Terminal Server License Server

 <  Day Day Up  >  

Windows Server 2003 Terminal Server Licensing supports Terminal Servers on Windows 2000 servers as well as Windows Server 2003. Terminal Server Licensing is a component of Standard Edition, Enterprise Edition, and Datacenter Editions of Windows Server 2003.

Clients that run Windows 2000 Professional or its successor OSs, such as Windows XP, can draw licenses from a built-in pool of license tokens when connecting to a Windows 2000 Terminal Server. However, there is no such built-in pool for Windows Server 2003 Terminal Server connections. All clients that establish Terminal Server sessions on a Windows Server 2003 Terminal Server must have a Windows Server 2003 TS CAL. The types of licenses for connecting to Windows Server 2003 Terminal Servers are

  • Windows Server 2003 Terminal Server Device CAL

  • Windows Server 2003 Terminal Server User CAL

  • Windows Server 2003 Terminal Server External Connector

These licenses allow unlimited connections to a Windows Server 2003 Terminal Server by external users.

The licenses for connecting to Windows 2000 Terminal Servers are

  • Windows 2000 Terminal Services CAL

  • Windows 2000 Terminal Services Internet Connector Licenses

The Internet Connector licenses allow up to 200 simultaneous anonymous connections to a Terminal Server running Windows 2000 by nonemployees across the Internet.

Terminal Server Licensing on Windows Server 2003 can manage licenses for both Windows Server 2003 and Windows 2000 license servers. However, Windows 2000 Terminal Server license servers cannot manage licenses for Windows Server 2003 Terminal Servers.

note

Windows 2000 License Servers cannot manage licenses for Windows Server 2003 Terminal Servers. A Windows Server 2003 Terminal Server license server is required.


The licensing service can be installed on a Windows Server 2003 workgroup-based server, a member server, or a DC. Remote Desktop for Administration does not use Terminal Server Licensing.

Licensing Mode

Windows Server 2003 supports two licensing modes: Per Device and Per User. In Per Device mode, license tokens are assigned by device. In Per User mode, license tokens are assigned to each user. If you want to use a combination of User, Device, and External Connector licenses on a single Terminal Server, you should configure the server in Per User mode.

A Terminal Server running Windows 2000 that is upgraded to Windows Server 2003 is placed in Per Device mode. If the Windows 2000 Terminal Server is running in Internet Connector mode, then the server is placed in Per User mode.

Windows 2000 License Server Upgrade

When you upgrade a Windows 2000 license server to Windows Server 2003, the license database is preserved. However, you might need to reactivate the license server using the Terminal Server Licensing tool. With Windows Server 2003, the license server can be installed on a member server.

note

You might need to reactivate license servers upgraded to Windows Server 2003.


Initial Client Connection

The first time a client connects to a Windows Server 2003, he or she will be limited by a temporary license. After the user completes a successful logon, the Terminal Server instructs the license server to mark the issued temporary token as validated .

note

Clients receive temporary licenses the first time they connect to a Windows Server 2003 Terminal Server.


The next time the user connects to a Terminal Server in Per Device mode from this device, the Terminal Server requests a Windows Server 2003 TS Device CAL token for this device. If TS Device CAL tokens are available in the license server's pool, a token is removed from the pool and it is issued and pushed to the device. The license server also logs the device name , the username of the device, and the date the token is issued.

If a client obtains a Per Device license from a license server that can no longer be contacted, the temporary license continues to exist on the client until it expires , at which point the new license server issues it a permanent license. This behavior is expected to change in a future release of Windows Server 2003 so that a temporary license, which was obtained from the old license server, will be upgraded to permanent upon soft-expiry so that the "temporary-license- expired " pop-up message wouldn't appear as long as the new license server has permanent CALs.

tip

Temporary License Expired pop-up messages might appear in some situations even when permanent licenses are available. This behavior should be changed in future releases of Windows Server 2003.


Per Device Distribution

In Per Device mode, the client tries to connect to a Terminal Server and the Terminal Server checks to see whether the client has a client license token. The tokens are stored in the Registry at HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing .

If a token is found, then the client connects to the server. If the client does not have a license token, then the Terminal Server contacts the license server from its list of discovered license servers. If a license server responds, the Terminal Server requests a temporary token because this is the first time this client has connected. This temporary token is passed to the client by the Terminal Server and, after the client logs on successfully, the Terminal Server notifies the license server that the temporary license can be marked as valid. The next time this device tries to connect to a Terminal Server in Per Device mode, the Terminal Server requests a Windows Server 2003 TS Device CAL token for this device. If TS Device CAL tokens are available, the license server removes one token from the available pool; marks it as issued to the device; logs the device name, the username of the device, and the date issued; and then sends this TS Device CAL token to the device. If the license server has no TS Device CAL tokens, it looks for other license servers in its domain, workgroup, or site. Windows Server 2003 license servers maintain lists of other license servers and whether they have license tokens available. If no TS Device CAL tokens are available, the device connects using the temporary token. Temporary device tokens expire after 90 days, whereas TS Device CALs are considered perpetual licenses, and expire 52 to 89 days from the date they are issued. License renewal is attempted by the Terminal Server 7 days prior to expiration. This allows recovery of TS Device CAL tokens that have been lost as a result of hardware failure or OS reinstallation.

