Changes to Windows 2008 terminal Server ... - TechNet Blogs

License Database FilesChanges to database files to Windows 2008Windows Server 2008 Windows Server 2003 Purposeedb.chk edb.chk This is a checkpoint file used to determine whichtransactions in the transaction log (edb.log) must stillbe committed to the licensing database. This file isupdated each time a transaction is committed to diskand is used to quickly recover the integrity of thelicensing database if the database was not shut downcorrectly.edb.log edb.log Current transaction log for the Terminal ServiceLicensing database (TLSLic.edb). This file will grow to 5MB in size, at which time it will be renamed toedbxxxxx.log, starting with edb00001.log andincrementing each time.edbres00001.jrsedbres00002.jrsres1.logres2.logReserve transaction log files that serve as a drive spaceplaceholder. There are two of these created, typically 5MB in size, and are only used in the event the drivehosting the transaction logs runs out of space. Thesefiles are used to facilitate a clean shutdown of thedatabase.In Windows Server 2003, these files were simplyres1.log and res2.log.edbtmp.log --- This is used as a template transaction log file, which isused when the edb.log file reaches 5 MB in size and isrenamed. While edb.log is being renamed, edbtmp.logbegins accumulating new transactions, and is thenrenamed to edb.log once the existing edb.log file hasbeen renamed.Once edbtmp.log is renamed to edb.log, a new emptyedbtmp.log file will be created. There was no WindowsServer 2003 equivalent.TLSLic.edb TLSLic.edb This is the actual Terminal Services Licensing databasefile.tmp.edb tmp.edb This is temporary workspace for processingtransactions.6 | P a g e

Windows 2008 Client Access License Support:Operating System Per-User CALWindows Server2008Windows Server2003Windows 2000ServerPer DeviceCALInternet/ExternalConnectorLicenseTemporaryCAL“Built-In” CALX X - X -X X X - -- X X - XGrace Period based on Operating System:The Length of the Grace Period is based on the operating system running on the TerminalServer.Operating system running on the terminal serverWindows Server 2008:Windows Server 2003 R2:Windows Server 2003:Windows 2000:Grace period120 days120 days120 days90 days7 | P a g e

Reviewing Configuration of Terminal License Server and Creating PerUser License Usage Report:To create a per user license usage report1. Open TS Licensing Manager (LicMgr.Exe)2. Right-click the license server name for which you want to generate the report, and thenselect the "Create Report" and "Per User CAL Usage …" options.8 | P a g e

Managing Reports using WMI Providers:Windows Server 2008 also provides support for managing Per User usage reports using WMIproviders. Now, an administrator can write a simple script to generate a usage report for agiven scope. Within the script, he can take further action based on the reports. For example, ifthe number of issued licenses exceeds the number of installed licenses, the script can send ane-mail to the administrator.Reports generated using WMI are displayed in the TS Licensing Manager, and reports deletedusing WMI are also deleted from the TS Licensing Manager.The following WMI classes are used to generate reports.Win32_TSLicenseReport:Windows Server 2008 has a WMI class named "Win32_TSLicenseReport" for managing per userlicense reports.This WMI class provides three different interfaces to manage reports:i. GenerateReport: This interface is used for generating per user license usage reports. Reportscan be generated across three different scopes as discussed above. This is a static function.The syntax of the API isuint32 GenerateReport ( [in] uint32 ScopeType,[in] string ScopeValue,[out] string FileName);WhereScopeType: Defines the scope for which the report needs to be generated1 -> Domain2 -> Organizational Unit (OU)3 -> All trusted DomainsScopeValue: This is used only when ScopeType is "Organizational Unit (OU)",It should contain the name of the OU for which you want to generate the report in the format"OU=OUName"9 | P a g e

Reviewing Configuration of Terminal License Server1. Any configuration problems on the Terminal Server side e.g.: Terminal Server runningout of grace period2. A list of License Servers that the Terminal Server will contact for licenses. This list willinclude both auto-discovered license servers as well as manually configured licenseservers3. For each License Server that the Terminal Server can contact,a. A list of configuration problems with the License Serverb. Type and number of CALs issued and available on the serverTotal number of available CALs the Terminal Server can get from the contactable LicenseServers.(Licensing Diagnosis: Problems and Resolution provided in the End of the Document)11 | P a g e

