From: Jeff Pitsch
<Jeff@Jeffpitschconsulting.com>
To:
none
Subject:
Re: Windows 2000 Terminal migration to 2003.
Date:
09/25/2007 09:55:21
I would not recommend saving the profiles as profile migration
from one
version to another is typically ripe with problems. I
think you'll save
yourself a lot of trouble over the long run by simply
using new
profiles. If you are truly concerned about the
printers you could
export the key for each user and reimport that.
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
Lasse wrote:
> Hi
>
> We have a Windows 2000 Terminal server and I am
planning to change it to
> 2003. My idea was to save all the important data
and each users profile and
> then do a fresh installation of Server 2003.
> My problem is that I am not sure how to backup
the user profiles so I can
> import them when the 2003 server is running. If I
can't save the user
> profiles all the printers need to be installed
again and I would like to
> avoid that.
>
> Any ideas?
Top
From: Jeff Pitsch
<Jeff@Jeffpitschconsulting.com>
To:
none
Subject:
Re: Where are my TS Device CALs going?
Date:
09/27/2007 14:46:17
WBT would be Windows Based Terminals. WI does look
like a web interface
name, maybe a contractor or consultant came in that
way. The 192's
could be linux devices or something without a
registry. As for the rest
i would guess home users. there really isn't much else
you can do to
identify them except maybe if your auditing logons you
could track down
that way.
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
Daniel Segel wrote:
> We have 140 Per-Device CALs installed on our
licensing server. At this point
> they have all been issued, but the TS Licensing
Manager doesn't tell me
> who/what device each Device CAL has been issued
to other than giving a simple
> name. The problem is that there are seemingly
many licenses issued to devices
> I can't identify and there are several cases
where there are multiple
> licenses issued to the same device (by name).
>
> For example, I have licenses issued to:
>
> jsmith
> jsmith
> jsmith
> default
> dafault
> LH-UAGS5F2WL7GZ
> 192.168.0.13
> 192.168.1.2
> WBT00806439040D
> WBT0080643905C8
> WI_JyeXK7iFyI9b1t
>
> Note that we do not use any 192.168.x.x IPs
anywhere on our network, and all
> systems here have real (identifiable) names. I suspect
the 192.168.x.x
> devices are coming in via our Juniper SSL VPN box
(because I've seen similar
> IPs there before), but there aren't enough to
account for all users who come
> in that way. The WI_Jxxxx device looks like a
Citrix Web Interface generated
> ID, but I'm not sure why there would be any of
those at this point (we're not
> running Citrix WI at this
time).
>
> Is there any way to get further information on
what device these CALs have
> been issued to?
>
> Thanks,
>
> Daniel
Top
From: Jeff Pitsch
<Jeff@Jeffpitschconsulting.com>
To:
none
Subject:
Re: W2K3 Enterprise 32-bit RAM
Allocation
Date:
09/27/2007 10:46:30
/PAE doesn't reduce kernel memory, the /3gb switch
does. Windows 2003
standard cannot address 8gb of ram so that would be a
waste. If there
is a reduction of kernel space it is because of the
PTE's needing to be
virtualized which does introduce a bit of performance
hit but if the
terminal servers are memory constrained then this is
what you need to
do. /PAE is required to address memory over 4gb on
enterprise.
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
cendrars wrote:
> Hello,
>
> Customers are purchasing blades with 8GB of RAM
and running W2K3 Enterprise
> Edition to run terminal services. I am seeing
build sheets with the /PAE
> switch applied to these servers to support RAM
beyond the 32-bit 4GB
> threshold.
>
> Is the /PAE switch indeed required for W2K3
Enterprise to address 8GB of
> RAM? As the /PAE switch reduces kernel memory as
result of additional RAM
> addressing beyond the 4GB limit, this strikes me
as a questionable move for
> TS.
>
> Does W2K3 Enterprise indeed require the /PAE
switch to address 8GB of RAM?
> Is this reduction in kernel memory an issue for
TS?
>
> I am recalling a white paper I read some time
back referencing server sizing
> for TS. My recollection is that W2K3 Enterprise
with 32GB RAM allocation via
> /PAE offers a 15% reduction in application
service when compared to a
> standard W2K3 server running 8GB. I am tracking
down my recollection this
> morning. If anyone here should care to comment on
my recollection, I would
> be grateful. Thanks.
Top
From: Rong Chen [MSFT] <rochen@online.microsoft.com>
To:
none
Subject:
Re: Virtual channel reconnect on longhorn (Win2k8)
Date:
09/24/2007 14:59:40
Are you re-opening the channel when reconnected?
Longhorn requires the
channel to be reopend when reconnected (includes
auto-reconnect) which
differs from Win2k3
Thanks
Rong
--
This posting is provided "AS IS" with no
warranties, and confers no rights.
--
This posting is provided "AS IS" with no
warranties, and confers no rights.
wrote in message
news:1190624915.004409.21020@w3g2000hsg.googlegroups.com...
> Hi All,
>
> On Win2003 I have created a virtual channel to
send data from client
> to server by writing an add-in. This add-in works
fine for new session
> as well as reconnected session, on win2003.
> But when I use same add-in while connecting to
longhorn
> server then for new session virtual channel works
perfectly but when I
> disconnect this session and again reconnect it
then
> "WTSVirtualChannelWrite" on server
application fails for reconnected
> session with error 1. ie. Incorrect function.
>
> So can any one tell me the reason for this
problem. Is there
> any specific setting to do on terminal server, so
that existing
> virtual channel works correctly as that of on
win2003.
>
> Please guide me.
> Any help will be appreciated.
>
>
> Thanks
> Amit
>
Top
From: amitmane82@gmail.com
To:
none
Subject:
Re: Virtual channel reconnect on longhorn (Win2k8)
Date:
09/26/2007 01:48:12
On Sep 24, 12:59 pm, "Rong Chen
[MSFT]"
wrote:
> Are you re-opening the channel when reconnected?
Longhorn requires the
> channel to be reopend when reconnected (includes
auto-reconnect) which
> differs from Win2k3
>
> Thanks
>
> Rong
>
> --
> This posting is provided "AS IS" with
no warranties, and confers no rights.
>
> --
> This posting is provided "AS IS" with
no warranties, and confers no rights. wrote in message
>
>
news:1190624915.004409.21020@w3g2000hsg.googlegroups.com...
>
> > Hi All,
>
> > On Win2003 I have created a virtual channel
to send data from client
> > to server by writing an add-in. This add-in
works fine for new session
> > as well as reconnected session, on win2003.
> > But when I use same add-in while connecting
to longhorn
> > server then for new session virtual channel
works perfectly but when I
> > disconnect this session and again reconnect
it then
> > "WTSVirtualChannelWrite" on server
application fails for reconnected
> > session with error 1. ie. Incorrect
function.
>
> > So can any one tell me the reason for this
problem. Is there
> > any specific setting to do on terminal
server, so that existing
> > virtual channel works correctly as that of
on win2003.
>
> > Please guide me.
> > Any help will be appreciated.
>
> > Thanks
> > Amit
Hi Rong,
Thanks for your valuable help.
Can you give me any MSDN or any other link where you
mentioned point
is explained in more detail .
And do you have any idea why longhorn changed this
behavior since
2k3.
Thanks
Amit
Top
From: David G. Hoch
<dhoch@dghtechnologies.com>
To:
none
Subject:
Re: Video clips - Poor quality on Terminal Server 2003
Date:
09/21/2007 13:36:20
Does the Video card on the server have any affect on
the quality of the
video that is passed along to the thin client session?
If I were to upgrade
the server to a video card that as more RAM (the
current one has 16MB), is
there any reason to believe the video quality would
improve?
--David
"Munindra Das [MSFT]" wrote in message
news:uJUSSfX8HHA.5424@TK2MSFTNGP02.phx.gbl...
> David, since TS uses bitmap remoting, the quality
of streaming video is
> compromised. We are continously tring to improve
it, but it is unlikely to
> become as good as the local case.
>
> --
> This posting is provided "AS IS" with
no warranties, and confers no
> rights.
> "David G. Hoch" wrote in message
> news:n8LDi.6682$pe7.2873@newsfe12.lga...
>> I'm running a Windows 2003 Server as a
Terminal Server. It has plenty of
>> processing power and RAM, and I've tested it
with very few users
>> connected. When watching streaming video in a
Terminal Server session the
>> video and audio are choppy and really not
watchable.
>>
>> Watching the same video clips on a PC
attached to the same network, but
>> not running a Terminal Server session shows
smooth video and audio. Any
>> thoughts on why the Terminal Server would be
having this problem?
>>
>> Thanks for your help.
>> --David
>>
>
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: Video clips - Poor quality on Terminal Server 2003
Date:
09/21/2007 13:43:16
No, it has no effect.
-TP
David G. Hoch wrote:
> Does the Video card on the server have any affect
on the quality of
> the video that is passed along to the thin client
session? If I were
> to upgrade the server to a video card that as
more RAM (the current
> one has 16MB), is there any reason to believe the
video quality would
> improve?
>
> --David
Top
From: David G. Hoch
<dhoch@dghtechnologies.com>
To:
none
Subject:
Re: Video clips - Poor quality on Terminal Server 2003
Date:
09/22/2007 23:11:58
Interestingly (and the reason that I brought it up),
is that I support
several Terminal Server 2003 installations, all of
which have very powerful
servers (i.e. Server-class hardware with Core2Duo
processors, 4GB RAM, SAS
RAID 5 Array, etc.). These Server-class machines all
have basic integrated
video cards with 16MB of RAM, and all have problems
with video in TS
sessions (regardless of the number of users currently
connected). This is
true whether the user is connecting within the
building on the LAN, or
across the Internet.
I also have a Terminal Server 2003 box set up in my
office for testing.
This test box is a workstation class machine and is
very under-powered as
Terminal Servers go. It's a P4, with 1GB of RAM,
5400RPM ATA hard drive,
but it has a workstation-class video card (NVidia
GeForce) with 64MB of RAM.
When I connect to my server (via either LAN or WAN) I
do not have any
problem viewing videos. On this machine videos are
smooth and clear, unlike
the broken-up, jerky video that I see on the other
boxes.
Since my box is so much less powerful than the
server-class machines, and
the one major difference is the video RAM, I thought
that might be the cause
of the better quality on my machine.
Any thoughts on why I have good quality on mine but
not elsewhere?
Thanks.
--David
"TP" wrote in message
news:uJQ0J8H$HHA.5160@TK2MSFTNGP05.phx.gbl...
> No, it has no effect.
>
> -TP
>
> David G. Hoch wrote:
>> Does the Video card on the server have any
affect on the quality of
>> the video that is passed along to the thin
client session? If I were
>> to upgrade the server to a video card that as
more RAM (the current
>> one has 16MB), is there any reason to believe
the video quality would
>> improve? --David
Top
From: Jeff Pitsch
<Jeff@Jeffpitschconsulting.com>
To:
none
Subject:
Re: Users sessions get reset
Date:
09/27/2007 10:49:57
Is your policy setup to reset a session limit reached
or broken
connection? If so, change it so that it disconnects
the session. Then
you can start troubleshooting the problem of why they
are getting
disconnected in the first place.
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
Chip wrote:
> Over the past week and in the past I've had it
happen to me. A user can be in
> the middle of working on an e-mail or something
of the sort, and the user get
> disconnected corection they get reset. Originally
I thought it was the GPO
> doing this, but I'm now wondering if it is
anything else since the GPO is not
> set to disconnect or log off an idle session.
> When the user that was working on an e-mail in
outlook does relog back in,
> it is a completely new session, there is now sign
of them ever being logged
> in before. I've had this happen to myself then
logged in as Admin and did not
> see my session as disconnected in termianal
services manager.
