Centralized application with Terminal Services

Introduction

Applications running on a server and usable remotely through Terminal Services and its RDP protocol ("Remote Desktop Connection" in XP) is an alternative to self-updating desktop applications, and web applications to distribute applications that need frequent updates.

As of August 2006, there are three solutions to run a server with RDP:

Cost

Hardware

RAM, CPU, HD, NIC, bandwith, load balancer

Software

Server and client licenses:

"Depending on where you buy a Windows 2003 Server Standard license and what discounts you may be entitled to... from $800 to $1200. You should be able to get the $800 price.

TS CALs are $800 for a 5-pack.

Don't forget, you will also need regular Server CALs if you don't have enough out of the box ($200 for a 5-pack)."

Performance

Network I/O is the first bottleneck, so make sure the server has more than one NIC.

Resources

Books

Site

Tools

Temp

As far as I know, what is now called Terminal Services (and was called Terminal Server with NT 4) originates from a product called WinFrame by Citrix. Having access to NT 4's source code, Citrix managed to build a very fast communication protocol called ICA, which allowed users to log on to an NT4 Server, and run GUI-based (ie. not text-based) sessions there; This made it easier for admins to handle things since applications were now all located on the server, and only a light client application was required to let client hosts to log on to the NT server: The best compromise between client-server and web apps.

Seeing how powerful ICA was, Microsoft rushed to build its own, heavier version of ICA, called Remote Desktop Protocol (RDP). RDP 4.0 shipped with NT4 Terminal Server, 5.0 shipped with Windows2000 Server, and 5.1 shipped with XP and Windows2003 Server.

While TS was sold as a specific version of NT 4 ("NT 4 Terminal Server"), since Windows2000, it is marketed as a service to Windows Server which requires additional licenses, although a 90-day trial period is available. A License Server also needs to be installed.

Today, Citrix concentrates on the upper-end market for this type of product, while Microsoft aims for the entry- to mid-level markets.

Under dev

Windows Terminal Services

Terminal Services for Microsoft Windows Server 2003: Advanced Technical Design Guide

Technical Overview of Windows Server 2003 Terminal Services

Windows Server 2003 Terminal Services

Windows 2003 Terminal Services (Part 1)

Windows 2003 Terminal Services (Part 2)

"Session Computing Solutions is dedicated to providing easy access to useful, objective information on Server Based Computing, Microsoft Windows Terminal Server and assorted 3rd Party add-on products that enhance Terminal Server."

Is it true that in order to have  a Win2K3 Teminal server in a W2k3 AD domain, the TS Licensing Server must be on a domain controller?  It is working in a workgroup just fine. > That applies only to a W2K TS Licensing Server in a W2K or 2003 domain. A 2003 TS Licensing Server can run on any member server in the domain, or on a standalone server in a workgroup.

It is my understanding that Windows 2003 SBS can not be used as a Terminal Server in Application Server mode, period. This is a design decision made by MS, as SBS is also a DC, and running TS on a DC is a security risk.

Yes, you would need another server on the network configured as a Terminal Server.  You could use either a Windows 2003 Server (Standard Edition would be fine) or you could use a Windows 2000 Server as well.  There are certainly advantages to the Terminal Services engine on Win2K3 over Win2K, but there is also added cost involved.  With a Win2K Terminal Server, you don't need to purchase TSCALs if the connecting workstations are Windows 2000 Pro or XP Pro.  With a Win2K3 box, you are purchasing TSCALs regardless of the client OS, so it does add some additional dollars.

TS service

TS Licensing Server

TS troubleshooting:  http://ts.veranoest.net

http://www.sbcgatekeeper.com Your Terminal Services Security Website

can you do a "qwinsta.exe" on the machine having problem.

 

qwinsta.exe returns the following:

 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE

>console                       GHawk                         0      Active

wdcon

W2K3 Standard server vs SBS?

We recently setup a new W2K3 Standard server.  Played with Remote Desktop access without a hitch.  Successfully logged in with both RD Client and RD Web from variety of client Windows PCs.  We've been only using the local Administrator account during our early stages. Then we turned on TS in the server, everything looks good.  We have not setup the LS yet, figuring we had 120 days grace. We can't get past "You do not have access to Logon to this session".   What are we missing?  Do we have to have a LS up and running during the 120 day grace?

=> Remote Desktop vs. TS?

