Configuration settings did not help.

"Kristin L. Griffin" wrote:

> Hi Folks,
>
> I have a weird issue.
> Even through the session broker server says my terminal servers joined ok,
> the terminal server system logs say differently. I get this message:
>
> The server failed to retrieve the security identifier (SID) of the TS
> Session Broker server.
> Win32 error code: 0x534.
>
> All terminal services connections go to only one server - they are not
> dispersed.
>
> Here are some network details and things I have ruled out:
>
> This is a Win2k8 environment.
> I have a farm of terminal servers (obviously)
> This is a completely virtual server environment, using HyperV
> I am not having network, dhcp, dns issues. Everything is running fine in
> that respect.
>
> I have:
> Gotten rid of NLB and went back to round robin DNS
> reinstalled session broker
> rebooted all machines
> cleared dns cache on all machines
> checked pings and connectivity to each machine
> ruled out network firewall by removing it (even thoug
> no firewall is turned on on any servers.
>
> TS Team, any ideas here?
>
> Thanks,
>
> Kristin
>

 

[Jeff Pitsch]

Re: The server failed to retrieve the SID of Session BRoker

How did you install the server? If it was from an image did you sysprep
that image? I've had problems with Win2k8 and SID's when the image wasn't
sysprepped correctly. Win2k8 has a much, much smaller tolerance for bad
SIDs.

--
Jeff Pitsch
Microsoft MVP - Terminal Services

"Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote in
message news:9B67BD16-7AAA-4867-ABB2-346E749552B8@microsoft.com...
> More info:
>
> Moving a terminal server into a workgroup and back into the domain did not
> help.
> Uninstalling SB on one server and installing it on another did not help.
> Changing the farm name; adding the terminal servers to another farm did
> not
> help
> Changing from using GPO to TS Configuration settings did not help.
>
> "Kristin L. Griffin" wrote:
>
>> Hi Folks,
>>
>> I have a weird issue.
>> Even through the session broker server says my terminal servers joined
>> ok,
>> the terminal server system logs say differently. I get this message:
>>
>> The server failed to retrieve the security identifier (SID) of the TS
>> Session Broker server.
>> Win32 error code: 0x534.
>>
>> All terminal services connections go to only one server - they are not
>> dispersed.
>>
>> Here are some network details and things I have ruled out:
>>
>> This is a Win2k8 environment.
>> I have a farm of terminal servers (obviously)
>> This is a completely virtual server environment, using HyperV
>> I am not having network, dhcp, dns issues. Everything is running fine in
>> that respect.
>>
>> I have:
>> Gotten rid of NLB and went back to round robin DNS
>> reinstalled session broker
>> rebooted all machines
>> cleared dns cache on all machines
>> checked pings and connectivity to each machine
>> ruled out network firewall by removing it (even thoug
>> no firewall is turned on on any servers.
>>
>> TS Team, any ideas here?
>>
>> Thanks,
>>
>> Kristin
>>

 

[Kristin L. Griffin]

Re: The server failed to retrieve the SID of Session BRoker

I used an image, but I also used NewSID 4.1. I have not had any problems
until now (and I have been running like this for over 8 months). I can try
to reSID the servers and drop them back in to the domain....

The only other thing I can tell you is this started right when we remote
controlled a ts session and somehoe looped it and crashed the terminal server
(a behavior which I can reproduce...)

Very very strange....I am reverting my images now, and will also try
reSIDing. Will let you know how it goes if I get this working again.