> It's almost like they got reset by the server.
Has anyone else seen this
> happen? or have any idea as to what is causing
it?
>
> Thanks
>
> Chip
Top
From: Chip
<Chip@discussions.microsoft.com>
To:
none
Subject:
Re: Users sessions get reset
Date:
09/27/2007 14:39:01
Jeff,
Not to sound like a Newbie, but I've seen in the GPO
where I can disconnect
a session after so many minutes and also seen I can
log off a disconnected
session ut I don;t recall seeing a reset option. Also
can this be done in a
local policy on the term servers? Reason I ask is
becasue I'm not part of any
GPO, while I got disconnected as did other users. I'd
think it would be
network then but I'm on a cable modem and they are on
a P2P network so that
ruins that thought.
So while I send this I'll also search through the
GPO's and term server for
a clue.
Thanks,
Chip
"Jeff Pitsch" wrote:
> Is your policy setup to reset a session limit
reached or broken
> connection? If so, change it so that it
disconnects the session. Then
> you can start troubleshooting the problem of why
they are getting
> disconnected in the first place.
>
> Jeff Pitsch
> Microsoft MVP - Terminal Server
> Citrix Technology Professional
> Provision Networks VIP
>
> Forums not enough?
> Get support from the experts at your business
> http://jeffpitschconsulting.com
>
> Chip wrote:
> > Over the past week and in the past I've had
it happen to me. A user can be in
> > the middle of working on an e-mail or
something of the sort, and the user get
> > disconnected corection they get reset.
Originally I thought it was the GPO
> > doing this, but I'm now wondering if it is
anything else since the GPO is not
> > set to disconnect or log off an idle
session.
> > When the user that was working on an e-mail
in outlook does relog back in,
> > it is a completely new session, there is now
sign of them ever being logged
> > in before. I've had this happen to myself
then logged in as Admin and did not
> > see my session as disconnected in termianal
services manager.
> > It's almost like they got reset by the
server. Has anyone else seen this
> > happen? or have any idea as to what is
causing it?
> >
> > Thanks
> >
> > Chip
>
Top
From: Jeff Pitsch
<Jeff@Jeffpitschconsulting.com>
To:
none
Subject:
Re: Users sessions get reset
Date:
09/27/2007 14:43:19
This setting can be found in the user account
properties and the RDP-TCP
properties on the terminal server itself.
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
Chip wrote:
> Jeff,
>
> Not to sound like a Newbie, but I've seen in the
GPO where I can disconnect
> a session after so many minutes and also seen I
can log off a disconnected
> session ut I don;t recall seeing a reset option.
Also can this be done in a
> local policy on the term servers? Reason I ask is
becasue I'm not part of any
> GPO, while I got disconnected as did other users.
I'd think it would be
> network then but I'm on a cable modem and they
are on a P2P network so that
> ruins that thought.
> So while I send this I'll also search through the
GPO's and term server for
> a clue.
>
> Thanks,
> Chip
>
> "Jeff Pitsch" wrote:
>
>> Is your policy setup to reset a session limit
reached or broken
>> connection? If so, change it so that it
disconnects the session. Then
>> you can start troubleshooting the problem of
why they are getting
>> disconnected in the first place.
>>
>> Jeff Pitsch
>> Microsoft MVP - Terminal Server
>> Citrix Technology Professional
>> Provision Networks VIP
>>
>> Forums not enough?
>> Get support from the experts at your business
>> http://jeffpitschconsulting.com
>>
>> Chip wrote:
>>> Over the past week and in the past I've
had it happen to me. A user can be in
>>> the middle of working on an e-mail or
something of the sort, and the user get
>>> disconnected corection they get reset.
Originally I thought it was the GPO
>>> doing this, but I'm now wondering if it
is anything else since the GPO is not
>>> set to disconnect or log off an idle
session.
>>> When the user that was working on an
e-mail in outlook does relog back in,
>>> it is a completely new session, there is
now sign of them ever being logged
>>> in before. I've had this happen to myself
then logged in as Admin and did not
>>> see my session as disconnected in
termianal services manager.
>>> It's almost like they got reset by the
server. Has anyone else seen this
>>> happen? or have any idea as to what is
causing it?
>>>
>>> Thanks
>>>
>>> Chip
Top
From: Munindra Das [MSFT]
<munind@online.microsoft.com>
To:
none
Subject:
Re: Users can't disconnect after printing (and only printing)
Date:
09/22/2007 02:03:31
You might want to try the Citrix newsgroups
http://support.citrix.com/forums/index.jspa?categoryID=1.
--
This posting is provided "AS IS" with no
warranties, and confers no rights.
"azevon" wrote in message
news:46EB3EEE-C4AC-4D34-A3A9-52E500B5C0B3@microsoft.com...
> Greetings All,
>
> Windows2003TS Enterprise
SP2 with Citrix MetaFrame 3.0
>
> With any of my published applications, when the
users tries to print (and
> after it successfully prints), when they exit the
application, they
> receive a
> blue screen and their connection to my server
still remains active. If
> they
> launch the same application and don't print, log
off the app, their
> connection is logged out and disconencted
normally.
>
> This only happens with PUBLISHED apps - if I establish
a connection to the
> server (with desktop and all apps, etc), and I
run and print something, I
> can
> disconnect normally.
>
> Now I'm not sure if this is a Citrix issue - but
I am assuming there must
> be
> a setting somewhere concerning this (printing,
security, rights, etc).
>
> Any help would be great.
>
> -andy-
Top
From: azevon
<azevon@discussions.microsoft.com>
To:
none
Subject:
Re: Users can't disconnect after printing (and only printing)
Date:
09/25/2007 11:56:05
Solution was to use postscript drivers on all the
printers.
"Munindra Das [MSFT]" wrote:
> You might want to try the Citrix newsgroups
> http://support.citrix.com/forums/index.jspa?categoryID=1.
>
> --
> This posting is provided "AS IS" with
no warranties, and confers no rights.
> "azevon" wrote in message
>
news:46EB3EEE-C4AC-4D34-A3A9-52E500B5C0B3@microsoft.com...
> > Greetings All,
> >
> > Windows2003TS Enterprise
SP2 with Citrix MetaFrame 3.0
> >
> > With any of my published applications, when
the users tries to print (and
> > after it successfully prints), when they
exit the application, they
> > receive a
> > blue screen and their connection to my
server still remains active. If
> > they
> > launch the same application and don't print,
log off the app, their
> > connection is logged out and disconencted
normally.
> >
> > This only happens with PUBLISHED apps - if I
establish a connection to the
> > server (with desktop and all apps, etc), and
I run and print something, I
> > can
> > disconnect normally.
> >
> > Now I'm not sure if this is a Citrix issue -
but I am assuming there must
> > be
> > a setting somewhere concerning this
(printing, security, rights, etc).
> >
> > Any help would be great.
> >
> > -andy-
>
>
Top
From: John
<John@discussions.microsoft.com>
To:
none
Subject:
Re: User sees printers from old location
Date:
09/20/2007 10:22:08
TP,
The clients are brand new machines with a clean image.
All printers are auto
created. Local printers have been installed on the
client and when TS'd into
a server the auto creation occurs. I am now told the users
profile is still
stored locally on the old workstation at the old
location but i wouldn't
think this would have anything to do with it. Any
ideas?
Thanks,
"TP" wrote:
> Hi,
>
> When they are logged on to their new workstation
do they see
> the old printers in their *local* printers
folder?
> When the user is logged on to the TS, check and
see what type
> of printer each one is. For example, are the
printers auto-created,
> network, or local? Examples of each (notice that
auto-created
> have "in session xxx" on the end):
>
> Auto-Created
> HP LaserJet P3005 PCL 6 (from DG31H76) in session
72
> HP LaserJet 3200 Series PCL on FS01 (from
DG31H76) in session 72
>
> Network
> HP LaserJet 2300 Series PCL 6 on FS01
> HP LaerJet 4050 Series PCL on PSERVER
>
> Local
> HP DeskJet 970Cxi
> HP LaserJet 6P
>
> Thanks for answering my questions.
>
> -TP
>
> John wrote:
> > Hi,
> >
> > does anyone know why a user that has moved
to a new location still
> > sees the printers from the old location when
TS'd into a server? We
> > have a user that has moved from one building
to another. The client
> > is a new workstation with XP pro and the
server is Windows server
> > 2003. User properties connect client printers
at logon and default to
> > main client printer. Local profiles are
used, print drivers are on
> > the server.
> > Any ideas?
> >
> > Thanks in advance,
>
Top
From: TP <tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: User sees printers from old location
Date:
09/20/2007 11:31:23
Hi again,
If the administrator used manual TS printer
redirection (which
becomes automatic thereafter) *and* roaming profiles
are
in use on the local PC user account you would see
printers
auto-creating that do not exist on the local machine.
You can check this by opening up regedit on the
*local*
machine while logged on as the user and navigating to
the
following key:
HKCU\Software\Microsoft\Terminal Server
Client\Default\AddIns\RDPDR
Look at each subkey below the above for a REG_BINARY
value
named PrinterCacheData (not AutoPrinterCacheData, that
is different).
If there are keys present for the old printers then go
ahead and
delete them.
When they are logged on to their new workstation do
they see
the old printers in their *local* printers folder?
Please verify
this with the user.
When a user connects to a TS, the Remote Desktop
Client
enumerates the list of locally installed printers and
passes
the list to the TS which attempts to create each one
on the
server (if a matching driver can be found or the
fallback printer
driver is enabled). There is no mechanism for
auto-creating
printers that are not on the local machine *except*
for manual
redirection mentioned above.
One thing that occurs sometimes is that auto-created
printers
may not be removed after the user logs off of the TS.
These
are easy to spot because the session id will not match
the
user's current session id. For example, you see the
user is
logged on using Terminal Services Manager as session
31,
but notice one of their auto-created printers shows
session 56
in its name. These are referred to as "orphaned
printers".
Also keep in mind that printers could be deployed
automatically
to a user and/or machine using Active Directory, logon
script,
etc. If the user has a roaming profile that contained
network
printer connections then they would be on the new
machine as
well.
Please reply back with your findings or more
questions.
Thanks.
-TP
John wrote:
> TP,
>
> The clients are brand new machines with a clean
image. All printers
> are auto created. Local printers have been
installed on the client
> and when TS'd into a server the auto creation
occurs. I am now told
> the users profile is still stored locally on the
old workstation at
> the old location but i wouldn't think this would
have anything to do
> with it. Any ideas?
>
> Thanks,
Top
From: Jeff Pitsch
<Jeff@Jeffpitschconsulting.com>
To:
none
Subject:
Re: User Profiles
Date:
09/25/2007 09:59:14
when you say normal users do you mean their normal
desktop? Read my
article on loopback processing and group policy and
see if that helps.
As well if you could be more specific on what your
trying to do and what
you've done that would help as well.
See this link and Understanding Group POlicy in a TS
environment:
http://www.jeffpitschconsulting.com/downloads.aspx?c=13?
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
Ferbalex wrote:
> Currently running TS where all users load one
application - our business
> system.
> I'm now trying to allocate individual desktops to
certain users but, with a
> Group Policy only suceeded in restricting normal
users to no start button and
> no icons!!
> Im obviously missing the point - could someone
please direct me to a simple
> step by step starter??
Top
From: Ferbalex
<Ferbalex@discussions.microsoft.com>
To:
none
Subject:
Re: User Profiles
Date:
09/26/2007 06:48:01
Thanks Jeff and good article. Having got to the end of
it, I now have the TS
server in its own OU, two policies, machine and users
in the OU, user and
machine disabled where needed, and the loopback enabled.
