20. Microsoft Terminal Services License Server Windows 2000 Terminal Services uses a license-management feature called Terminal Services Licensing. This feature is used to manage license quantities for Windows 2000 Terminal Services Client Access Licenses (CALs) and Windows 2000 Terminal Services Internet Connector. Licensing management is for Windows 2000-based servers with Terminal Services installed in Application Server mode. Application Server mode is similar in concept to Microsoft Windows NT 4.0, Terminal Server Edition. As part of this licensing model, there is a Microsoft Certificate Authority and License Clearinghouse server at www.microsoft.com, to which you can gain access over the Internet or World Wide Web. You can also fax or telephone to activate a License server and install license packs that have been purchased through normal sales channels. License server activation is a one-time event, and the license packs are then installed on the License server. Windows 2000-based servers use these licenses to track and allow or disallow client access to Windows 2000-based servers with Terminal Services enabled. How does a Terminal Services Server communicate with a License Server? Terminal Services-enabled Windows 2000-based servers use the following methods to discover a Windows 2000 License Server: Windows 2000 Domain: 1. The Terminal Services License Service must be installed on a Windows 2000 domain controller in the domain. 2. The Terminal Services-based computer looks for the License Server by using Remote Procedure Call (RPC) to all Windows 2000-based domain controllers in the same domain and querying them for the Terminal Service Licensing service. 3. The client chooses one of the License Servers at random, and then requests a license key pack from that License Server. 4. The License Server passes the request to the Enterprise License Server if no license key pack is available. 5. If the Terminal Services server cannot find a License Server in the domain, it queries the Directory service for the enterprise License Server. Windows NT 4.0 Domain: 1. The License Server must be running on a Windows 2000 member server and all domain controllers must be running Windows NT 4.0. 2. The Terminal Services-based computer issues broadcasts on a mailslot. 3. All Terminal Service Licensing Servers that receive the broadcast respond. 4. The Terminal Services-based computer selects one of the Licensing Servers at random. Workgroup Environment: 1. The Terminal Services server and Licensing Server are in a workgroup. 2. The Terminal Services-based computer issues broadcasts on a mailslot. 3. All Terminal Service Licensing Servers that receive the broadcast respond. 4. The Terminal Services-based computer selects one of the Licensing Servers at random.
20. 1. How to Install and Activate a Terminal Services License Server The process of deploying and tracking licenses within an organization is enhanced in Windows 2000 Terminal Services. Terminal Services Licensing includes a Licensing wizard to download license packs and manage license quantities for Windows 2000 Terminal Services Client Access Licenses (TS CALs) or Windows 2000 Terminal Services Internet Connector licenses (ICs). To deploy TS CALs or ICs you must enable and activate a Terminal Services "License Server" and then install the TS CALs or ICs onto it. There is a one-time activation of the license server and the license packs are then installed onto the license server. The Terminal Services server uses these licenses to track and allow/disallow client permissions to Windows 2000-based computers that have Terminal Services enabled.
To activate a Terminal Services licensing server, use the following steps: 1. Click Start Programs Administrative Tools click Terminal Services Licensing . 2. The Terminal Services Licensing dialog box is displayed and the All servers option is selected by default. Click the plus sign (+) to expand the Windows 2000 Terminal Services servers, and then click the name of the licensing server you want to activate. 3. On the Action menu, click Activate Server . 12. The Licensing wizard starts and the following items are displayed: o Activated For o Connection Method o Licensing Program o Product ID The Product ID area is the only area that contains information at this point. The rest of the information is filled in during the wizard process. Click Next. 13. In the Connection Method area, click the connection method you want to use (Internet, World Wide Web, Fax, or Telephone) or click Internet for the default (you must have an existing Internet connection configured prior to this process to use the Internet option). Click Next . 14. In the License Program area, click one of the following options: o Microsoft Select or Microsoft Enterprise Agreement o Microsoft Open License Program o Other 15. Click Next . 16. The Company Information dialog box is displayed. Fill in your corporate information on the two screens, and then click Next . 17. The Microsoft Registration Authority and Clearinghouse server is detected and the Completing the Process dialog box is displayed. The Registration Authority and Clearinghouse server sends the Personal Identification Number (PIN) through electronic mail to the e-mail address you provide; the activation cannot be completed without the PIN. You can choose from one of the following options for receipt of the PIN through e-mail: o Complete the server activation process now (I already have my PIN). Choose this option if the e-mail message with the PIN arrives quickly. o Postpone completion of the process until the PIN arrives. Choose this option if you want to postpone the activation process for any reason (including delays in receiving the e-mail message containing the PIN). o Restart the licensing process. Choose this option if you want to reset the activation process to its initial state. This option is useful if you never receive the e-mail message containing the PIN. Choose one of the options above and click Next, or wait until you receive the PIN, as described in the following step 18. When you receive the PIN in an e-mail message, click Complete the server activation process now (I already have my PIN) , and then click Next . The PIN e-mail looks like the following: | Electronic mailing from the Microsoft Terminal Services Activation with the subject "Terminal Services License Server Activation"
Thank you for activating your Terminal Services License Server with Microsoft.
