Do not edit the file in System32 directly. Copy it to your Desktop or C:\temp:
copy C:\Windows\System32\termsrv.dll C:\temp\
Open PowerShell as Admin and run:
Get-ItemProperty "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion" | Select-Object CurrentBuild, UBR
Example output: CurrentBuild: 14393, UBR: 4704 (Windows Server 2016 RTM is 14393.0).
The patch must match your exact build.
Before touching the system file, create a backup copy.
For IT administrators, developers, and tech enthusiasts who manage Windows Server 2016 machines, one limitation stands out as a persistent thorn in the side: the stringent two concurrent Remote Desktop Protocol (RDP) session limit.
Windows Server 2016, by default, allows only two simultaneous administrative remote connections. This is by design—Microsoft intends this for light server management, not for multi-user access scenarios. However, in lab environments, development servers, legacy application hosting, or even small businesses on a budget, the need for more than two concurrent users arises frequently.
Enter the termsrv.dll patch—a community-driven, unofficial modification that has been a rite of passage for Windows Server administrators for generations (from Windows 2000 to Windows Server 2019). This article provides an exhaustive, technical, and practical guide to applying the termsrv.dll patch on Windows Server 2016, including what it is, how it works, step-by-step instructions, risks, alternatives, and post-patch management.
termsrv.dll (Terminal Services DLL) is a critical system file located in C:\Windows\System32\. It manages RDP session handling, licensing validation, and concurrent connection logic. Every time a user connects via RDP, termsrv.dll checks:
By default, Windows Server 2016 allows only two concurrent administrative sessions (for remote management) without RDS roles installed. Any third user receives the infamous error:
"The remote session was disconnected because there are no Remote Desktop License Servers available."
The termsrv.dll patch modifies specific byte patterns inside the DLL to bypass this license check.
Q: Does the termsrv.dll patch work on Windows Server 2016 Core?
A: No – Server Core has no GUI RDP support. The patch is irrelevant. termsrv.dll patch windows server 2016
Q: Will the patch survive a feature update (e.g., 1607 to 1709)?
A: No. Feature updates replace the entire system image. You must reapply.
Q: Can I use this with RDS roles installed?
A: Not recommended. Conflicting license checks will cause RDS broker errors.
Q: How many concurrent sessions are possible?
A: Theoretically unlimited, limited only by RAM and CPU. Realistically 10-20 sessions before performance degrades.
Q: Does Windows Defender flag the patched DLL as malware?
A: Yes – it may detect as “HackTool:Win32/Patcher”. Exclude the file or restore from quarantine.
Last updated: October 2025 – Verified with Windows Server 2016 OS Build 14393.7336.
Reply 1 or 2.
Patching the termsrv.dll file in Windows Server 2016 is a technique used by administrators to bypass the default limit of two concurrent remote sessions for administrative tasks. While Windows Server editions are designed for multi-session use, standard installations require the Remote Desktop Services (RDS) role and paid Client Access Licenses (CALs) to support more than two simultaneous users. Understanding the termsrv.dll Patch
The termsrv.dll file is the primary library for Remote Desktop Services in Windows. In non-server versions of Windows (like Windows 10 or 11), it restricts access to a single user. In Windows Server 2016, it natively allows two sessions. Patching involves using a HEX editor or a script to modify specific byte sequences in this file to remove these hard-coded session limits. How to Patch termsrv.dll for Windows Server 2016
Patching termsrv.dll is a common but unofficial method used to enable multiple concurrent Remote Desktop (RDP) sessions on Windows Server 2016 without requiring a Remote Desktop Services (RDS) license. 🛠️ Purpose of the Patch
By default, Windows Server allows only two concurrent administrative RDP sessions. To support more users simultaneously, Microsoft requires the RDS role and Client Access Licenses (CALs). The patch modifies the system library to: Bypass the hard-coded session limit.
Allow multiple users to log in using the same or different accounts. Enable "Concurrent Sessions" on non-RDS deployments. ⚠️ Critical Risks and Warnings
Before proceeding, understand that this is a workaround, not a supported feature. Do not edit the file in System32 directly
Licensing Compliance: Using this patch in a production environment violates Microsoft’s Licensing Terms.
System Stability: Modifying termsrv.dll can cause "Blue Screen of Death" (BSOD) errors or prevent the RDP service from starting.
Windows Updates: Microsoft often replaces termsrv.dll during monthly updates, which will break the patch and require a re-apply. 📋 Pre-Requisites
Full Backup: Create a system restore point or backup the original termsrv.dll located in C:\Windows\System32\.
Take Ownership: You must grant your user account "Full Control" permissions over the file to replace it.
Stop Services: The "Remote Desktop Services" service must be stopped before editing the file. ⚙️ Implementation Methods 1. Manual Hex Editing
Advanced users use hex editors to find specific byte sequences in the DLL and replace them. Common targets for Windows Server 2016 include: Search for: 39 81 3C 06 00 00 0F 84 XX XX XX XX
Replace with: B8 00 01 00 00 89 81 3C 06 00 00 90(Note: Hex patterns change based on the specific Windows Build/Version number.) 2. RDP Wrapper Library The most popular tool is the RDPWrap Project on GitHub.
It works as a layer between the Service Control Manager and the TermService. It does not modify the actual termsrv.dll file on disk.
It uses an .ini file to provide the correct offsets for different Windows builds. 3. Automated Scripts
Various community scripts (PowerShell or Batch) exist to automate the taking of ownership, stopping services, and applying hex changes. 🔍 Verification
After applying the patch and restarting the "Remote Desktop Services," you can verify the status by: Attempting a third concurrent login. Example output: CurrentBuild: 14393 , UBR: 4704 (Windows
Using tasklist /fo list /fi "services eq TermService" to ensure the service is running.
Checking the Event Viewer (System logs) for RDP-related errors. If you'd like to move forward, tell me:
What is your specific Windows Build Number? (Run winver to find out). Is this for a lab environment or a production server? Do you prefer a manual method or an automated tool?
I can provide the specific hex offsets or scripts tailored to your exact version.
termsrv.dll on Windows Server 2016 is a common method for enabling multiple concurrent Remote Desktop (RDP) sessions, a feature typically restricted by Microsoft's licensing model. This practice involves modifying the system's binary file to bypass session limits. Core Concept: The termsrv.dll Patch termsrv.dll file, located in C:\Windows\System32
, is the main library responsible for managing Remote Desktop Services. By default, Windows Server 2016 allows only two concurrent sessions for administrative purposes. To exceed this without official Remote Desktop Services (RDS) licensing, the file's hex code is modified to trick the system into allowing more users. Microsoft Learn Methods for Patching Manual Hex Editing : This involves finding a specific byte sequence (e.g., 39 81 3C 06 00 00 ) within the DLL using a tool like
and replacing it with a sequence that ignores the session check. RDP Wrapper Library : An open-source tool, RDP Wrapper
, acts as a layer between the Service Control Manager and Remote Desktop Services. It loads the DLL with the necessary patches without permanently modifying the file on disk. Automated Scripts : PowerShell scripts like TermsrvPatcher
automate the backup, ownership change, and patching process for various Windows versions, including Server 2016. Key Technical Insights qwerity/windows10_multiuser_session - GitHub
termsrv.dll on Windows Server 2016 is primarily done to enable concurrent RDP sessions on systems where the feature is restricted or to bypass local session limits without a full Remote Desktop Services (RDS) deployment. Methods for Patching/Enabling Multiple Sessions stascorp/rdpwrap: RDP Wrapper Library - GitHub
Open an elevated Command Prompt:
net stop TermService /y
net stop UmRdpService /y