From here I would
like to have users log onto the server and receive
various different secure
desktops. If I edit the user policy, I would think
that effects all users
logging on. How would I differentiate between them for
different desktops??
Many Thanks for your help -
much appreciated
"Jeff Pitsch" wrote:
> when you say normal users do you mean their
normal desktop? Read my
> article on loopback processing and group policy
and see if that helps.
> As well if you could be more specific on what
your trying to do and what
> you've done that would help as well.
>
> See this link and Understanding Group POlicy in a
TS environment:
>
http://www.jeffpitschconsulting.com/downloads.aspx?c=13?
>
> Jeff Pitsch
> Microsoft MVP - Terminal Server
> Citrix Technology Professional
> Provision Networks VIP
>
> Forums not enough?
> Get support from the experts at your business
> http://jeffpitschconsulting.com
>
> Ferbalex wrote:
> > Currently running TS where all users load
one application - our business
> > system.
> > I'm now trying to allocate individual
desktops to certain users but, with a
> > Group Policy only suceeded in restricting
normal users to no start button and
> > no icons!!
> > Im obviously missing the point - could
someone please direct me to a simple
> > step by step starter??
>
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: User Profiles
Date:
09/26/2007 07:45:27
From
http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirection
Q: How can I configure different TS desktops, based on
user group
membership?
A: There are a number of 3rd party add-ons which can
do this for
you, but it is also possible with native Windows
techniques, using
Group Policies.
Let's assume you have 3 different user groups, which
need different
desktop icons.
1. Create 3 security groups in your AD and populate
them with the
user accounts
2. Create 3 different shared folders on a file server
and populate
the folders with the desktop icons (shortcuts) which
you want the
user groups to see
3. Create 3 different GPOs, linked to the OU which
contains your
Terminal Server computer account (but not the user
accounts!)
4. In each of the GPOs, configure redirection of the
desktop to one
of the custom desktop folders which you created in
step 2. This is
done in User Configuration - Windows Settings - Folder
Redirection
5. Configure each of the GPOs with loopback processing
of the GPO,
with the "Replace" option. This is done in
Computer Configuration -
Administrative Templates - System - Group Policy -
"User Group
Policy loopback processing mode"
6. Configure the security settings on each of the GPOs
so that only
the appropriate user group and the TS machine account
is allowed to
read and apply the GPO
Further reading:
231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
816100 - How To Prevent Domain Group Policies from
Applying to
Administrator Accounts and Selected Users in Windows
Server 2003
http://support.microsoft.com/?kbid=816100
Another way to do this is by using Access Based
Enumeration, which
is a free add-on to Windows Server 2003.
For a detailed example of using ABE, see:
Build a start menu with ABE
http://www.datacrash.net/howtos/howto/build-a-start-menu-with-
abe.html
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
=?Utf-8?B?RmVyYmFsZXg=?=
wrote on 26 sep 2007 in
microsoft.public.windows.terminal_services:
> Thanks Jeff and good article. Having got to the
end of it, I
> now have the TS server in its own OU, two
policies, machine and
> users in the OU, user and machine disabled where
needed, and the
> loopback enabled. From here I would like to have
users log onto
> the server and receive various different secure desktops.
If I
> edit the user policy, I would think that effects
all users
> logging on. How would I differentiate between
them for
> different desktops??
> Many Thanks for your help -
> much appreciated
>
> "Jeff Pitsch" wrote:
>
>> when you say normal users do you mean their
normal desktop?
>> Read my article on loopback processing and
group policy and see
>> if that helps. As well if you could be more
specific on what
>> your trying to do and what you've done that
would help as well.
>>
>> See this link and Understanding Group POlicy
in a TS
>> environment:
>>
http://www.jeffpitschconsulting.com/downloads.aspx?c=13?
>> nload
>>
>> Jeff Pitsch
>> Microsoft MVP - Terminal Server
>> Citrix Technology Professional
>> Provision Networks VIP
>>
>> Forums not enough?
>> Get support from the experts at your business
>> http://jeffpitschconsulting.com
>>
>> Ferbalex wrote:
>> > Currently running TS where all users
load one application -
>> > our business system.
>> > I'm now trying to allocate individual
desktops to certain
>> > users but, with a Group Policy only
suceeded in restricting
>> > normal users to no start button and no
icons!!
>> > Im obviously missing the point - could
someone please direct
>> > me to a simple step by step starter??
Top
From: Ferbalex
<Ferbalex@discussions.microsoft.com>
To:
none
Subject:
Re: User Profiles
Date:
09/26/2007 12:50:07
Hi, this is different from the first suggestion but looked
shorter so gave it
a try.
Created 1 security group in AD the TS Group- put one
user1 in it - created 1
shared folder on the TS server and put shortcut icons
in it, gave TSGroup
access to it - created 1 GPO linked to OU that has TS
Svr in it, no users -
in GPO redircted desktop to the shared folder -
enabled various other
settings - enabled GPO loopback/replace - allowed the
TS Svr and the TS group
in the security filtering.
Logged into the TS Svr via TS client, as user1, 'my
documents' redirected to
Home folder (not specified in the TS settings) but no
other changes take
place, same as logging into the server directly.
Deleted everything and
tried it all again - same result.
Thanks for your help - any ideas would be appreciated
"Vera Noest [MVP]" wrote:
> From
>
http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirection
>
> Q: How can I configure different TS desktops,
based on user group
> membership?
>
> A: There are a number of 3rd party add-ons which
can do this for
> you, but it is also possible with native Windows
techniques, using
> Group Policies.
>
> Let's assume you have 3 different user groups,
which need different
> desktop icons.
>
> 1. Create 3 security groups in your AD and
populate them with the
> user accounts
> 2. Create 3 different shared folders on a file
server and populate
> the folders with the desktop icons (shortcuts)
which you want the
> user groups to see
> 3. Create 3 different GPOs, linked to the OU
which contains your
> Terminal Server computer account (but not the
user accounts!)
> 4. In each of the GPOs, configure redirection of
the desktop to one
> of the custom desktop folders which you created
in step 2. This is
> done in User Configuration - Windows Settings -
Folder Redirection
> 5. Configure each of the GPOs with loopback
processing of the GPO,
> with the "Replace" option. This is done
in Computer Configuration -
> Administrative Templates - System - Group Policy
- "User Group
> Policy loopback processing mode"
> 6. Configure the security settings on each of the
GPOs so that only
> the appropriate user group and the TS machine
account is allowed to
> read and apply the GPO
>
> Further reading:
>
> 231287 - Loopback Processing of Group Policy
> http://support.microsoft.com/?kbid=231287
>
> 816100 - How To Prevent Domain Group Policies
from Applying to
> Administrator Accounts and Selected Users in
Windows Server 2003
> http://support.microsoft.com/?kbid=816100
>
> Another way to do this is by using Access Based
Enumeration, which
> is a free add-on to Windows Server 2003.
> For a detailed example of using ABE, see:
>
> Build a start menu with ABE
>
http://www.datacrash.net/howtos/howto/build-a-start-menu-with-
> abe.html
>
>
_________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private
email ___
>
> =?Utf-8?B?RmVyYmFsZXg=?=
> wrote on 26 sep 2007 in
> microsoft.public.windows.terminal_services:
>
> > Thanks Jeff and good article. Having got to
the end of it, I
> > now have the TS server in its own OU, two
policies, machine and
> > users in the OU, user and machine disabled
where needed, and the
> > loopback enabled. From here I would like to
have users log onto
> > the server and receive various different
secure desktops. If I
> > edit the user policy, I would think that
effects all users
> > logging on. How would I differentiate
between them for
> > different desktops??
> > Many Thanks for your help -
> > much appreciated
> >
> > "Jeff Pitsch" wrote:
> >
> >> when you say normal users do you mean
their normal desktop?
> >> Read my article on loopback processing
and group policy and see
> >> if that helps. As well if you could be
more specific on what
> >> your trying to do and what you've done
that would help as well.
> >>
> >> See this link and Understanding Group
POlicy in a TS
> >> environment:
> >>
http://www.jeffpitschconsulting.com/downloads.aspx?c=13?
> >> nload
> >>
> >> Jeff Pitsch
> >> Microsoft MVP - Terminal Server
> >> Citrix Technology Professional
> >> Provision Networks VIP
> >>
> >> Forums not enough?
> >> Get support from the experts at your
business
> >> http://jeffpitschconsulting.com
> >>
> >> Ferbalex wrote:
> >> > Currently running TS where all
users load one application -
> >> > our business system.
> >> > I'm now trying to allocate
individual desktops to certain
> >> > users but, with a Group Policy only
suceeded in restricting
> >> > normal users to no start button and
no icons!!
> >> > Im obviously missing the point -
could someone please direct
> >> > me to a simple step by step
starter??
>
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: User Profiles
Date:
09/26/2007 15:01:03
Since your new GPO settings don't work, and you still
see the
effects of another GPO (redirection of My Documents),
maybe all you
have to do is to run "gpupdate" on the
Terminal Server, in a
command window.
If that doesn't help, use Resultant Set of Policies (RSoP)
to see
which GPOs affect user1 on the TS.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
=?Utf-8?B?RmVyYmFsZXg=?=
wrote on 26 sep 2007 in
microsoft.public.windows.terminal_services:
> Hi, this is different from the first suggestion
but looked
> shorter so gave it a try.
>
> Created 1 security group in AD the TS Group- put
one user1 in it
> - created 1 shared folder on the TS server and
put shortcut
> icons in it, gave TSGroup access to it - created
1 GPO linked to
> OU that has TS Svr in it, no users - in GPO
redircted desktop to
> the shared folder - enabled various other
settings - enabled GPO
> loopback/replace - allowed the TS Svr and the TS
group in the
> security filtering.
>
> Logged into the TS Svr via TS client, as user1,
'my documents'
> redirected to Home folder (not specified in the
TS settings) but
> no other changes take place, same as logging into
the server
> directly. Deleted everything and tried it all
again - same
> result.
>
> Thanks for your help - any ideas would be
appreciated
>
>
> "Vera Noest [MVP]" wrote:
>
>> From
>>
http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirect
>> ion
>>
>> Q: How can I configure different TS desktops,
based on user
>> group membership?
>>
>> A: There are a number of 3rd party add-ons
which can do this
>> for you, but it is also possible with native
Windows
>> techniques, using Group Policies.
>>
>> Let's assume you have 3 different user
groups, which need
>> different desktop icons.
>>
>> 1. Create 3 security groups in your AD and
populate them with
>> the user accounts
>> 2. Create 3 different shared folders on a
file server and
>> populate the folders with the desktop icons
(shortcuts) which
>> you want the user groups to see
>> 3. Create 3 different GPOs, linked to the OU
which contains
>> your Terminal Server computer account (but
not the user
>> accounts!) 4. In each of the GPOs, configure
redirection of the
>> desktop to one of the custom desktop folders
which you created
>> in step 2. This is done in User Configuration
- Windows
>> Settings - Folder Redirection 5. Configure
each of the GPOs
>> with loopback processing of the GPO, with the
"Replace" option.
>> This is done in Computer Configuration -
Administrative
>> Templates - System - Group Policy -
"User Group Policy loopback
>> processing mode" 6. Configure the
security settings on each of
>> the GPOs so that only the appropriate user
group and the TS
>> machine account is allowed to read and apply
the GPO
>>
>> Further reading:
>>
>> 231287 - Loopback Processing of Group Policy
>> http://support.microsoft.com/?kbid=231287
>>
>> 816100 - How To Prevent Domain Group Policies
from Applying to
>> Administrator Accounts and Selected Users in
Windows Server
>> 2003
http://support.microsoft.com/?kbid=816100
>>
>> Another way to do this is by using Access
Based Enumeration,
>> which is a free add-on to Windows Server
2003.