Thanks for your input,

Kris

"Jeff Pitsch" wrote:

> How did you install the server? If it was from an image did you sysprep
> that image? I've had problems with Win2k8 and SID's when the image wasn't
> sysprepped correctly. Win2k8 has a much, much smaller tolerance for bad
> SIDs.
>
> --
> Jeff Pitsch
> Microsoft MVP - Terminal Services
>
> "Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote in
> message news:9B67BD16-7AAA-4867-ABB2-346E749552B8@microsoft.com...
> > More info:
> >
> > Moving a terminal server into a workgroup and back into the domain did not
> > help.
> > Uninstalling SB on one server and installing it on another did not help.
> > Changing the farm name; adding the terminal servers to another farm did
> > not
> > help
> > Changing from using GPO to TS Configuration settings did not help.
> >
> > "Kristin L. Griffin" wrote:
> >
> >> Hi Folks,
> >>
> >> I have a weird issue.
> >> Even through the session broker server says my terminal servers joined
> >> ok,
> >> the terminal server system logs say differently. I get this message:
> >>
> >> The server failed to retrieve the security identifier (SID) of the TS
> >> Session Broker server.
> >> Win32 error code: 0x534.
> >>
> >> All terminal services connections go to only one server - they are not
> >> dispersed.
> >>
> >> Here are some network details and things I have ruled out:
> >>
> >> This is a Win2k8 environment.
> >> I have a farm of terminal servers (obviously)
> >> This is a completely virtual server environment, using HyperV
> >> I am not having network, dhcp, dns issues. Everything is running fine in
> >> that respect.
> >>
> >> I have:
> >> Gotten rid of NLB and went back to round robin DNS
> >> reinstalled session broker
> >> rebooted all machines
> >> cleared dns cache on all machines
> >> checked pings and connectivity to each machine
> >> ruled out network firewall by removing it (even thoug
> >> no firewall is turned on on any servers.
> >>
> >> TS Team, any ideas here?
> >>
> >> Thanks,
> >>
> >> Kristin
> >>
>
>
>

 

[Jeff Pitsch]

Re: The server failed to retrieve the SID of Session BRoker

All I can say is that this exact same problem (or close enough) happened
when it wasn't sysprepped. I would sysprep if I were you. I've had
absolutely no problems since I've started using my base syspreppred image.

--
Jeff Pitsch
Microsoft MVP - Terminal Services

"Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote in
message news:B2C96422-CB4E-4423-8893-E0146260D1A2@microsoft.com...
>I used an image, but I also used NewSID 4.1. I have not had any problems
> until now (and I have been running like this for over 8 months). I can
> try
> to reSID the servers and drop them back in to the domain....
>
> The only other thing I can tell you is this started right when we remote
> controlled a ts session and somehoe looped it and crashed the terminal
> server
> (a behavior which I can reproduce...)
>
> Very very strange....I am reverting my images now, and will also try
> reSIDing. Will let you know how it goes if I get this working again.
>
> Thanks for your input,
>
> Kris
>
> "Jeff Pitsch" wrote:
>
>> How did you install the server? If it was from an image did you sysprep
>> that image? I've had problems with Win2k8 and SID's when the image
>> wasn't
>> sysprepped correctly. Win2k8 has a much, much smaller tolerance for bad
>> SIDs.
>>
>> --
>> Jeff Pitsch
>> Microsoft MVP - Terminal Services
>>
>> "Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote in
>> message news:9B67BD16-7AAA-4867-ABB2-346E749552B8@microsoft.com...
>> > More info:
>> >
>> > Moving a terminal server into a workgroup and back into the domain did
>> > not
>> > help.
>> > Uninstalling SB on one server and installing it on another did not
>> > help.
>> > Changing the farm name; adding the terminal servers to another farm did
>> > not
>> > help
>> > Changing from using GPO to TS Configuration settings did not help.
>> >
>> > "Kristin L. Griffin" wrote:
>> >
>> >> Hi Folks,
>> >>
>> >> I have a weird issue.
>> >> Even through the session broker server says my terminal servers joined
>> >> ok,
>> >> the terminal server system logs say differently. I get this message:
>> >>
>> >> The server failed to retrieve the security identifier (SID) of the TS
>> >> Session Broker server.
>> >> Win32 error code: 0x534.
>> >>
>> >> All terminal services connections go to only one server - they are not
>> >> dispersed.
>> >>
>> >> Here are some network details and things I have ruled out:
>> >>
>> >> This is a Win2k8 environment.
>> >> I have a farm of terminal servers (obviously)
>> >> This is a completely virtual server environment, using HyperV
>> >> I am not having network, dhcp, dns issues. Everything is running fine
>> >> in
>> >> that respect.
>> >>
>> >> I have:
>> >> Gotten rid of NLB and went back to round robin DNS
>> >> reinstalled session broker
>> >> rebooted all machines
>> >> cleared dns cache on all machines
>> >> checked pings and connectivity to each machine
>> >> ruled out network firewall by removing it (even thoug
>> >> no firewall is turned on on any servers.
>> >>
>> >> TS Team, any ideas here?
>> >>
>> >> Thanks,
>> >>
>> >> Kristin
>> >>
>>
>>
>>