This sounds more like a permission problem.  Have you made your users members of the local Remote Desktop Users group?

We've looked at RDP-tcp Properties, permissions.  Seems in order.    Remote Desktop Users group has User Access   Administrators group has Full Control   We added user Administrator with Full Control.

Strange. By default, there shouldn't be any permission problems for Administrators, and the rdp permissions that you verified were exactly as they should be. Is this server a Domain Controller? But then, you also should have the right to logon locally as Administrator. Could there be a Group policy which explicitly *denies* Terminal Services access? Highly unlikely, I'll admit, but I don't have anything better at the moment.

I assume that you have already checked the EventLog?

As an afterthought: check your password. There are known problems with accounts that have a blank password, and also if the password is longer than 15 characters (although that problem only applies  to automatic logons to TS, I believe).

Workgroup vs DC

I'm pretty sure we added TS via Add/Remove a couple of days ago.

Do I to have some variety of a CAL on my client PC to access the W2K3 TS?    We set the TS to be "Per User" since that will fit into our plans better than Per Device, as our intended users are in multiple locations.

It immediately indicated that the grace period had expired. The message for this shows up in the System Event Log: Event ID 1008, source TermService. So it appears to me that the 120 day grace period starts when the server is installed, regardless of whether or not the Terminal Server role is enabled, or whether or not a client connects.

SBS has its own type of client access license (CAL), that is different and costs slightly more than CALs for the other editions of Windows Server 2003. However, the SBS CAL encompasses the user CALs for Windows Server, Exchange Server, SQL Server, and ISA Server, and hence is less expensive than buying all the other CALs individually.

You can only operate Terminal Services in remote administration mode on the server running SBS 2003. (Change from SBS 2000 policy)

Installing and activating a Licensing Server is a matter of 10 minutes, though. But of course you would need to purchase TS CALs as well. If you follow this route, be sure to think about Per User versus Per Device TS CALs. And if you choose Per User, make sure that the Terminal Server is also configured to use Per User licensing mode. You can check this from Administrative Tools - Terminal Services Configuration - Server Settings

Installing the License Server Service (you can uninstall later) will give you a new grace period in effect. You won't have to install any real TSCALs to test if this is really your problem. It will issue temporary TSCALs for 90 days without actually installing the CALs. Later, if you want to put the TS License server elsewhere, you can uninstall the component on this box. One more thing to note, although this does not seem to be the case with you (if you are sure that you have never had a license server), on the grace period (from MS TS Licensing White Paper): The license server grace period ends after 120 days, or when a license server issues a permanent license token through the terminal server, whichever occurs first.

1. Which mode does the problematic terminal server run in, application server or remote administration? You cannot establish a terminal session to this terminal server from your laptop. Here are the steps to check its mode:

a) Run the command "tscc.msc" in the Run dialog on the terminal server.

b) Select the "Server Settings" item. Check the value of the "Terminal server mode" in the right panel.

2. Which mode does another terminal server run in, application server or remote administration? You can establish a terminal session to this terminal server from your laptop.

3. Which computer does the terminal services licensing server (the server which issues terminal licenses) run on? Is the computer a Windows 2000 domain controller?

4. Delete a related registry key on your laptop and check the results. Use the Windows Registry Editor to delete the following registry The key to be deleted is LICENSE000 or LICENSE00x:

   HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing\Store\LICENSE00x

Important: Please backup the key before deleting it (right-click LICENSE00x and choose Export.

If you wanna be sneaky, why not just set the user's shell to be the mstsc.exe program, and then pass it some command line info, like:

mstsc.exe /v 192.168.1.111

This will start the client and connect it right to your server immediately.  

You'll also have to assure that the Terminal Server is configured to allow "saved passwords". Just setting up the client won't do it without the server setting also.

Each Terminal Server can only use either Per User or Per Device but not both at the same time.

2 - You may not need TS, but just RD (Remote Desktop) if you don't plan on having more than 2/3 simultaneous connections

3 - You will need to enable RD on the machine, it's not automatically enabled (http://www.imbored.biz/Enable-RD  to enable RD)

4 - You only need to connect to the IP address, you don't need to add the port 3389 section

You need addition CALs for TS since TS doesn't use Windows CALs.  TS uses, well, TSCALs.  So you will need that amount of TSCALs for the amount of users you wish to have connect to your Terminal Server

On the server which you believe to be the Ts Licensing Server: Start - Programs - Administrative Tools - Terminal Services Licensing

You will see your LS there and when you expand it, you will see different entries for different types of licenses, installed license packs + the numbers (total installed, issued, available)

You can also run lsreport and lsview from the Resource Kit to gather information about the License Servers and licenses in your domain.