This mail contains the PIN needed to complete the activation process. This PIN must be entered into the Licensing Wizard exactly as shown:
Your PIN: XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXX
This PIN is valid for the Terminal Services License Server with the following Product ID:
Product ID: 00000-270-8764055-60434 | Type the PIN exactly as it is sent (or click the alphanumeric PIN, copy the PIN by pressing CTRL-C, and then press CTRL-V to paste the PIN into the wizard), and then click Next . 19. The wizard locates the Microsoft Registration Authority and Clearinghouse server to activate the license server. If all information is typed correctly, the following Completing the Licensing Wizard dialog box is displayed: | Status:
Your License server is successfully activated. To install license key packs now, click Next. To postpone license installation, clear the following check box, and then click Finish.
Check box that "Install licenses now" is checked by default. | Click Next. 20. The following message is displayed: | Your license server has been activated. The wizard can now help you install license key packs. | 21. Click Next to install license packs. 22. You can now type the number of licenses that you want to track and enforce on this Terminal Services computer in the Program and Client License Information dialog box. The steps in this article assume that you purchased licenses from a retail store. The license pack for Terminal Services CALs contains a license code, which you now need to type into the wizard. Type the information, and then click Next . 23. If you chose the Microsoft Select or Microsoft Enterprise Agreement option, an Enrollment number box is displayed, and the Enrollment number is listed on the Select or Enterprise Agreement document that you purchased from Microsoft or a channel distributor. You need to locate that document and type the license code in the Enrollment number box. If you chose the Microsoft Open License Agreement option, the Authorization Number and License Number boxes are displayed. Locate the document that you purchased from the channel distributor and type the Terminal Services CAL license code. 24. If you chose either of these options, you must also supply information in the Product Type and Quantity boxes (in the Product Type box, click Terminal Services CAL or Terminal Services Internet Connector ). 25. If you click Next without typing a valid authorization/license number (for the Open License Agreement option) or enrollment number (for the Select or Enterprise Agreements option), the process is unsuccessful and an error message is displayed. If this happens, click Back and type a valid number before you continue. 26. When the licenses packs are downloaded and are ready for use, the following dialog box is displayed: | Status:
"The new client license key pack has been successfully installed." | 27. Click Finish . 28. In the Terminal Services Licensing dialog box, click the Terminal Services License server in the left pane, and the CALs or Internet Connector Licenses that you downloaded are displayed in the right pane. 20. 2. How to enable Terminal Services License Server Enhancements Hotfix Microsoft released a killer hotfix that enables enhancements to the Terminal Services license server. The following are just some of the enhancements: When an unlicensed client connects for the first time, the Terminal Server issues a temporary TS CAL token. After the user has logged into the session, the Terminal Server instructs the License Server to mark the issued temporary TS CAL token as being validated. The next time the client connects, an attempt is made to upgrade the validated temporary TS CAL token to a full TS CAL token. If no license tokens are available, the temporary TS CAL token will continue to function for 90 days.
This enhancement is designed to prevent TS CALs from being inadvertently allocated to devices that are not intended to be licensed for Terminal Services usage. To allocate a TS CAL token to a device, a successful logon to a Terminal Server must occur. However, this does not prevent users who are authorized to log on to a Terminal Server from logging on from devices that the organization does not intend to license. If this happens, a TS CAL token is still assigned to the device. An expiration period has been added to each TS CAL token that is issued. This expiration period is a random number of days between 52-89 days of issuance. When a client connects to a Terminal Server, this date is checked. If the expiration is within 7 days, the Terminal Server connects to the License Server and renews the TS CAL token, giving it another expiration period of 52-89 days. If the License Server is not available, the TS CAL token functions as normal, with the Terminal Server attempting to replace it at each login. Any TS CAL token that has not been renewed is returned to the group of available license tokens by the License Server upon expiration.
For example, an unlicensed device connects and receives a TS CAL token with an expiration period set at the maximum of 89 days. The device's operating system is then reinstalled. The device then connects again. Because no other TS CAL tokens are available, the device is issued a temporary TS CAL token so it can connect for 90 days. On day 89, the original TS CAL token is returned to the group of available licenses. The next time this device connects, the Terminal Server presents the device with the full TS CAL token that was returned to the group of available license tokens.
In the event of a failure that results in the loss of the licensing database when a known good backup is not available, Terminal Services Licensing must be reinstalled and reactivated. The Clearinghouse will then need to reissue any previously-issued License Key Packs. The License Key Packs that were originally issued are based on the License Server ID at the time of issuance. If the License Server ID changes, License Key Packs that are based on the old License Server ID cannot be installed. For more information and to download the hotfix please visit: http://www.microsoft.com/Windows2000/downloads/critical/q287687/download.asp 20. 3. How to Hardcode a Preferred Terminal Services License Server To select a specific license server for use with a Microsoft Windows 2000 Terminal Service, you can modify the registry to point to a particular license server. You can do this to specify that all Terminal Services servers work with a particular license server for accounting purposes, or if a Terminal Services server and the license server reside in different domains. The following procedure accomplishes that task: 1. Run REGEDT32.EXE. 2. Add the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters 3. With this key highlighted, select Add Value from the Edit menu. 4. Type DefaultLicenseServer in the Value Name field. 5. Select REG_SZ from the Data Type pull-down list, then click OK. 6. In the String field, type ServerName (ServerName being the name of the TS license server) 7. Click OK.
NOTE: Specifying the DefaultLicenseServer registry key overrides the normal discovery process. If the License Server specified is not available, the Terminal Server will not request licenses from another License Server. |