 

[Kristin L. Griffin]

Re: The server failed to retrieve the SID of Session BRoker

I reSid old images of the terminal server, and redropped them in to the
environment as new servers (new SIds, names, newly added to domain, new NICs,
and IPs). This did not work. I will try sysprepping them but my hunch is
this will not help.

Wil let you know. BTW, did you get this exact error?

Log Name: System
Source: Microsoft-Windows-TerminalServices-SessionBroker-Client
Date: 8/26/2008 10:20:46 AM
Event ID: 1014
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: BAKER.ash.com
Description:
The server failed to retrieve the security identifier (SID) of the TS
Session Broker server.
Win32 error code: 0x534.

"Jeff Pitsch" wrote:

> All I can say is that this exact same problem (or close enough) happened
> when it wasn't sysprepped. I would sysprep if I were you. I've had
> absolutely no problems since I've started using my base syspreppred image.
>
> --
> Jeff Pitsch
> Microsoft MVP - Terminal Services
>
> "Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote in
> message news:B2C96422-CB4E-4423-8893-E0146260D1A2@microsoft.com...
> >I used an image, but I also used NewSID 4.1. I have not had any problems
> > until now (and I have been running like this for over 8 months). I can
> > try
> > to reSID the servers and drop them back in to the domain....
> >
> > The only other thing I can tell you is this started right when we remote
> > controlled a ts session and somehoe looped it and crashed the terminal
> > server
> > (a behavior which I can reproduce...)
> >
> > Very very strange....I am reverting my images now, and will also try
> > reSIDing. Will let you know how it goes if I get this working again.
> >
> > Thanks for your input,
> >
> > Kris
> >
> > "Jeff Pitsch" wrote:
> >
> >> How did you install the server? If it was from an image did you sysprep
> >> that image? I've had problems with Win2k8 and SID's when the image
> >> wasn't
> >> sysprepped correctly. Win2k8 has a much, much smaller tolerance for bad
> >> SIDs.
> >>
> >> --
> >> Jeff Pitsch
> >> Microsoft MVP - Terminal Services
> >>
> >> "Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote in
> >> message news:9B67BD16-7AAA-4867-ABB2-346E749552B8@microsoft.com...
> >> > More info:
> >> >
> >> > Moving a terminal server into a workgroup and back into the domain did
> >> > not
> >> > help.
> >> > Uninstalling SB on one server and installing it on another did not
> >> > help.
> >> > Changing the farm name; adding the terminal servers to another farm did
> >> > not
> >> > help
> >> > Changing from using GPO to TS Configuration settings did not help.
> >> >
> >> > "Kristin L. Griffin" wrote:
> >> >
> >> >> Hi Folks,
> >> >>
> >> >> I have a weird issue.
> >> >> Even through the session broker server says my terminal servers joined
> >> >> ok,
> >> >> the terminal server system logs say differently. I get this message:
> >> >>
> >> >> The server failed to retrieve the security identifier (SID) of the TS
> >> >> Session Broker server.
> >> >> Win32 error code: 0x534.
> >> >>
> >> >> All terminal services connections go to only one server - they are not
> >> >> dispersed.
> >> >>
> >> >> Here are some network details and things I have ruled out:
> >> >>
> >> >> This is a Win2k8 environment.
> >> >> I have a farm of terminal servers (obviously)
> >> >> This is a completely virtual server environment, using HyperV
> >> >> I am not having network, dhcp, dns issues. Everything is running fine
> >> >> in
> >> >> that respect.
> >> >>
> >> >> I have:
> >> >> Gotten rid of NLB and went back to round robin DNS
> >> >> reinstalled session broker
> >> >> rebooted all machines
> >> >> cleared dns cache on all machines
> >> >> checked pings and connectivity to each machine
> >> >> ruled out network firewall by removing it (even thoug
> >> >> no firewall is turned on on any servers.
> >> >>
> >> >> TS Team, any ideas here?
> >> >>
> >> >> Thanks,
> >> >>
> >> >> Kristin
> >> >>
> >>
> >>
> >>
>
>
>

