Best practices for setting up Remote Desktop Licensing (Terminal Server Licensing) across Active Directory Domains/Forests or Workgroup

Article ID: 2473823 - View products that this article applies to.
Expand all | Collapse all

Summary

This article provides information on the questions around the supportability (or recommended approach) of setting up Remote Desktop (RD) Licensing across domain, forest or workgroups. 

Note: In Windows Server 2008 R2, Terminal Services is renamed to Remote Desktop Services (RDS).


More information

Question:

Can the RD Licensing (Terminal Server Licensing) server issue a Client Access License (CAL) to users or devices connecting to RD Session Host (Terminal Server) servers under any of the following conditions?

  • RD Session Host servers are in an Active Directory Domain and RD Licensing server is in a workgroup environment
  • RD Session Host servers are in a workgroup and the RD Licensing server in an Active Directory Domain
  • RD Session Host servers and RD Licensing server are in different forests. No trusts exist (One-way or Two-way trust) between these forests
  • RD Session Host servers and RD Licensing servers are in the same workgroup

Answer:

For both Per Device and Per User CALs issuance to work, the RD Session Host and RD Licensing server in any one of the following three configurations:

  • Both in the same workgroup
  • Both in the same domain
  • Both in the trusted (Two-way trust) Active Directory Domains or Forest

Here is more information on these scenarios:

RDS Host and RDS licensing servers are in the same workgroup

Please consider the following points while configuring RDS and RDS licensing servers in a workgroup environment:
  • We can use ONLY Per Device CALs in a workgroup environment.  So, you should install only Per Device CALs on RDS licensing server
  • Per User CAL tracking and reporting is not supported in workgroup mode
  • RDS Host and RDS licensing server roles can both be installed on the same server
  • If you install RDS licensing server on a different server in the workgroup, ensure that the RDS server is able to access RDS licensing server

In Windows 2003, you can create a registry key to override the discovery of the licensing server. For more information, please refer the article How to override the license server discovery process in Windows Server 2003 Terminal Services

In Windows 2008 R2, automatic license server discovery is no longer supported for RD Session Host servers. You must specify the name of a license server for the RD Session Host server to use by using Remote Desktop Session Host Configuration snap-in. For more information, please refer the article Specify a License Server for an RD Session Host Server to Use


RDS Host and RDS licensing serves are in the same domain


In an Active Directory Domain scenario, we can have RDS Host and RDS licensing servers either on the same server or different servers. Please consider the following points while configuring RDS environment in a domain scenario:

·         You can install both (Per Device and Per User) CALs on RDS licensing server.

·         The computer account for the license server must be a member of the Terminal Server License Servers group in AD DS. If the license server is installed on a domain controller, the Network Service account must also be a member of the Terminal Server License Servers group

·         To restrict the issuance of RDS CALs, you can add RDS Host Servers into Terminal Server Computers group on RDS Licensing server and then enable the License server security group policy setting on RDS Licensing server.

·         The License server security group policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote \RD Licensing and can be configured by using either the Local Group Policy Editor or the Group Console (GPMC).


RDS Host Servers are in one domain/forest and RDS Licensing server is in another domain/forest

In this kind of scenario, you should consider the following points:

·         There should be a two-way trust between these domains/forests. It can be either Forest Trust or External Trust.

·         All the required ports should be opened on the firewall. If you have any questions about the ports that need to be opened, please click here

·         To issue RDS Per User CALs to users in other domains, there must be a two-way trust between the domains, and the license server must be a member of the Terminal Server License Servers group in those domains.

·         To restrict the issuance of RDS CALs, you can add RDS Host Servers into Terminal Server Computers group on RDS Licensing servers.

·         Configure RDS licensing server on all RDS Host Servers in each domain/forest. You can do it through RDS host configuration snap-in or through a group policy.

·         Add administrators group of each domain/forest in the local administrators of RDS licensing server. This way, you’ll not get a prompt to enter your credentials when you’ll open RDS host configuration snap-ins in trusted domains/forests.




Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2473823 - Last Review: July 11, 2014 - Revision: 2.0
Applies to
  • Microsoft Windows Server 2003 R2 Datacenter x64 Edition
  • Microsoft Windows Server 2003 R2 Enterprise Edition KN
  • Microsoft Windows Server 2003 R2 Enterprise x64 Edition
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 Foundation
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Service Pack 1
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Standard without Hyper-V
  • Windows Server 2008 Service Pack 2
  • Windows Server 2008 Standard
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Standard
  • Windows Server 2012 Foundation
Keywords: 
KB2473823

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com