>> For a detailed example of using ABE, see:
>>
>> Build a start menu with ABE
>>
http://www.datacrash.net/howtos/howto/build-a-start-menu-with-
>> abe.html
>>
>>
_________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by
private email ___
>>
>> =?Utf-8?B?RmVyYmFsZXg=?=
>> wrote on 26 sep 2007 in
>> microsoft.public.windows.terminal_services:
>>
>> > Thanks Jeff and good article. Having got
to the end of it, I
>> > now have the TS server in its own OU,
two policies, machine
>> > and users in the OU, user and machine
disabled where needed,
>> > and the loopback enabled. From here I
would like to have
>> > users log onto the server and receive
various different
>> > secure desktops. If I edit the user
policy, I would think
>> > that effects all users logging on. How
would I differentiate
>> > between them for different desktops??
>> > Many Thanks for your help -
>> > much appreciated
>> >
>> > "Jeff Pitsch" wrote:
>> >
>> >> when you say normal users do you
mean their normal desktop?
>> >> Read my article on loopback
processing and group policy and
>> >> see if that helps. As well if you
could be more specific on
>> >> what your trying to do and what
you've done that would help
>> >> as well.
>> >>
>> >> See this link and Understanding
Group POlicy in a TS
>> >> environment:
>> >>
http://www.jeffpitschconsulting.com/downloads.aspx?c=13?
>> >> dow nload
>> >>
>> >> Jeff Pitsch
>> >> Microsoft MVP - Terminal Server
>> >> Citrix Technology Professional
>> >> Provision Networks VIP
>> >>
>> >> Forums not enough?
>> >> Get support from the experts at your
business
>> >> http://jeffpitschconsulting.com
>> >>
>> >> Ferbalex wrote:
>> >> > Currently running TS where all
users load one application
>> >> > - our business system.
>> >> > I'm now trying to allocate
individual desktops to certain
>> >> > users but, with a Group Policy
only suceeded in
>> >> > restricting normal users to no
start button and no icons!!
>> >> > Im obviously missing the point
- could someone please
>> >> > direct me to a simple step by
step starter??
Top
From: Ferbalex
<Ferbalex@discussions.microsoft.com>
To:
none
Subject:
Re: User Profiles
Date:
09/27/2007 09:35:01
Thank you very much, it worked great. Just one thing,
I have disabled
evrything I can find in the GPOE but cant restrict the
start button, My
Computer in the start menu, or Printers and Faxes in
the start menu. Is it
not possible to restrict these? In My Computer users
still have access to
System Task and Other Places? I also have two icons
appearing from the
Default Domain Policy. Is it possible to restrict this
without editing the
domain policy? Windows Server 2003. Thanks again for
your great advice.
"Vera Noest [MVP]" wrote:
> Since your new GPO settings don't work, and you
still see the
> effects of another GPO (redirection of My
Documents), maybe all you
> have to do is to run "gpupdate" on the
Terminal Server, in a
> command window.
> If that doesn't help, use Resultant Set of
Policies (RSoP) to see
> which GPOs affect user1 on the TS.
>
_________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private
email ___
>
> =?Utf-8?B?RmVyYmFsZXg=?=
> wrote on 26 sep 2007 in
> microsoft.public.windows.terminal_services:
>
> > Hi, this is different from the first
suggestion but looked
> > shorter so gave it a try.
> >
> > Created 1 security group in AD the TS Group-
put one user1 in it
> > - created 1 shared folder on the TS server
and put shortcut
> > icons in it, gave TSGroup access to it -
created 1 GPO linked to
> > OU that has TS Svr in it, no users - in GPO
redircted desktop to
> > the shared folder - enabled various other
settings - enabled GPO
> > loopback/replace - allowed the TS Svr and
the TS group in the
> > security filtering.
> >
> > Logged into the TS Svr via TS client, as
user1, 'my documents'
> > redirected to Home folder (not specified in
the TS settings) but
> > no other changes take place, same as logging
into the server
> > directly. Deleted everything and tried it
all again - same
> > result.
> >
> > Thanks for your help - any ideas would be
appreciated
> >
> >
> > "Vera Noest [MVP]" wrote:
> >
> >> From
> >>
http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirect
> >> ion
> >>
> >> Q: How can I configure different TS
desktops, based on user
> >> group membership?
> >>
> >> A: There are a number of 3rd party
add-ons which can do this
> >> for you, but it is also possible with
native Windows
> >> techniques, using Group Policies.
> >>
> >> Let's assume you have 3 different user
groups, which need
> >> different desktop icons.
> >>
> >> 1. Create 3 security groups in your AD
and populate them with
> >> the user accounts
> >> 2. Create 3 different shared folders on
a file server and
> >> populate the folders with the desktop
icons (shortcuts) which
> >> you want the user groups to see
> >> 3. Create 3 different GPOs, linked to
the OU which contains
> >> your Terminal Server computer account
(but not the user
> >> accounts!) 4. In each of the GPOs,
configure redirection of the
> >> desktop to one of the custom desktop
folders which you created
> >> in step 2. This is done in User
Configuration - Windows
> >> Settings - Folder Redirection 5.
Configure each of the GPOs
> >> with loopback processing of the GPO,
with the "Replace" option.
> >> This is done in Computer Configuration -
Administrative
> >> Templates - System - Group Policy -
"User Group Policy loopback
> >> processing mode" 6. Configure the
security settings on each of
> >> the GPOs so that only the appropriate
user group and the TS
> >> machine account is allowed to read and
apply the GPO
> >>
> >> Further reading:
> >>
> >> 231287 - Loopback Processing of Group
Policy
> >>
http://support.microsoft.com/?kbid=231287
> >>
> >> 816100 - How To Prevent Domain Group
Policies from Applying to
> >> Administrator Accounts and Selected
Users in Windows Server
> >> 2003
http://support.microsoft.com/?kbid=816100
> >>
> >> Another way to do this is by using
Access Based Enumeration,
> >> which is a free add-on to Windows Server
2003.
> >> For a detailed example of using ABE,
see:
> >>
> >> Build a start menu with ABE
> >>
http://www.datacrash.net/howtos/howto/build-a-start-menu-with-
> >> abe.html
> >>
> >> _________________________________________________________
> >> Vera Noest
> >> MCSE, CCEA, Microsoft MVP - Terminal
Server
> >> TS troubleshooting:
http://ts.veranoest.net
> >> ___ please respond in newsgroup, NOT by
private email ___
> >>
> >> =?Utf-8?B?RmVyYmFsZXg=?=
> >> wrote on 26 sep 2007 in
> >>
microsoft.public.windows.terminal_services:
> >>
> >> > Thanks Jeff and good article.
Having got to the end of it, I
> >> > now have the TS server in its own
OU, two policies, machine
> >> > and users in the OU, user and
machine disabled where needed,
> >> > and the loopback enabled. From here
I would like to have
> >> > users log onto the server and
receive various different
> >> > secure desktops. If I edit the user
policy, I would think
> >> > that effects all users logging on.
How would I differentiate
> >> > between them for different
desktops??
> >> > Many Thanks for your help -
> >> > much appreciated
> >> >
> >> > "Jeff Pitsch" wrote:
> >> >
> >> >> when you say normal users do
you mean their normal desktop?
> >> >> Read my article on loopback
processing and group policy and
> >> >> see if that helps. As well if
you could be more specific on
> >> >> what your trying to do and what
you've done that would help
> >> >> as well.
> >> >>
> >> >> See this link and Understanding
Group POlicy in a TS
> >> >> environment:
> >> >>
http://www.jeffpitschconsulting.com/downloads.aspx?c=13?
> >> >> dow nload
> >> >>
> >> >> Jeff Pitsch
> >> >> Microsoft MVP - Terminal Server
> >> >> Citrix Technology Professional
> >> >> Provision Networks VIP
> >> >>
> >> >> Forums not enough?
> >> >> Get support from the experts at
your business
> >> >> http://jeffpitschconsulting.com
> >> >>
> >> >> Ferbalex wrote:
> >> >> > Currently running TS where
all users load one application
> >> >> > - our business system.
> >> >> > I'm now trying to allocate
individual desktops to certain
> >> >> > users but, with a Group
Policy only suceeded in
> >> >> > restricting normal users
to no start button and no icons!!
> >> >> > Im obviously missing the
point - could someone please
> >> >> > direct me to a simple step
by step starter??
>
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: User Profiles
Date:
09/27/2007 15:02:44
You can use Folder redirection for the Start Menu,
exactly in the
same way as you used Folder redirection for the
Desktop.
Also make sure that you delete unwanted shortcuts from
the C:
\Documents and Settings\All Users\Start Menu on the
Terminal
Server.
Exactly what icons are you getting from the Default
Domain Policy,
and in which GPO setting are they defined?
Have you tried "undoing" them by configuring
the same setting in
your GPO with a value of "Disabled"?
You could block policy inheritance, but that's
normally not a good
idea. A Default Domain Policy should only contain
settings which
*must* be configured for the whole domain. If that's
not true, the
setting is configured at the wrong level.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
=?Utf-8?B?RmVyYmFsZXg=?=
wrote on 27 sep 2007 in
microsoft.public.windows.terminal_services:
> Thank you very much, it worked great. Just one
thing, I have
> disabled evrything I can find in the GPOE but
cant restrict the
> start button, My Computer in the start menu, or
Printers and
> Faxes in the start menu. Is it not possible to
restrict these?
> In My Computer users still have access to System
Task and Other
> Places? I also have two icons appearing from the
Default Domain
> Policy. Is it possible to restrict this without
editing the
> domain policy? Windows Server 2003. Thanks again
for your great
> advice.
>
>
>
> "Vera Noest [MVP]" wrote:
>
>> Since your new GPO settings don't work, and
you still see the
>> effects of another GPO (redirection of My
Documents), maybe all
>> you have to do is to run "gpupdate"
on the Terminal Server, in
>> a command window.
>> If that doesn't help, use Resultant Set of
Policies (RSoP) to
>> see which GPOs affect user1 on the TS.
>>
_________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by
private email ___
>>
>> =?Utf-8?B?RmVyYmFsZXg=?=
>> wrote on 26 sep 2007 in
>> microsoft.public.windows.terminal_services:
>>
>> > Hi, this is different from the first
suggestion but looked
>> > shorter so gave it a try.
>> >
>> > Created 1 security group in AD the TS
Group- put one user1 in
>> > it - created 1 shared folder on the TS
server and put
>> > shortcut icons in it, gave TSGroup
access to it - created 1
>> > GPO linked to OU that has TS Svr in it,
no users - in GPO
>> > redircted desktop to the shared folder -
enabled various
>> > other settings - enabled GPO
loopback/replace - allowed the
>> > TS Svr and the TS group in the security
filtering.
>> >
>> > Logged into the TS Svr via TS client, as
user1, 'my
>> > documents' redirected to Home folder
(not specified in the TS
>> > settings) but no other changes take
place, same as logging
>> > into the server directly. Deleted
everything and tried it
>> > all again - same result.
>> >
>> > Thanks for your help - any ideas would
be appreciated
>> >
>> >
>> > "Vera Noest [MVP]" wrote:
>> >
>> >> From
>> >>
http://ts.veranoest.net/ts_faq_configuration.htm#desktopredir
>> >> ect ion
>> >>
>> >> Q: How can I configure different TS
desktops, based on user
>> >> group membership?
>> >>
>> >> A: There are a number of 3rd party
add-ons which can do this
>> >> for you, but it is also possible
with native Windows
>> >> techniques, using Group Policies.
>> >>
>> >> Let's assume you have 3 different
user groups, which need
>> >> different desktop icons.