Windows Server 2003 Resource Kit Tools

The "Existing Windows 2000 Server - Terminal Services CAL Toke (per device)" entry is automatically created.

This is the built-in pool of licenses which are issued to W2K Pro and XP Pro clients for free *when they connect to a W2K Terminal Server*. Since you have a 2003 TS, you will not be able to use these licenses.

Locking Down Windows Server 2003 Terminal Server Sessions

You have a couple options to do this, really depends how much you really want to hide the OS and how much you want to lock it down. You can go from things like setting MSTSC.EXE as the shell (so the XP/2000 machine launches the RDP client after booting up) to set things up on the Startup folder. These options will always have some drawbacks (like using Task Manager to launch EXPLORER.EXE for example).

Another option is to use a specialized OS that will replace the OS you currently use on these PCs and will boot straight to the TSs. One of these options is the 2X ThinClient software (http://www.2x.com). Or you can use something else like PXES, ThinStation, etc.

File transfer : On 2003 this is available natively. If using 2000 you must use additional tools (resource kit or third party ones) to achieve this.

You could connect 5 W2K Pro or XP Pro clients, since these clients get a free TS CAL from the TS Licensing Server (which you must install on the server). But not thin clients.

Windows 2003 TS has Per User and Per Device licenses, W2K TS has only Per Device licenses.

I di find the answer to this question on 2003 server there are two different license types I can purchase. On 2000 server there is just a per device CAL.

Hosting Applications with Terminal Server

828955 - How to Install Office 2003 on a Computer That Is Running Windows Terminal Server

Deploying Office 2003 in a Windows Terminal Services Environment

You are running your TS server in Remote Administration mode that allows only administrators to connect and all you need to do is change to Remote Application mode. In Application mode you will be require to set Licensing Server but all windows OS already has the license granted when connecting to TS and you do not need to require any new license for your XP desktop.

To switch to Remote App mode Start Add/Remove Programs from Control Panel => Click on Add/Remove Windows Components => find in the list Terminal Server => check it and Details. Follow the Wizard to select Application mode.

Can you check if Windows 2000 has Terminal Service Configuration (tscc.msc) tool, I don't have access to W2K server anymore, if it does, go to tscc.msc (Terminal Service configuation tool) -> Right click on RDP-Tcp to brign up Properties -> Permissions and add the user account, if this tool is not on Windows 2000, let me know, I will check around.

it seems that you have installed Terminal Services in "Application Server mode". This allows for an unlimited amount of concurrent connections, but requires a licensing server and Client Access Licenses for every connection.

I believe that all you want is Remote Administration. That allows for a maximum of 2 concurrent connections and does not require any additional licensing.

Since you don't mention the OS you are running, it's difficult to give detailed information, but here are the basics: If you are running Windows 2003, uninstall Terminal Services alltogether (in Control Panel - Add/Remove Programs - Add/Remove Windows components). This will leave you with Remote Desktop for Administration (configured in My Computer - Properties - Remote), and that's all you want.

If you are running W2K go to Control Panel - Add/Remove Programs - Add/Remove Windows components - Terminal Services to switch mode from Application Server mode to Remote Administration mode.

260370 - How to Apply Group Policy Objects to Terminal Services Servers

You can setup TSWeb so they can logon with Internet Explorer and run only that single application, instead of the entire desktop, or you could deploy a 3rd Party TS Enhancement Product like Citrix MetaFrame, Newmoon Canaveral iQ, AppLauncher or WTSPortal to publish the application to remote users.

Windows Terminal Services - WinConnect Server XP (" a program that lets three remote users log onto a Windows XP system while someone is using the host machine locally" from Thin Client for the Small Office; "The host can be any system running WinXP, Home or Professional — though there are some restrictions with Home. The means of connection can be a local area network (LAN) or the Internet." from WinConnect Server XP)

WTS Gateway Pro

If you have more than one terminal server machine then you will have to use a domain so you don't have to duplicate accounts. If your users can use either server then you also want to implement roaming profiles and store them on a separate machine (your 3rd server would be fine). Similarly, any persistent user storage is best on a machine outside of the TS machines (and not within their roaming profile as this can seriously slow logon/logoff).

