Windows Server 2008 Terminal Server Session Broker and Event ID 1014

I hit a problem recently where we were seeing this event in all the terminal servers in a session broker farm:

https://technet.microsoft.com/en-us/library/cc775303(WS.10).aspx

Event ID: 1014

Source: Microsoft-Windows-TerminalServices-SessionBroker-Client

Message:
The server failed to retrieve the security identifier (SID) of the TS Session Broker server.
Win32 error code: 0x534.

The error code (0x534 hex = 1332 decimal) relates to: “No mapping between account names and security IDs was done.”

In short, the name used in the GPO to assign the Session Broker server was not able to be translated into a SID. The computer account for the Session Broker server existed in AD and the right SPNs registered:

TERMSRV/shortname

TERMSRV/fqdn

The Terminal Servers were registered with the Session Broker server and sessions were indeed being re-directed. It was only the event being logged, which fired a SCOM 2007 alert which was a concern.

The name used in the GPO was an FQDN. It appeared that the name-to-sid lookup function was failing to translate the FQDN into shortname$ and locate the SID. This could be because a name with dots in it could have been assumed to be an IP address.

Regardless of the root cause, the fix was to shorten the name used in the GPO to be the short name of the Session Broker server.

You’ll need to make sure that every Terminal Server can resolve the short name of the Session Broker server. Use DNS Suffixes on the Terminal Servers or GlobalNames on the DNS server queried by the Terminal Servers.