12 | P a g e

Improvements to License Manager:Improvements to the License Manager User Interface to easily spot configuration issuesWhen you are setting up a license server in the Domain or Forest mode, you could run intoconfiguration errors. Currently there is no easy way to find such errors. With the improvementswe have made to License Manager, you will be alerted in the License Manager UI if there areerrors in your configuration. In addition you will also be pointed to ways in which you canremedy this situation. Examples of configuration errors that the License Manager will help pointout are –a. The License Server is in the Forest mode but not published in Active Directory. Thismeans that the License Server will not be auto-discoverable.b. The License Server has a Group Policy set to “Restrict Access to specified TerminalServers”. However, the local group “Terminal Server Computers” is not present.c. The License Server is in Domain mode but not installed on a Domain Controller. Thismeans that the License Server will not be auto-discoverable.d. The License Server is not part of the “Terminal Server License Servers” group in ActiveDirectory. This would prevent per-user licensing from working.WMI Providers for Administration:With Windows 2008, we added support for WMI providers for Terminal Services Licensing. Withthe use of these WMI providers, administrators can now script tasks that were in the pastavailable only through the UI. Some of the capabilities that the WMI providers expose wouldhelp enable support for tasks like periodically monitoring available licenses on the LicenseServer, generating license usage reports, querying for various properties of the License Serveretc.Listed below are examples of the tasks that can be accomplished via WMI –a) Activating, deactivating or reactivating the license serverb) Installing license key-packsc) View details of licenses issued by the License Serverd) Generate per-user license reportse) View configuration information of the License Server (e.g.: Is the license serverinstalled on the Domain Controller? Is the Group Policy to prevent upgrades groupenabled on the LS? Etc.)f) Publish or un-publish the License Server in Active Directoryg) Revoke licenses13 | P a g e

Example for revocation of CAL using WMI Providers:Windows Server 2008 also provides support for revocation of issued CALs using WMI providers.CALs revoked through WMI are reflected in TS Licensing Manager.The following WMI class is used to revoke issued CALs:Win32_TSIssuedLicense:Windows Server 2008 has a WMI class named "Win32_TSIssuedLicense" for managing issuedper device CALs. This WMI class provides the following interface to manually revoke issuedCALs:Revoke: This API can be used to manually revoke an issued CAL. This is a not a static function.The syntax of the API isuint32 Revoke([out] uint32 RevokableCals,[out] DATETIME NextRevokeAllowedOn );Where,RevokableCals: Number of TS CALs of the same type as the current object that can berevoked.NextRevokeAllowedOn: Date that the administrator can next try to revoke licenses. Thisparameter only contains valid data when the Revoke method call has failed because themaximum revoke count has been reached.Manually publishing and Un-Publishing Terminal Server license Server:Terminal Servers automatically discover TS License Servers available in a deployment byquerying the Active Directory Catalog for a list of license servers. This list is in the "TS-Enterprise-License-Server" object in the Catalog Server. Typically, License Servers in "Forest"discovery mode publish themselves to this list during installation. However, this process may gowrong for a variety of reasons, and the publishing step may need to be performed manually.Alternatively, when the discovery mode or deployment location of a License Server changes, itmay be necessary to un-publish the LS from the list. In this post, I want to discuss how you canperform these manual operations in Windows Server 2003 License Server.Manually Publishing a License Server for Forest Discovery14 | P a g e

Typical problems that cause the failure of publishing the TS License Server are:If during the installation of the License Server, Active Directory was down and theLicense Server was not published in the Catalog.If the License Server was installed in Forest mode, but without Enterprise AdministratorCredentials, it will not be published in the Catalog.In these cases, the License Server may need to be manually published. You may also have tocreate the TS-Enterprise-License-Server object if it does not yet exist in the Catalog Server.Publishing a License ServerWe can manually publish the Terminal Server License Server, using one of the following twomethods,Using "Active Directory Sites and Services":1. Open the "Active Directory Sites and Services" snapin; Start -> Programs ->Administrative tools -> "Active Directory Sites and Services"2. Select the Site in which you wish to publish the Terminal Server License Server3. Open the "TS-Enterprise-License-Server" Object. If the "TS-Enterprise-License-Server"object is does not exist, you may have to create it. See below.4. Under the "Licensing Setting" tab click on the "Change" button5. Add the License Server machine name and click OKUsing ADSI Edit tool:1. Open the ADSI* Edit tool2. Select the "CN=Configuration" node3. Select the "CN=Sites"4. Open the node of the site where you wish to publish the License Server5. Open the "CN= TS-Enterprise-License-Server" Object in the right hand panel of the UI. Ifthe "CN=TS-Enterprise-License-Server" Object is not present use "Creating the "TS-Enterprise-License-Server" Object in the Catalog" to create the "TS-Enterprise-License-Server" Object6. Select the "siteServer" Attribute and click "Edit"7. Give the License Server machine name in the LDAP form (for example"CN=LSMachine,CN=Computers,DC=example,DC=com") and click "Add"15 | P a g e