>> >>
>> >> 1. Create 3 security groups in your
AD and populate them
>> >> with the user accounts
>> >> 2. Create 3 different shared folders
on a file server and
>> >> populate the folders with the
desktop icons (shortcuts)
>> >> which you want the user groups to
see
>> >> 3. Create 3 different GPOs, linked
to the OU which contains
>> >> your Terminal Server computer
account (but not the user
>> >> accounts!) 4. In each of the GPOs,
configure redirection of
>> >> the desktop to one of the custom
desktop folders which you
>> >> created in step 2. This is done in
User Configuration -
>> >> Windows Settings - Folder
Redirection 5. Configure each of
>> >> the GPOs with loopback processing of
the GPO, with the
>> >> "Replace" option. This is
done in Computer Configuration -
>> >> Administrative Templates - System -
Group Policy - "User
>> >> Group Policy loopback processing
mode" 6. Configure the
>> >> security settings on each of the
GPOs so that only the
>> >> appropriate user group and the TS
machine account is allowed
>> >> to read and apply the GPO
>> >>
>> >> Further reading:
>> >>
>> >> 231287 - Loopback Processing of
Group Policy
>> >>
http://support.microsoft.com/?kbid=231287
>> >>
>> >> 816100 - How To Prevent Domain Group
Policies from Applying
>> >> to Administrator Accounts and
Selected Users in Windows
>> >> Server 2003
http://support.microsoft.com/?kbid=816100
>> >>
>> >> Another way to do this is by using
Access Based Enumeration,
>> >> which is a free add-on to Windows
Server 2003.
>> >> For a detailed example of using ABE,
see:
>> >>
>> >> Build a start menu with ABE
>> >>
http://www.datacrash.net/howtos/howto/build-a-start-menu-with
>> >> - abe.html
>> >>
>> >>
_________________________________________________________
>> >> Vera Noest
>> >> MCSE, CCEA, Microsoft MVP - Terminal
Server
>> >> TS troubleshooting:
http://ts.veranoest.net
>> >> ___ please respond in newsgroup, NOT
by private email ___
>> >>
>> >> =?Utf-8?B?RmVyYmFsZXg=?=
>> >> wrote on 26 sep 2007 in
>> >> microsoft.public.windows.terminal_services:
>> >>
>> >> > Thanks Jeff and good article.
Having got to the end of
>> >> > it, I now have the TS server in
its own OU, two policies,
>> >> > machine and users in the OU,
user and machine disabled
>> >> > where needed, and the loopback
enabled. From here I would
>> >> > like to have users log onto the
server and receive various
>> >> > different secure desktops. If I
edit the user policy, I
>> >> > would think that effects all
users logging on. How would
>> >> > I differentiate between them
for different desktops??
>> >> > Many Thanks for your help -
>> >> > much appreciated
>> >> >
>> >> > "Jeff Pitsch" wrote:
>> >> >
>> >> >> when you say normal users
do you mean their normal
>> >> >> desktop? Read my article on
loopback processing and group
>> >> >> policy and see if that
helps. As well if you could be
>> >> >> more specific on what your
trying to do and what you've
>> >> >> done that would help as
well.
>> >> >>
>> >> >> See this link and
Understanding Group POlicy in a TS
>> >> >> environment:
>> >> >>
http://www.jeffpitschconsulting.com/downloads.aspx?c=13?
>> >> >> pe= dow nload
>> >> >>
>> >> >> Jeff Pitsch
>> >> >> Microsoft MVP - Terminal
Server
>> >> >> Citrix Technology
Professional
>> >> >> Provision Networks VIP
>> >> >>
>> >> >> Forums not enough?
>> >> >> Get support from the
experts at your business
>> >> >>
http://jeffpitschconsulting.com
>> >> >>
>> >> >> Ferbalex wrote:
>> >> >> > Currently running TS
where all users load one
>> >> >> > application - our business
system.
>> >> >> > I'm now trying to
allocate individual desktops to
>> >> >> > certain users but,
with a Group Policy only suceeded in
>> >> >> > restricting normal
users to no start button and no
>> >> >> > icons!! Im obviously
missing the point - could someone
>> >> >> > please direct me to a
simple step by step starter??
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: Upgrading Windows 2000 Terminal Server to Windows 2003
Terminal Se
Date:
09/25/2007 13:17:59
I'm not sure what you mean.
Can it be that you are referring to the licenses in
the TS Licensing
Manager?
They will not be upgraded. You will need to nuy a 2003
TS license for
every client or user who connects to the 2003 Terminal
Server.
The licenses which are present in both a W2K and a
2003 TS Licensing
Server with Amount: Unlimited are "Existing
Windows 2000 Per Device
licenses". These licenses are issued for free to
W2K Pro and XP Pro
clients when they connect to a *W2K* Terminal Server.
A 2003 TS
requires purchased TS CALs.
Does this answer your question? If not, please explain
in some more
detail what it is that you want.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
=?Utf-8?B?TUo=?= wrote on 25 sep
2007 in microsoft.public.windows.terminal_services:
> I had a Windows 2000 Server with unlimited
Terminal Service
> Connections. After installing the Windows 2003
Standard Server,
> the Windows 2000 Terminal Server was inherited by
the new
> operational system. How do I get the server to
reflect that I
> am upgrading to Windows 2003 Terminal Services?
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: Updating status - REMOTE INTERACTIVE LOGON vs. INTERACTIVE
Date:
09/24/2007 12:50:20
There is no built-in way to have XP automatically
update
the user's security token because of a session state
change.
I imagine you could program something yourself but it
would
be non-trivial.
What specific resources/objects are you attempting to
secure
based on console versus RDP? Perhaps I can think of
another
way to accomplish your goal.
-TP
oldemusicke@gmail.com wrote:
> XP sp2 assigns you to the special groups REMOTE INTERACTIVE
LOGON or
> INTERACTIVE (etc.) only at logon. Is there any
way to get Remote
> Desktop or a session unlock to update this group
assignment?
>
> Situation 1: You log in at the console. As
expected, you're now part
> of the special INTERACTIVE group. You lock the
session (ctrl-alt-del,
> Lock Workstation). Later, you connect via Remote
Desktop. This gives
> you the existing session. Even though you're now
in a remote session,
> you're still part of INTERACTIVE, and not part of
REMOTE INTERACTIVE
> LOGON (confirmed by whoami /groups).
>
> Situation 2: The console isn't logged in. You
start a Remote Desktop
> session. As expected, you're now part of the
special REMOTE
> INTERACTIVE LOGON. Next, you disconnect (as
opposed to logging out).
> Later, you visit the console and unlock the
session. Even though
> you're now logged in at the console, you're still
in REMOTE
> INTERACTIVE LOGON, but not INTERACTIVE (confirmed
by whoami /groups).
>
> If Remote Desktop Connection or the session
unlock would re-assess
> membership in these special groups, it would move
you between
> INTERACTIVE and REMOTE INTERACTIVE LOGON as
appropriate, but
> apparently this assessment happens only once at
logon.
>
> Goal: Allow non-admin users to use Remote Desktop
Connection, but make
> certain resources accessible only at the console,
not over a remote
> connection. An ACL entry denying all access to
REMOTE INTERACTIVE
> LOGON seemed like the way to go, until we
discovered that it reflected
> conditions of the initial logon, not conditions
at the moment.
>
> Session timeouts don't really solve the problem,
by the way. One,
> they'd shrink the window of opportunity but
otherwise wouldn't solve
> the problem. Two, any arbitrary ending of
sessions affects the people
> who are working normally too (in INTERACTIVE when
they're really
> interactive, and in REMOTE INTERACTIVE LOGON when
they're really a
> remote interactive logon).
>
> Thanks.
Top
From: oldemusicke@gmail.com
To:
none
Subject:
Re: Updating status - REMOTE INTERACTIVE LOGON vs. INTERACTIVE
Date:
09/24/2007 13:14:46
The other catch with programming something ourselves
is that it
probably needs to be privileged, which means it'll probably
have to
run as a service (vs. an app executed by a
non-privileged user).
Kernel-touching apps are also the apps most likely to
break each time
you update Windows.
We want to secure the full contents of a particular
local drive
against remote access. The intended approach had been
to add to the
ACL for the root folder of that volume with a Deny for
REMOTE
INTERACTIVE LOGON.
One workaround we'd rather avoid is to give each
person two usernames,
one that's a member of Remote Desktop Users but that
has no access to
the restricted drive (denied by ACL), and one that has
access to the
restricted drive but isn't in Remote Desktop Users. We
want to avoid
that approach because it requires users to remember
two passwords
instead of one, to switch personas each time they
change what they're
working on, etc.
We want to keep the user hassles to a minimum because
the bigger the
hassle, the more likely it is that users will bypass
the security
setup for the sake of convenience. They're basically
trusted
individuals, but people are still people. We want the
right thing to
be easier to do than the wrong thing.
On Sep 24, 1:50 pm, "TP" wrote:
> There is no built-in way to have XP automatically
update
> the user's security token because of a session
state change.
> I imagine you could program something yourself
but it would
> be non-trivial.
>
> What specific resources/objects are you
attempting to secure
> based on console versus RDP? Perhaps I can think
of another
> way to accomplish your goal.
>
> -TP
>
>
>
> oldemusi...@gmail.com wrote:
> > XP sp2 assigns you to the special groups
REMOTE INTERACTIVE LOGON or
> > INTERACTIVE (etc.) only at logon. Is there
any way to get Remote
> > Desktop or a session unlock to update this
group assignment?
>
> > Situation 1: You log in at the console. As
expected, you're now part
> > of the special INTERACTIVE group. You lock
the session (ctrl-alt-del,
> > Lock Workstation). Later, you connect via
Remote Desktop. This gives
> > you the existing session. Even though you're
now in a remote session,
> > you're still part of INTERACTIVE, and not
part of REMOTE INTERACTIVE
> > LOGON (confirmed by whoami /groups).
>
> > Situation 2: The console isn't logged in.
You start a Remote Desktop
> > session. As expected, you're now part of the
special REMOTE
> > INTERACTIVE LOGON. Next, you disconnect (as
opposed to logging out).
> > Later, you visit the console and unlock the
session. Even though
> > you're now logged in at the console, you're
still in REMOTE
> > INTERACTIVE LOGON, but not INTERACTIVE
(confirmed by whoami /groups).
>
> > If Remote Desktop Connection or the session
unlock would re-assess
> > membership in these special groups, it would
move you between
> > INTERACTIVE and REMOTE INTERACTIVE LOGON as
appropriate, but
> > apparently this assessment happens only once
at logon.
>
> > Goal: Allow non-admin users to use Remote
Desktop Connection, but make
> > certain resources accessible only at the
console, not over a remote
> > connection. An ACL entry denying all access
to REMOTE INTERACTIVE
> > LOGON seemed like the way to go, until we
discovered that it reflected
> > conditions of the initial logon, not
conditions at the moment.
>
> > Session timeouts don't really solve the
problem, by the way. One,
> > they'd shrink the window of opportunity but
otherwise wouldn't solve
> > the problem. Two, any arbitrary ending of
sessions affects the people
> > who are working normally too (in INTERACTIVE
when they're really
> > interactive, and in REMOTE INTERACTIVE LOGON
when they're really a
> > remote interactive logon).
>
> > Thanks.- Hide quoted text -
>
> - Show quoted text -
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: Unable to log into Server
Date:
09/20/2007 14:21:33
Are you sharing your user account with someone else,
like several
persons using the same Administrator account? Sounds
like the screen
saver has kicked in when you take over a disconnected
session.