 

[Jeff Pitsch]

Re: The server failed to retrieve the SID of Session BRoker

Yes I did. Here is a decent starting point for automating some of the
sysprep work:
http://briandesmond.com/blog/archive/2008/03/22/how-to-sysprep-in-windows-2008.aspx

--
Jeff Pitsch
Microsoft MVP - Terminal Services

"Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote in
message news:CD2FB91A-3679-498B-A8E6-6B008880F8D2@microsoft.com...
>I reSid old images of the terminal server, and redropped them in to the
> environment as new servers (new SIds, names, newly added to domain, new
> NICs,
> and IPs). This did not work. I will try sysprepping them but my hunch is
> this will not help.
>
> Wil let you know. BTW, did you get this exact error?
>
> Log Name: System
> Source: Microsoft-Windows-TerminalServices-SessionBroker-Client
> Date: 8/26/2008 10:20:46 AM
> Event ID: 1014
> Task Category: None
> Level: Warning
> Keywords: Classic
> User: N/A
> Computer: BAKER.ash.com
> Description:
> The server failed to retrieve the security identifier (SID) of the TS
> Session Broker server.
> Win32 error code: 0x534.
>
> "Jeff Pitsch" wrote:
>
>> All I can say is that this exact same problem (or close enough) happened
>> when it wasn't sysprepped. I would sysprep if I were you. I've had
>> absolutely no problems since I've started using my base syspreppred
>> image.
>>
>> --
>> Jeff Pitsch
>> Microsoft MVP - Terminal Services
>>
>> "Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote in
>> message news:B2C96422-CB4E-4423-8893-E0146260D1A2@microsoft.com...
>> >I used an image, but I also used NewSID 4.1. I have not had any
>> >problems
>> > until now (and I have been running like this for over 8 months). I can
>> > try
>> > to reSID the servers and drop them back in to the domain....
>> >
>> > The only other thing I can tell you is this started right when we
>> > remote
>> > controlled a ts session and somehoe looped it and crashed the terminal
>> > server
>> > (a behavior which I can reproduce...)
>> >
>> > Very very strange....I am reverting my images now, and will also try
>> > reSIDing. Will let you know how it goes if I get this working again.
>> >
>> >
>> > Thanks for your input,
>> >
>> > Kris
>> >
>> > "Jeff Pitsch" wrote:
>> >
>> >> How did you install the server? If it was from an image did you
>> >> sysprep
>> >> that image? I've had problems with Win2k8 and SID's when the image
>> >> wasn't
>> >> sysprepped correctly. Win2k8 has a much, much smaller tolerance for
>> >> bad
>> >> SIDs.
>> >>
>> >> --
>> >> Jeff Pitsch
>> >> Microsoft MVP - Terminal Services
>> >>
>> >> "Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote
>> >> in
>> >> message news:9B67BD16-7AAA-4867-ABB2-346E749552B8@microsoft.com...
>> >> > More info:
>> >> >
>> >> > Moving a terminal server into a workgroup and back into the domain
>> >> > did
>> >> > not
>> >> > help.
>> >> > Uninstalling SB on one server and installing it on another did not
>> >> > help.
>> >> > Changing the farm name; adding the terminal servers to another farm
>> >> > did
>> >> > not
>> >> > help
>> >> > Changing from using GPO to TS Configuration settings did not help.
>> >> >
>> >> > "Kristin L. Griffin" wrote:
>> >> >
>> >> >> Hi Folks,
>> >> >>
>> >> >> I have a weird issue.
>> >> >> Even through the session broker server says my terminal servers
>> >> >> joined
>> >> >> ok,
>> >> >> the terminal server system logs say differently. I get this
>> >> >> message:
>> >> >>
>> >> >> The server failed to retrieve the security identifier (SID) of the
>> >> >> TS
>> >> >> Session Broker server.
>> >> >> Win32 error code: 0x534.
>> >> >>
>> >> >> All terminal services connections go to only one server - they are
>> >> >> not
>> >> >> dispersed.
>> >> >>
>> >> >> Here are some network details and things I have ruled out:
>> >> >>
>> >> >> This is a Win2k8 environment.
>> >> >> I have a farm of terminal servers (obviously)
>> >> >> This is a completely virtual server environment, using HyperV
>> >> >> I am not having network, dhcp, dns issues. Everything is running
>> >> >> fine
>> >> >> in
>> >> >> that respect.
>> >> >>
>> >> >> I have:
>> >> >> Gotten rid of NLB and went back to round robin DNS
>> >> >> reinstalled session broker
>> >> >> rebooted all machines
>> >> >> cleared dns cache on all machines
>> >> >> checked pings and connectivity to each machine
>> >> >> ruled out network firewall by removing it (even thoug
>> >> >> no firewall is turned on on any servers.
>> >> >>
>> >> >> TS Team, any ideas here?
>> >> >>
>> >> >> Thanks,
>> >> >>
>> >> >> Kristin
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>