Creating the "TS-Enterprise-License-Server" Object in the Catalog1. Open ADSI Edit tool2. Select the "CN=Configuration" node3. Select the "CN=Sites" node4. Open the node of the site where you wish to create the "TS-Enterprise-License-Server"object. If there is no such node then there is no License Server installed in "Enterprisemode" in that particular site5. Action -> New -> Object6. Select the "licensingSiteSettings" class7. Give the Value as "TS-Enterprise-License-Server"8. Click FinishManually Un-Publishing a License ServerTypical scenarios that may require manually un-publishing License Server:While the License Server was being uninstalled, Active Directory was down and LicenseServer could not be un-published from the Catalog.If you uninstalled the License Server, but without Enterprise Administrator Credentials,in that case also License Server won't be Un-Published from the Catalog.If License Server machine is being moved from domain to workgroup, then LicenseServer scope automatically changes to workgroup mode. It needs to be un-publishedmanually from the Catalog.In all of these cases, the entry that is left behind in the TS-Enterprise-License-Server objectwould cause the TS servers to still look for the License Server, even though the LS server may nolonger be available or may have moved to a different network. This may lead problems inlicense discovery and cause the TS servers to not find the type of CAL needed for a particularuser. Therefore, it is a good idea to keep the list as current as possible by manually unpublishinga removed License server from the list in the TS-Enterprise-License-Server object.Un-Publishing a License ServerWe can manually Un-Publish Terminal Server License Server using ADSI Edit tool.Open ADSI Edit tool*Select the "CN=Configuration" nodeAgain select the "CN=Sites"Open the node of the site, where one wishes to publish the License ServerOpen the "CN= TS-Enterprise-License-Server" Object in right hand panel of the UISelect "siteServer" Attribute and click "Edit"Select the License Server name under the heading "Value" and click "Remove"16 | P a g e

Licensing Diagnosis: Problems and ResolutionsLicensing Diagnosis is capable of diagnosing potential problems in a typical terminal server/license server deployment. Here is the list of the potential problems along with their suggestedresolutions.ISSUES WITH DISCOVERYProblem 1: The terminal server has not discovered any license servers. If the grace period forthe terminal server has expired, connections to the terminal server will be denied unless alicense server is configured for the terminal server.Resolution 1: Configure a license server for the terminal server. If you have an existing licenseserver, use the Terminal Services Configuration tool to specify that license server for theterminal server. Otherwise, install TS Licensing on a computer on your network.If you have configured a license server for the terminal server but the license server does notappear in the list of discovered license servers, use TS Licensing Manager to review theconfiguration of the license server. TS Licensing Manager may be launched using the ‘Start TSLicensing manager' action item available in the action pane for Licensing Diagnosis tool.Problem 2: License server is not available. This could be caused by networkconnectivity problems, the Terminal Services Licensing service is stopped on the license server,or TS Licensing is no longer installed on the computer.Resolution 2: Make sure you have network connectivity between the terminal server and thelicense server. Also check that the Terminal Services Licensing service is started on the licenseserver. If TS Licensing is no longer installed on the computer, ensure that the license server isnot manually specified and/or is no longer published in Active Directory Domain Services.17 | P a g e

ISSUES WITH CREDENTIALSProblem 3: The Terminal Services Configuration tool is running with local account credentials.Licensing Diagnosis will not be able to discover domain or forest license servers automaticallyand the Total Number of TS client access licenses available value may be inaccurate.Resolution 3: For best results with Licensing Diagnosis, use the Terminal Services Configurationtool with domain account credentials.Problem 4: To identify possible licensing issues, administrator credentials for license server are required.Resolution 4: Provide administrator credentials for the Terminal Services license server. Toprovide credentials use the ‘Provide Credentials' action item in the action pane for LicensingDiagnosis.ISSUES WITH CONFIGURATIONProblem 5: License server cannot issue TS CALs to the terminal server becauseof a version incompatibility.Resolution 5: Check that the version of the license server supports issuing TS CALs to theterminal server. The license server must be running the same (or a more recent) version of theoperating system as the terminal server. You might need to upgrade your license server to anappropriate operating system or install a new license server with the appropriate operatingsystem.Problem 6: License server is not activated.Resolution 6: Use TS Licensing Manager to activate and install TS CALs on the license server. TSLicensing manager may be launched using the ‘Start TS Licensing manager' action item availablein the action pane for the Licensing Diagnosis tool.Problem 7: License server cannot issue TS CALs to the terminal server becausethe "License server security group" Group Policy setting is enabled.Resolution 7: Add the computer account for the terminal server to the Terminal ServerComputers group on the license server.Problem 8: The licensing mode for the terminal server is not configured.Resolution 8: Set the licensing mode on the terminal server to either Per User or Per Device byusing Terminal Services Configuration tool. Use TS Licensing Manager to install thecorresponding TS CALs on the license server.18 | P a g e

Problem 9: The terminal server is in licensing mode, but license server does not have any TS CALsinstalled.Resolution 9: Use TS Licensing Manager to install the appropriate TS CALs on the license server.If the license server has installed licenses of the other mode, changing the licensing mode forthe terminal server may also resolve the issue. To change the licensing mode, use the TerminalServices Configuration tool.Problem 10: The terminal server is in licensing mode, but licenseserver does not have any TSCALs available. (Note: The license server may have CALs installed but these CALs are currentlynot available for issuance.)Resolution 10: Use TS Licensing Manager to install the appropriate TS CALs on the licenseserver. TS Licensing manager may be launched using the ‘Start TS Licensing manager' actionitem available in the action pane for Licensing Diagnosis tool.19 | P a g e