Disable the screen saver on the TS.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
=?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
wrote on 20 sep 2007 in
microsoft.public.windows.terminal_services:
> Hi Everyone,
>
> When I log into the server I am confronted with a
black screen
> and I cannot proceed. This usually happens when
someone RDP
> into the server and forgot to log off. Is there a
way to allow
> me to log in without having to restart the
server?
>
> Thank you,
> D
Top
From: Derek Da Silva
<DerekDaSilva@discussions.microsoft.com>
To:
none
Subject:
Re: Unable to log into Server
Date:
09/20/2007 16:20:01
Yes- I share the admin account with other users. How
do I disable the ssaver
under TS? Is there a way I can log on and get to the
server without
rebooting it?
Thanks,
D
"Vera Noest [MVP]" wrote:
> Are you sharing your user account with someone
else, like several
> persons using the same Administrator account?
Sounds like the screen
> saver has kicked in when you take over a
disconnected session.
>
> Disable the screen saver on the TS.
>
_________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private
email ___
>
> =?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
> wrote on 20 sep 2007 in
> microsoft.public.windows.terminal_services:
>
> > Hi Everyone,
> >
> > When I log into the server I am confronted
with a black screen
> > and I cannot proceed. This usually happens
when someone RDP
> > into the server and forgot to log off. Is
there a way to allow
> > me to log in without having to restart the
server?
> >
> > Thank you,
> > D
>
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: Unable to log into Server
Date:
09/20/2007 16:47:13
You can disable the screen saver with a GPO:
User Configuration - Administrative templates -
Control Panel -
Display
"Screen saver"
Since it's a user setting, you also need to configure
loopback
processing in the same GPO:
Computer Configuration - Administrative Templates -
System - Group
Policy
"User Group Policy loopback processing mode"
- "Replace"
Do you have access to the physical console of the
server?
Can you connect to the console session (with mstsc
/console)?
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
=?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
wrote on 20 sep 2007 in
microsoft.public.windows.terminal_services:
> Yes- I share the admin account with other users.
How do I
> disable the ssaver under TS? Is there a way I can
log on and
> get to the server without rebooting it?
>
> Thanks,
> D
>
> "Vera Noest [MVP]" wrote:
>
>> Are you sharing your user account with
someone else, like
>> several persons using the same Administrator
account? Sounds
>> like the screen saver has kicked in when you
take over a
>> disconnected session.
>>
>> Disable the screen saver on the TS.
>>
_________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by
private email ___
>>
>> =?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
>> wrote on 20 sep 2007
>> in
microsoft.public.windows.terminal_services:
>>
>> > Hi Everyone,
>> >
>> > When I log into the server I am
confronted with a black
>> > screen and I cannot proceed. This
usually happens when
>> > someone RDP into the server and forgot
to log off. Is there
>> > a way to allow me to log in without
having to restart the
>> > server?
>> >
>> > Thank you,
>> > D
Top
From: Derek Da Silva
<DerekDaSilva@discussions.microsoft.com>
To:
none
Subject:
Re: Unable to log into Server
Date:
09/20/2007 16:58:02
Hi Vera,
I can access the server via a KVM over IP (as if I am
physically infront of
the server). I attempted to connect to the server use
mstsc /console /v:IP#
I get a grey screen after entering the server.
Thank you for getting back to me so quickly- I
appreciate it alot.
Thank you,
D
"Vera Noest [MVP]" wrote:
> You can disable the screen saver with a GPO:
>
> User Configuration - Administrative templates -
Control Panel -
> Display
> "Screen saver"
>
> Since it's a user setting, you also need to
configure loopback
> processing in the same GPO:
>
> Computer Configuration - Administrative Templates
- System - Group
> Policy
> "User Group Policy loopback processing
mode" - "Replace"
>
> Do you have access to the physical console of the
server?
> Can you connect to the console session (with
mstsc /console)?
>
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private
email ___
>
> =?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
> wrote on 20 sep 2007 in
> microsoft.public.windows.terminal_services:
>
> > Yes- I share the admin account with other
users. How do I
> > disable the ssaver under TS? Is there a way
I can log on and
> > get to the server without rebooting it?
> >
> > Thanks,
> > D
> >
> > "Vera Noest [MVP]" wrote:
> >
> >> Are you sharing your user account with
someone else, like
> >> several persons using the same
Administrator account? Sounds
> >> like the screen saver has kicked in when
you take over a
> >> disconnected session.
> >>
> >> Disable the screen saver on the TS.
> >>
_________________________________________________________
> >> Vera Noest
> >> MCSE, CCEA, Microsoft MVP - Terminal
Server
> >> TS troubleshooting:
http://ts.veranoest.net
> >> ___ please respond in newsgroup, NOT by
private email ___
> >>
> >> =?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
> >> wrote on 20 sep 2007
> >> in
microsoft.public.windows.terminal_services:
> >>
> >> > Hi Everyone,
> >> >
> >> > When I log into the server I am confronted
with a black
> >> > screen and I cannot proceed. This
usually happens when
> >> > someone RDP into the server and
forgot to log off. Is there
> >> > a way to allow me to log in without
having to restart the
> >> > server?
> >> >
> >> > Thank you,
> >> > D
>
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: Unable to log into Server
Date:
09/21/2007 14:02:33
Then it seems that there's something else going on
than just the
normal screen saver.
Is the server functioning as it should in all other
respects?
Are there any warnings or errors in the EventLog?
When you run Terminal Services Manager from another
server, can you
connect to this server and check if there are any
disconnected or
"down" sessions? If there are, does the
problem go away when you
kill these sessions?
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
=?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
wrote on 20 sep 2007 in
microsoft.public.windows.terminal_services:
> Hi Vera,
>
> I can access the server via a KVM over IP (as if
I am physically
> infront of the server). I attempted to connect to
the server
> use mstsc /console /v:IP# I get a grey screen
after entering the
> server.
>
> Thank you for getting back to me so quickly- I appreciate
it
> alot.
>
> Thank you,
> D
>
>
> "Vera Noest [MVP]" wrote:
>
>> You can disable the screen saver with a GPO:
>>
>> User Configuration - Administrative templates
- Control Panel -
>> Display
>> "Screen saver"
>>
>> Since it's a user setting, you also need to
configure loopback
>> processing in the same GPO:
>>
>> Computer Configuration - Administrative
Templates - System -
>> Group Policy
>> "User Group Policy loopback processing
mode" - "Replace"
>>
>> Do you have access to the physical console of
the server?
>> Can you connect to the console session (with
mstsc /console)?
>>
>>
_________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by
private email ___
>>
>> =?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
>> wrote on 20 sep 2007
>> in
microsoft.public.windows.terminal_services:
>>
>> > Yes- I share the admin account with
other users. How do I
>> > disable the ssaver under TS? Is there a
way I can log on and
>> > get to the server without rebooting it?
>> >
>> > Thanks,
>> > D
>> >
>> > "Vera Noest [MVP]" wrote:
>> >
>> >> Are you sharing your user account
with someone else, like
>> >> several persons using the same
Administrator account? Sounds
>> >> like the screen saver has kicked in
when you take over a
>> >> disconnected session.
>> >>
>> >> Disable the screen saver on the TS.
>> >>
_________________________________________________________
>> >> Vera Noest
>> >> MCSE, CCEA, Microsoft MVP - Terminal
Server
>> >> TS troubleshooting:
http://ts.veranoest.net
>> >> ___ please respond in newsgroup, NOT
by private email ___
>> >>
>> >> =?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
>> >> wrote on 20 sep
>> >> 2007 in
microsoft.public.windows.terminal_services:
>> >>
>> >> > Hi Everyone,
>> >> >
>> >> > When I log into the server I am
confronted with a black
>> >> > screen and I cannot proceed.
This usually happens when
>> >> > someone RDP into the server and
forgot to log off. Is
>> >> > there a way to allow me to log
in without having to
>> >> > restart the server?
>> >> >
>> >> > Thank you,
>> >> > D
Top
From: Derek Da Silva
<DerekDaSilva@discussions.microsoft.com>
To:
none
Subject:
Re: Unable to log into Server
Date:
09/21/2007 14:16:02
Hi Vera,
The server (file server) is still runnning like there
is no problems. I am
unable to view the event log because I cannot sign in.
Under Terminal
Services Manager, I have connected to the server and I
do not see any
connections.
Thank you,
D
"Vera Noest [MVP]" wrote:
> Then it seems that there's something else going
on than just the
> normal screen saver.
> Is the server functioning as it should in all
other respects?
> Are there any warnings or errors in the EventLog?
> When you run Terminal Services Manager from
another server, can you
> connect to this server and check if there are any
disconnected or
> "down" sessions? If there are, does the
problem go away when you
> kill these sessions?
>
_________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private
email ___
>
> =?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
> wrote on 20 sep 2007 in
> microsoft.public.windows.terminal_services:
>
> > Hi Vera,
> >
> > I can access the server via a KVM over IP
(as if I am physically
> > infront of the server). I attempted to
connect to the server
> > use mstsc /console /v:IP# I get a grey
screen after entering the
> > server.
> >
> > Thank you for getting back to me so quickly-
I appreciate it
> > alot.
> >
> > Thank you,
> > D
> >
> >
> > "Vera Noest [MVP]" wrote:
> >
> >> You can disable the screen saver with a
GPO:
> >>
> >> User Configuration - Administrative
templates - Control Panel -
> >> Display
> >> "Screen saver"
> >>
> >> Since it's a user setting, you also need
to configure loopback
> >> processing in the same GPO:
> >>
> >> Computer Configuration - Administrative
Templates - System -
> >> Group Policy
> >> "User Group Policy loopback
processing mode" - "Replace"
> >>
> >> Do you have access to the physical
console of the server?
> >> Can you connect to the console session
(with mstsc /console)?
> >>
> >> _________________________________________________________
> >> Vera Noest
> >> MCSE, CCEA, Microsoft MVP - Terminal
Server
> >> TS troubleshooting:
http://ts.veranoest.net
> >> ___ please respond in newsgroup, NOT by
private email ___
> >>
> >> =?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
> >> wrote on 20 sep 2007
> >> in
microsoft.public.windows.terminal_services:
> >>
> >> > Yes- I share the admin account with
other users. How do I
> >> > disable the ssaver under TS? Is
there a way I can log on and
> >> > get to the server without rebooting
it?
> >> >
> >> > Thanks,
> >> > D
> >> >
> >> > "Vera Noest [MVP]" wrote:
> >> >
> >> >> Are you sharing your user
account with someone else, like
> >> >> several persons using the same
Administrator account? Sounds
> >> >> like the screen saver has
kicked in when you take over a
> >> >> disconnected session.
> >> >>
> >> >> Disable the screen saver on the
TS.
> >> >>
_________________________________________________________
> >> >> Vera Noest
> >> >> MCSE, CCEA, Microsoft MVP -
Terminal Server
> >> >> TS troubleshooting:
http://ts.veranoest.net
> >> >> ___ please respond in
newsgroup, NOT by private email ___
> >> >>
> >> >>
=?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
> >> >> wrote on 20 sep
> >> >> 2007 in microsoft.public.windows.terminal_services:
> >> >>
> >> >> > Hi Everyone,
> >> >> >
> >> >> > When I log into the server
I am confronted with a black
> >> >> > screen and I cannot
proceed. This usually happens when
> >> >> > someone RDP into the
server and forgot to log off. Is
> >> >> > there a way to allow me to
log in without having to
> >> >> > restart the server?
> >> >> >
> >> >> > Thank you,
> >> >> > D
>
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: Unable to log into Server
Date:
09/22/2007 03:42:04
You can start Computer Manager on another server or XP
client and
connect it to the file server to see it's EventLog.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
=?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
wrote on 21 sep 2007 in
microsoft.public.windows.terminal_services:
> Hi Vera,
>
> The server (file server) is still runnning like
there is no
> problems. I am unable to view the event log
because I cannot
> sign in. Under Terminal Services Manager, I have
connected to
> the server and I do not see any connections.
