Note: In Windows Server 2008 R2, Terminal Services is renamed to Remote Desktop Services (RDS).
Can the RD Licensing (Terminal Server Licensing) server issue a Client Access License (CAL) to users or devices connecting to RD Session Host (Terminal Server) servers under any of the following conditions?
- RD Session Host servers are in an Active Directory Domain and RD Licensing server is in a workgroup environment
- RD Session Host servers are in a workgroup and the RD Licensing server in an Active Directory Domain
- RD Session Host servers and RD Licensing server are in different forests. No trusts exist (One-way or Two-way trust) between these forests
- RD Session Host servers and RD Licensing servers are in the same workgroup
For both Per Device and Per User CALs issuance to work, the RD Session Host and RD Licensing server in any one of the following three configurations:
- Both in the same workgroup
- Both in the same domain
- Both in the trusted (Two-way trust) Active Directory Domains or Forest
Here is more information on these scenarios:
RDS Host and RDS licensing servers are in the same workgroup
Please consider the following points while configuring RDS and RDS licensing servers in a workgroup environment:
- We can use ONLY Per Device CALs in a workgroup environment. So, you should install only Per Device CALs on RDS licensing server
- Per User CAL tracking and reporting is not supported in workgroup mode
- RDS Host and RDS licensing server roles can both be installed on the same server
- If you install RDS licensing server on a different server in the workgroup, ensure that the RDS server is able to access RDS licensing server
In Windows 2003, you can create a registry key to override the discovery of the licensing server. For more information, please refer the article How to override the license server discovery process in Windows Server 2003 Terminal Services
In Windows 2008 R2, automatic license server discovery is no longer supported for RD Session Host servers. You must specify the name of a license server for the RD Session Host server to use by using Remote Desktop Session Host Configuration snap-in. For more information, please refer the article Specify a License Server for an RD Session Host Server to Use
RDS Host and RDS licensing serves are in the same domain
In an Active Directory Domain scenario, we can have RDS Host and RDS licensing servers either on the same server or different servers. Please consider the following points while configuring RDS environment in a domain scenario:
· You can install both (Per Device and Per User) CALs on RDS licensing server.
· The computer account for the license server must be a member of the Terminal Server License Servers group in AD DS. If the license server is installed on a domain controller, the Network Service account must also be a member of the Terminal Server License Servers group
· To restrict the issuance of RDS CALs, you can add RDS Host Servers into Terminal Server Computers group on RDS Licensing server and then enable the License server security group policy setting on RDS Licensing server.
· The License server security group policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote \RD Licensing and can be configured by using either the Local Group Policy Editor or the Group Console (GPMC).
RDS Host Servers are in one domain/forest and RDS Licensing server is in another domain/forest
In this kind of scenario, you should consider the following points:
· There should be a two-way trust between these domains/forests. It can be either Forest Trust or External Trust.
· All the required ports should be opened on the firewall. If you have any questions about the ports that need to be opened, please click here
· To issue RDS Per User CALs to users in other domains, there must be a two-way trust between the domains, and the license server must be a member of the Terminal Server License Servers group in those domains.
· To restrict the issuance of RDS CALs, you can add RDS Host Servers into Terminal Server Computers group on RDS Licensing servers.
· Configure RDS licensing server on all RDS Host Servers in each domain/forest. You can do it through RDS host configuration snap-in or through a group policy.
· Add administrators group of each domain/forest in the local administrators of RDS licensing server. This way, you’ll not get a prompt to enter your credentials when you’ll open RDS host configuration snap-ins in trusted domains/forests.