 

[Thorsten]

Re: The server failed to retrieve the SID of Session BRoker

I started to get the absolute same error about a few weeks ago.

My configuration isn't very complex, just two terminal servers load balanced
by a single session broker that is TS licensing server at the same time.
However, neither of the servers was installed using a image.

One of our servers (the one producing the above mentioned error) denies
logons now (a user can type in his creds and hit logon, the server then goes
on presenting the "Welcome" screen but closes the session afterwards).
As soon as i remove this server from the session broker farm, logons work
correctly.

I already checked DNS lookups and network connectivity of all three servers
but can't find any issues. In addition the other terminal server seems to act
normally although member of the session broker farm.

Greets
Thorsten

"Ole Thomsen" wrote:

> I see the Session Broker SID error multiple times every day on all servers
> in our farm, and sessions are distributed fine.
>
> Don't think that is the reason for your problem.
>
> Ole Thomsen
>
>
> "Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote in
> message news:13DE6307-C7A9-4381-B7F5-4577BE6584E4@microsoft.com...
> > Hi Folks,
> >
> > I have a weird issue.
> > Even through the session broker server says my terminal servers joined ok,
> > the terminal server system logs say differently. I get this message:
> >
> > The server failed to retrieve the security identifier (SID) of the TS
> > Session Broker server.
> > Win32 error code: 0x534.
> >
> > All terminal services connections go to only one server - they are not
> > dispersed.
> >
> > Here are some network details and things I have ruled out:
> >
> > This is a Win2k8 environment.
> > I have a farm of terminal servers (obviously)
> > This is a completely virtual server environment, using HyperV
> > I am not having network, dhcp, dns issues. Everything is running fine in
> > that respect.
> >
> > I have:
> > Gotten rid of NLB and went back to round robin DNS
> > reinstalled session broker
> > rebooted all machines
> > cleared dns cache on all machines
> > checked pings and connectivity to each machine
> > ruled out network firewall by removing it (even thoug
> > no firewall is turned on on any servers.
> >
> > TS Team, any ideas here?
> >
> > Thanks,
> >
> > Kristin
> >
>