Many companies have Windows 2000 Pro on their PCs only. Implementing Windows 2000 TS will cost them nothing.

My Computer -> Manage -> Services -> Terminal Services

This server currently runs exchange, AD, and Terminal Services.  I am wanting to buy a new server with 2003 for exchange and AD, and keep the 2000 server as a terminal server because i am aware of the limitations of terminal services on 2003

Doubtful....you can't demote the SBS box to make it be a member  server....and frankly, you should run TS only on a member server (you can't even *install* TS on SBS2003, thankfully).

http://www.sessioncomputing.com/scaling.htm

We have installed a Terminal Server, First we had 5 Computer license on it, later on we changed it to 5 user license and after that, We bought another 15 user licenses, We are now using the User License mode on the TS, and we have totally 20 user licenses on the server, BUT it refuses to connect more than 5 users. have anyone seen this? and why does this happend??

To read

To check

http://msdn.microsoft.com/library/en-us/termserv/termserv/remote_desktop_web_connection.asp

The RDC client is a free download and works on Windows 2000, Windows 95, Windows 98, Windows ME, Windows NT, Windows Server 2003, Windows XP and Windows XP Media Center Edition.

It works extremely well, even over "bad" connections. I have used VNC also, and really there is no comparison. VNC feels like stone age tech compared to RDC.

http://www.microsoft.com/downloads/details.aspx?FamilyID=a8255ffc-4b4a-40e7-a706-cde7e9b57e79&displaylang=en

Microsoft® Windows NT® 4.0 Terminal Server Edition and Windows® 2000 Server with Terminal Services allow a server to host multiple, simultaneous client sessions.

On Windows XP Professional and Server 2003 family, Microsoft's Remote Desktop uses Terminal Services technology to allow a single session to run remotely. A user can connect to a terminal server by using Terminal Services client software. The Terminal Services Remote Desktop Web Connection extends Terminal Services technology to the Web.

Applications that use the Terminal Services require Windows Server 2003, Windows XP, Windows 2000, or Windows NT 4.0 Terminal Server Edition. To use Remote Desktop Web Connection functionality, the Terminal Services client-side application requires Microsoft Internet Explorer and a connection to the World Wide Web.

I'm happy with the RDP 5.0 TS Client that came with Windows 2000. Should I upgrade to the new TSAC? Microsoft will continue to support users who wish to use the previous client. However, the TSAC is the base for all Terminal Services Client development going forward, and customers will be asked to migrate to the new client for any fixes that require code changes to the client that shipped with Windows 2000 or Terminal Server 4.0. In addition, please see the next question related to this issue.

When the TSAC is running within a Web page, is it using TCP port 80 to communicate to the terminal server? No. The TSAC uses the RDP TCP port 3389, regardless of whether it is running in a Web page, MMC console or the full client.

Does the Terminal Services Advanced Client only connect to a Windows 2000 Advanced Server? The Terminal Services Advanced Client connects to any computer with Terminal Services enabled, including the entire Windows 2000 server family, as well as Windows NT 4.0, Terminal Server Edition.

With the release of the Terminal Services Advanced Client (TSAC) as a ValueAdd component on Microsoft Windows® 2000 Server, Service Pack 1, the Terminal Services solution is now extended to the Web.

For more information about deploying the Terminal Services Active X Client control, see the Microsoft Terminal Services ActiveX Client Control Deployment Guide, which is included with the TSAC.

http://www.microsoft.com/windows2000/downloads/recommended/tsac/

Remote Desktop Connection Software: This software package will install the client portion of Remote Desktop on any of the following operating systems: Windows 95, Windows 98 and 98 Second Edition, Windows Me, Windows NT® 4.0, or Windows 2000. (This is the same version of the client software as in Windows XP Service Pack 1.) When run, this software allows older Windows platforms to remotely connect to a computer running Windows XP Professional with Remote Desktop enabled.

"Also, MS now includes Terminal Services as part of XP Pro.  So if you happen to be (un)lucky enough to use that, you've already got it at your desktop."

Both 2000 pro and xp pro include a license now, btw.

rdesktop, an open-source RDP client. Using Windows Terminal Services with Linux

Resources

http://en.wikipedia.org/wiki/Windows_2003

Things to check when installing MS Terminal Services