>
> Thank you,
> D
>
>
> "Vera Noest [MVP]" wrote:
>
>> Then it seems that there's something else
going on than just
>> the normal screen saver.
>> Is the server functioning as it should in all
other respects?
>> Are there any warnings or errors in the
EventLog?
>> When you run Terminal Services Manager from
another server, can
>> you connect to this server and check if there
are any
>> disconnected or "down" sessions? If
there are, does the problem
>> go away when you kill these sessions?
>>
_________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by
private email ___
>>
>> =?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
>> wrote on 20 sep 2007
>> in
microsoft.public.windows.terminal_services:
>>
>> > Hi Vera,
>> >
>> > I can access the server via a KVM over
IP (as if I am
>> > physically infront of the server). I
attempted to connect to
>> > the server use mstsc /console /v:IP# I
get a grey screen
>> > after entering the server.
>> >
>> > Thank you for getting back to me so
quickly- I appreciate it
>> > alot.
>> >
>> > Thank you,
>> > D
>> >
>> >
>> > "Vera Noest [MVP]" wrote:
>> >
>> >> You can disable the screen saver
with a GPO:
>> >>
>> >> User Configuration - Administrative
templates - Control
>> >> Panel - Display
>> >> "Screen saver"
>> >>
>> >> Since it's a user setting, you also
need to configure
>> >> loopback processing in the same GPO:
>> >>
>> >> Computer Configuration -
Administrative Templates - System -
>> >> Group Policy
>> >> "User Group Policy loopback
processing mode" - "Replace"
>> >>
>> >> Do you have access to the physical
console of the server?
>> >> Can you connect to the console
session (with mstsc
>> >> /console)?
>> >>
>> >>
_________________________________________________________
>> >> Vera Noest
>> >> MCSE, CCEA, Microsoft MVP - Terminal
Server
>> >> TS troubleshooting:
http://ts.veranoest.net
>> >> ___ please respond in newsgroup, NOT
by private email ___
>> >>
>> >> =?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
>> >> wrote on 20 sep
>> >> 2007 in
microsoft.public.windows.terminal_services:
>> >>
>> >> > Yes- I share the admin account
with other users. How do I
>> >> > disable the ssaver under TS? Is
there a way I can log on
>> >> > and get to the server without
rebooting it?
>> >> >
>> >> > Thanks,
>> >> > D
>> >> >
>> >> > "Vera Noest [MVP]"
wrote:
>> >> >
>> >> >> Are you sharing your user
account with someone else, like
>> >> >> several persons using the
same Administrator account?
>> >> >> Sounds like the screen
saver has kicked in when you take
>> >> >> over a disconnected
session.
>> >> >>
>> >> >> Disable the screen saver on
the TS.
>> >> >>
_________________________________________________________
>> >> >> Vera Noest
>> >> >> MCSE, CCEA, Microsoft MVP -
Terminal Server
>> >> >> TS troubleshooting:
http://ts.veranoest.net
>> >> >> ___ please respond in
newsgroup, NOT by private email ___
>> >> >>
>> >> >>
=?Utf-8?B?RGVyZWsgRGEgU2lsdmE=?=
>> >> >> wrote on 20 sep
>> >> >> 2007 in microsoft.public.windows.terminal_services:
>> >> >>
>> >> >> > Hi Everyone,
>> >> >> >
>> >> >> > When I log into the
server I am confronted with a black
>> >> >> > screen and I cannot
proceed. This usually happens when
>> >> >> > someone RDP into the
server and forgot to log off. Is
>> >> >> > there a way to allow
me to log in without having to
>> >> >> > restart the server?
>> >> >> >
>> >> >> > Thank you,
>> >> >> > D
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: Turn Off Auto Connect
Date:
09/29/2007 11:37:59
Hi,
That is how the Remote Desktops mmc snapin works.
There
is no way to change it. There are third party programs
that
give you more flexibility for managing multiple RD
connections.
Here is one example:
http://www.ishadow.com
If you know how to program it is not very hard to use
the
Remote Desktop Activex and make an application just
like
the Remote Desktops snapin but with more/different
features.
-TP
Brian wrote:
> I have just installed the 2003 admin tools on my
XP machine and I
> can't find out how to stop it from automatically
connecting whenever I
> click on a server. Is there a way to stop this
from happening?
Top
From: Jeff Pitsch
<Jeff@Jeffpitschconsulting.com>
To:
none
Subject:
Re: TS2003 disconnect every 7-9 minutes
Date:
09/25/2007 10:04:26
May we assume they are coming in over the vpn? Are the
users on a dsl
line? Many times issues like this are related to MTU
size discrepancies.
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
Dana wrote:
> Bear with me as I'm not a tech gal (I'm an
accountant with some tech
> experience)...
>
> We have a TS2003 server that we use relatively
infrequently. There are
> about 6 users who use it to access our Netware
server. Rarely at the same
> time. 3 of the users it seems work fine. The
other 3 seem to get messages
> while they're working that they're disconnected.
This disconnect seems to
> come up every 7-9 minutes. They reconnect and
they're right back where they
> were but for only another 7-9 minutes. We use a
WatchGuard MuVPN. Any
> ideas? Is this a VPN issue or a WTS issue or
both?
>
> Thx,
> D
>
>
Top
From: Dana <nospam@msn.com>
To:
none
Subject:
Re: TS2003 disconnect every 7-9 minutes
Date:
09/25/2007 12:29:49
Hi Jeff,
Yes, it's thru the VPN ?
familiar with MTU so can you help or point me in the
right direction?
Thx again,
D
"Jeff Pitsch" wrote in message
news:eGR6dV4$HHA.4836@TK2MSFTNGP06.phx.gbl...
> May we assume they are coming in over the vpn?
Are the users on a dsl
> line? Many times issues like this are related to
MTU size discrepancies.
>
> Jeff Pitsch
> Microsoft MVP - Terminal Server
> Citrix Technology Professional
> Provision Networks VIP
>
> Forums not enough?
> Get support from the experts at your business
> http://jeffpitschconsulting.com
>
> Dana wrote:
>> Bear with me as I'm not a tech gal (I'm an
accountant with some tech
>> experience)...
>>
>> We have a TS2003 server that we use
relatively infrequently. There are
>> about 6 users who use it to access our
Netware server. Rarely at the
>> same time. 3 of the users it seems work fine.
The other 3 seem to get
>> messages while they're working that they're
disconnected. This
>> disconnect seems to come up every 7-9
minutes. They reconnect and
>> they're right back where they were but for only
another 7-9 minutes. We
>> use a WatchGuard MuVPN. Any ideas? Is this a
VPN issue or a WTS issue
>> or both?
>>
>> Thx,
>> D
Top
From: Josh Rosenberg [MSFT] <joshrose@online.microsoft.com>
To:
none
Subject:
Re: TS2003 disconnect every 7-9 minutes
Date:
09/25/2007 18:09:01
MTU (Maximum Transmission Unit) refers to the maximum
packet size allowed by
a particular network segment. The effective MTU of a
connection is the
minimum MTU among all the segments on the connection.
In your case, the DSL
+ VPN combo is leading to a much smaller MTU than
Ethernet supports.
You want your MTU as high as possible without
fragmenting or dropping
packets; when VPN is in the mix, this value can vary
quite substantially.
See
http://support.microsoft.com/default.aspx?scid=kb;en-us;q314825 for
information on how to configure the MTU used by a
particular machine. It's
mostly trial and error, so it may take some time to
work out the optimal
setting.
--
Josh Rosenberg [MSFT]
SDE - Terminal Services
"Dana" wrote in message
news:eJSu8m5$HHA.3940@TK2MSFTNGP05.phx.gbl...
> Hi Jeff,
> Yes, it's thru the VPN ?
> familiar with MTU so can you help or point me in
the right direction?
> Thx again,
> D
>
> "Jeff Pitsch" wrote in message
> news:eGR6dV4$HHA.4836@TK2MSFTNGP06.phx.gbl...
>> May we assume they are coming in over the
vpn? Are the users on a dsl
>> line? Many times issues like this are related
to MTU size discrepancies.
>>
>> Jeff Pitsch
>> Microsoft MVP - Terminal Server
>> Citrix Technology Professional
>> Provision Networks VIP
>>
>> Forums not enough?
>> Get support from the experts at your business
>> http://jeffpitschconsulting.com
>>
>> Dana wrote:
>>> Bear with me as I'm not a tech gal (I'm
an accountant with some tech
>>> experience)...
>>>
>>> We have a TS2003 server that we use
relatively infrequently. There are
>>> about 6 users who use it to access our
Netware server. Rarely at the
>>> same time. 3 of the users it seems work
fine. The other 3 seem to get
>>> messages while they're working that
they're disconnected. This
>>> disconnect seems to come up every 7-9
minutes. They reconnect and
>>> they're right back where they were but
for only another 7-9 minutes. We
>>> use a WatchGuard MuVPN. Any ideas? Is
this a VPN issue or a WTS issue
>>> or both?
>>>
>>> Thx,
>>> D
>
>
Top
From: Munindra Das [MSFT]
<munind@online.microsoft.com>
To:
none
Subject:
Re: TS Setup Questions
Date:
09/27/2007 13:21:20
> Q: In addition to the (10) TS CALs-Per Device we
will purchase, do we
> also need a total of (10) Windows 2003 Server
CALs-Per Device on this
> TS server?
I am not sure how you are differentiating between
"TS CALs-Per Device " and
"Windows 2003 Server CALs-Per Device". What
you need for the XP clients to
connect to a 2003 TS server are 10 Windows Server 2003
TS CAL. Please refer
to
http://www.microsoft.com/windowsserver2003/howtobuy/licensing/ts2003.mspx
for details.
> Q: Since we are adding the remotes to the DC as
"computers", do we
> need to purchase an additional (10) Device CALs
for this server as
> well?
As long as TS clients, TS servers and License Servers
are in the same AD
forest, you only need as many per device licenses as
there are clients. In
your case since you have 10 additional clients, you
need 10 licenses. You DO
NOT need any additional licenses.
Thanks!
--
This posting is provided "AS IS" with no
warranties, and confers no rights.
wrote in message
news:1190732931.252101.128210@50g2000hsm.googlegroups.com...
> We currently have a Windows 2003 Server as our DC
and 15 XP Clients
> connect to it to use our accounting system. We
are opening another
> location where 10 XP clients need to access the
same accounting
> system. Both locations have cable Internet
access.We plan to do the
> following to accomplish this and then we have
some questions with some
> of the steps:
>
> 1. Purchase an additional Windows 2003 Server
Standard (like a Dell
> PE1900) to use as the TS. It will physically set
next to the DC and
> login to the DC to run the accounting application
like a workstation
> does. THe remotes will login to the TS to run the
application.
>
> Q: In addition to the (10) TS CALs-Per Device we
will purchase, do we
> also need a total of (10) Windows 2003 Server
CALs-Per Device on this
> TS server?
>
> 2. Add the remotes to the DC and setup Group
Policy to control the
> profiles/desktops.
>
> Q: Since we are adding the remotes to the DC as
"computers", do we
> need to purchase an additional (10) Device CALs
for this server as
> well?
>
> 3. We want to establish a VPN that the TS will
run through.
>
> Q: What is the current recommended method for
doing this asssuming
> both locations have Static IPs from the ISP? For
example, do we setup
> VPN routers at both locations (Site-to-Site) or
use the capability of
> Windows 2003 Server? Note, the remote location
will not have a server,
> just workstations.