Per User Distribution

Windows Server 2003 Terminal Server license server will install Per User CAL tokens; however, there is currently no method of assigning this token to a particular user account. Windows Server 2003 currently has no method of managing User CALS. However, if the server is configured for User CALS, failure to have a User CAL for each user is a violation of the End User Licensing Agreement (EULA).

External Connector

Neither Terminal Server Licensing nor the Microsoft Clearinghouse supports the External Connector. Configure your Terminal Server in Per User mode if you are using External Connector licenses.

Prevent License Upgrade Policy

This policy applies only to Device CALS. If enabled, when a Windows 2000 Terminal Server requests a license and no Windows 2000 TS CAL tokens are available, a temporary CAL is issued if the client has not already been issued a temporary CAL. If the client has been issued a temporary CAL previously, then the client is refused connection unless the Terminal Server is within its grace period.

By default, this setting, located in Group Policy at Computer Configuration/ Administrative Templates/Windows Components/Terminal Services/Licensing , allows a license server to supply a Windows Server 2003 Family Device TS CAL token, if available, to a Terminal Server running Windows 2000 if there are no Windows 2000 TS CAL tokens available.

License Server Security Group Policy

This setting is located at Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Licensing and can be used to control which Terminal Servers are issued Per Device licenses. By default, a license is issued to any server that requests a license. In some settings, you might want to limit which servers use your CALS, perhaps limiting your CALS to a single department.

If this policy is set to Enabled , the Terminal Server license server grants licenses only to computers whose computer accounts are placed in the Terminal Services Computers local group. If the license server is a DC, this group is a domain local group. This group is empty by default.

An efficient way to manage Terminal Server computer accounts is to create a global group containing the accounts of all Terminal Servers that must receive licenses. You can then place this global group into the local (or domain local) Terminal Services Computers group. You can add a computer account to a group using the Computer Management snap-in. Go to the properties page of the group and click Add. In the dialog box, click Object Types, and then check Computers.

Management Tools

The Terminal Server Licensing tool is the central administrative tool and is installed by default. It can be used to administer all discoverable license servers from a single location. Some of the functions of this tool are

  • Activating the license server

  • Installing license tokens

  • Viewing license availability details

  • Deactivating a license server

Many of the activities in the preceding list are related to communication with the Microsoft Clearinghouse. The centralized management capabilities of this tool simplify the process by allowing a single, Internet-connected site to provide these services for an enterprise.

tip

Windows 2000 Server Terminal Server licenses might appear as CAL Token (Per Device) or "Windows 2000 Terminal Services Client Access License" depending on the method used to activate and install the client license key pack on the server. Refer to Microsoft KB article 818023, "Licenses Are Listed As Either "Windows 2000 Server-Terminal Services CAL Token (Per Device)" or "Windows 2000 Terminal Services Client Access License" in the Terminal Server Licensing Tool," http://support.microsoft.com/default.aspx?scid=kb;en-us;818023 .


Resource Kit Utilities

Several tools are available in the Windows Server 2003 Resource Kit to support Terminal Services functions:

  • LSREPORT.EXE : The Terminal Server License Reporting tool is a command-line utility that outputs the information from the license server's database into a tab-delimited text file. The updated tool now reports the client hardware ID, which can be used to track licenses issued to particular client devices.

  • TSTCST.EXE : The Terminal Server Client License Test tool is a command-line utility that can display details about the license token residing on a client device. Use the /A switch to display additional information.

  • LSVIEW.EXE : The Terminal Server License Server Viewer tool is a Graphical User Interface (GUI)-based utility that displays the name and type of each license server that it discovers. An option is available that creates a log file with advanced diagnostic information about the discovery process.

  • APPSEC : This tool is used to restrict nonadministrative users' execution access to a limited set of authorized programs. Use this in conjunction with Group Policy to disable and hide restricted programs (Windows 2000 Server RK.)

  • Terminal Server Capacity Planning Tools : This suite of tools assists organizations with Terminal Services capacity planning. Included is a server-client load simulator that consists of two parts : RoboServer (Robosrv.exe) and RoboClient (Robocli.exe). The kit also includes two related test tools, SmClient (Smclient.exe) and QueryIdle (Qidle.exe). Terminal Server Capacity Planning Tools Overview (Tscpt.doc) and Terminal Server Simulated Client (Smclient.doc) provide detailed descriptions of these tools and how to use them.

  • WINSTA : This is a server GUI that monitors the status of all users logged onto Terminal Services client sessions (Windows 2000 Server RK).

 <  Day Day Up  >  


Windows Server 2003 on Proliants. Deployment Techniques and Management Tools for System Administrators
Windows Server 2003 on Proliants. Deployment Techniques and Management Tools for System Administrators
ISBN: B004C77T6A
EAN: N/A
Year: 2004
Pages: 214

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net