>
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: TS logon
Date:
09/26/2007 16:06:36
Seems that your RDP permissions are corrupted.
In Terminal Services Configuration - rdp-tcp
connection -
permissions - Advanced - click on "Default"
button and save.
This should restore the default permissions, which
give access to
Administrators and the *local* Remote Desktop Users
group.
If you have made your users member of the *domain*
Remote Desktop
Users group, add this group to each local RDU group to
give them
access.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
"Semir Hadzic" wrote on 26 sep 2007 in
microsoft.public.windows.terminal_services:
> Hi evererybody,
>
> I have unusal problem with Terminal servers.
> It is a new clean instalation. There is four
W2003R2 servers
> from wich
> one is DC, SQL and TS License server and other
three servers
> are
> Terminal servers in app mode.All four server are
in domain
> managed by DC on first server.
> Problem is this: Domain Remote desktop Users
group can't
> logon to TS, the same problem is with
administrator. In RDP-tcp
> configuration there is
> only local Remote desktop users group. I can't
put in permisions
> of RDP-tcp Domain Remote desktop users.
> I baypased that all by creating new group called
RDP USER and
> added new group in RDP-tcp permisions.
> Also changed Domain security policy to allow log
on trough
> terminal services. But that is only hot-fix.
> All three servers can see domain and DC. The
group policy is
> distributed normal. DNS server (on DC)
> working normal. Licences are distributed normal,
all works....
> All four servers are new instalation.
>
> any suggestions?
> please help, thanx
>
> Semir
> MCSA
Top
From: Semir Hadzic
<semir@gradpula.com>
To:
none
Subject:
Re: TS logon
Date:
09/27/2007 02:44:00
Vera,
thanx for your reply.
I've tried that, I can't add "doman" remote
desktop users group to "local"
Remote desktop users group, it does not permmit me to
doo that.
That is problem, it permmit me to add domain users and
permmit me to add new
created domain groum (RDP USERS) witch I created
before(or other groups)
Could it be problem becaouse servers are R2? Something
with global
catalogue? I forgot to mentioned in post before all
server are SP2 and all
are up do date.
Semir
"Vera Noest [MVP]" wrote in message
news:Xns99B7EB11C748Everanoesthemutforsse@207.46.248.16...
> Seems that your RDP permissions are corrupted.
> In Terminal Services Configuration - rdp-tcp
connection -
> permissions - Advanced - click on
"Default" button and save.
>
> This should restore the default permissions,
which give access to
> Administrators and the *local* Remote Desktop
Users group.
> If you have made your users member of the
*domain* Remote Desktop
> Users group, add this group to each local RDU
group to give them
> access.
>
>
_________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private
email ___
>
> "Semir Hadzic" wrote on 26 sep 2007 in
> microsoft.public.windows.terminal_services:
>
>> Hi evererybody,
>>
>> I have unusal problem with Terminal servers.
>> It is a new clean instalation. There is four
W2003R2 servers
>> from wich
>> one is DC, SQL and TS License server and
other three servers
>> are
>> Terminal servers in app mode.All four server
are in domain
>> managed by DC on first server.
>> Problem is this: Domain Remote desktop Users
group can't
>> logon to TS, the same problem is with
administrator. In RDP-tcp
>> configuration there is
>> only local Remote desktop users group. I
can't put in permisions
>> of RDP-tcp Domain Remote desktop users.
>> I baypased that all by creating new group
called RDP USER and
>> added new group in RDP-tcp permisions.
>> Also changed Domain security policy to allow
log on trough
>> terminal services. But that is only hot-fix.
>> All three servers can see domain and DC. The
group policy is
>> distributed normal. DNS server (on DC)
>> working normal. Licences are distributed
normal, all works....
>> All four servers are new instalation.
>>
>> any suggestions?
>> please help, thanx
>>
>> Semir
>> MCSA
Top
From: Vera Noest [MVP] <vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: TS logon
Date:
09/27/2007 14:39:59
Do you get an error message when you try to add the
group?
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
"Semir Hadzic" wrote on 27 sep 2007 in
microsoft.public.windows.terminal_services:
> Vera,
> thanx for your reply.
>
> I've tried that, I can't add "doman"
remote desktop users group
> to "local" Remote desktop users group,
it does not permmit me to
> doo that. That is problem, it permmit me to add
domain users and
> permmit me to add new created domain groum (RDP
USERS) witch I
> created before(or other groups) Could it be
problem becaouse
> servers are R2? Something with global catalogue?
I forgot to
> mentioned in post before all server are SP2 and
all are up do
> date.
>
> Semir
>
> "Vera Noest [MVP]" wrote
> in message
>
news:Xns99B7EB11C748Everanoesthemutforsse@207.46.248.16...
>> Seems that your RDP permissions are
corrupted.
>> In Terminal Services Configuration - rdp-tcp
connection -
>> permissions - Advanced - click on
"Default" button and save.
>>
>> This should restore the default permissions,
which give access
>> to Administrators and the *local* Remote
Desktop Users group.
>> If you have made your users member of the
*domain* Remote
>> Desktop Users group, add this group to each
local RDU group to
>> give them access.
>>
>>
_________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by
private email ___
>>
>> "Semir Hadzic" wrote on 26 sep 2007
in
>> microsoft.public.windows.terminal_services:
>>
>>> Hi evererybody,
>>>
>>> I have unusal problem with Terminal
servers.
>>> It is a new clean instalation. There is
four W2003R2 servers
>>> from wich
>>> one is DC, SQL and TS License server and
other three servers
>>> are
>>> Terminal servers in app mode.All four
server are in domain
>>> managed by DC on first server.
>>> Problem is this: Domain Remote desktop
Users group can't
>>> logon to TS, the same problem is with
administrator. In
>>> RDP-tcp configuration there is
>>> only local Remote desktop users group. I
can't put in
>>> permisions of RDP-tcp Domain Remote
desktop users.
>>> I baypased that all by creating new group
called RDP USER and
>>> added new group in RDP-tcp permisions.
>>> Also changed Domain security policy to
allow log on trough
>>> terminal services. But that is only
hot-fix.
>>> All three servers can see domain and DC.
The group policy is
>>> distributed normal. DNS server (on DC)
>>> working normal. Licences are distributed
normal, all works....
>>> All four servers are new instalation.
>>>
>>> any suggestions?
>>> please help, thanx
>>>
>>> Semir
>>> MCSA
Top
From: Semir Hadzic
<semir@gradpula.com>
To:
none
Subject:
Re: TS logon
Date:
09/28/2007 02:54:49
If I try to put it manualy by typing it ask me to
correct information (like
it was not found in AD), if I tray to put it by
browsing users,group or
built in security principals it is not listed there.
Firs similar group that
I have seen is TERMINAL SERVER USERS. I have tried to
put that Users-Group
but no change.
But when I see on my other servers on other locations
it is normal behavior.
There everything work normal. There also you can't put
domain rdu group to
security properties op RDP-tcp connections.
I am lost.
"Vera Noest [MVP]" wrote in message
news:Xns99B8DC674603Bveranoesthemutforsse@207.46.248.16...
> Do you get an error message when you try to add
the group?
>
_________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private
email ___
>
> "Semir Hadzic" wrote on 27 sep 2007 in
> microsoft.public.windows.terminal_services:
>
>> Vera,
>> thanx for your reply.
>>
>> I've tried that, I can't add
"doman" remote desktop users group
>> to "local" Remote desktop users
group, it does not permmit me to
>> doo that. That is problem, it permmit me to
add domain users and
>> permmit me to add new created domain groum
(RDP USERS) witch I
>> created before(or other groups) Could it be
problem becaouse
>> servers are R2? Something with global
catalogue? I forgot to
>> mentioned in post before all server are SP2
and all are up do
>> date.
>>
>> Semir
>>
>> "Vera Noest [MVP]" wrote
>> in message
>>
news:Xns99B7EB11C748Everanoesthemutforsse@207.46.248.16...
>>> Seems that your RDP permissions are
corrupted.
>>> In Terminal Services Configuration -
rdp-tcp connection -
>>> permissions - Advanced - click on
"Default" button and save.
>>>
>>> This should restore the default
permissions, which give access
>>> to Administrators and the *local* Remote
Desktop Users group.
>>> If you have made your users member of the
*domain* Remote
>>> Desktop Users group, add this group to
each local RDU group to
>>> give them access.
>>>
>>> _________________________________________________________
>>> Vera Noest
>>> MCSE, CCEA, Microsoft MVP - Terminal
Server
>>> TS troubleshooting:
http://ts.veranoest.net
>>> ___ please respond in newsgroup, NOT by
private email ___
>>>
>>> "Semir Hadzic" wrote on 26 sep
2007 in
>>> microsoft.public.windows.terminal_services:
>>>
>>>> Hi evererybody,
>>>>
>>>> I have unusal problem with Terminal
servers.
>>>> It is a new clean instalation. There
is four W2003R2 servers
>>>> from wich
>>>> one is DC, SQL and TS License server
and other three servers
>>>> are
>>>> Terminal servers in app mode.All four
server are in domain
>>>> managed by DC on first server.
>>>> Problem is this: Domain Remote
desktop Users group can't
>>>> logon to TS, the same problem is with
administrator. In
>>>> RDP-tcp configuration there is
>>>> only local Remote desktop users
group. I can't put in
>>>> permisions of RDP-tcp Domain Remote
desktop users.
>>>> I baypased that all by creating new
group called RDP USER and
>>>> added new group in RDP-tcp
permisions.
>>>> Also changed Domain security policy
to allow log on trough
>>>> terminal services. But that is only
hot-fix.
>>>> All three servers can see domain and
DC. The group policy is
>>>> distributed normal. DNS server (on
DC)
>>>> working normal. Licences are distributed
normal, all works....
>>>> All four servers are new instalation.
>>>>
>>>> any suggestions?
>>>> please help, thanx
>>>>
>>>> Semir
>>>> MCSA
Top
From: Vera Noest [MVP] <vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: TS lockups
Date:
09/25/2007 13:32:16
Any errors or warning in the EventLog?
Which error message do you get when you try to
establish a new
session to the server (I'am assuming that you can't start
a new
session)?
Which SP is the server running?
When this happens, can you still ping the server?
Connect to a
shared drive on the server?
Check if this applies:
883670 - FIX: The Terminal Services service stops
responding in
Windows Server 2003 and you receive an "The RPC
service is
unavailable" error message when you try to
connect to the terminal
server by using the Remote Desktop Connection program
http://support.microsoft.com/?kbid=883670
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
"Tim Gowen" wrote on 25 sep 2007 in
microsoft.public.windows.terminal_services:
> I'm seeing a lot of lock-ups with remote users on
a particular
> W2K3 server. I've tried the KeepAlive registry
fix, but it was
> already set to the recommended setting. Power
management or
> screen savers don't seem to be the issue either.
The screens of
> the remote session just go to the background
colour, with no
> icons. They're still shown as connected in the
Administrator,
> but they cannot be made to come alive.
>
>
> Tim
Top
From: Tim Gowen
<tim.gowen@rafmuseum.org>
To:
none
Subject:
Re: TS lockups
Date:
09/27/2007 03:33:42
Nothing in the event logs that's out of the ordinary;
some 1010 errors
MSGina about a user's home directory, but this user doesn't
seem to have the
problem:
Event Type: Error
Event Source: MsGina
Event Category: None
Event ID: 1010
Date: 25/09/2007
Time: 11:12:54
User: N/A
Computer: LYSANDER
Description:
Failed to set the user's home directory (Drive H:
connected to Share
\\York\SSmith).
When the user starts a session they get only a black
screen... as if
reconnecting to an existing locked up session. SP is 2
and I'm running PAE
because it's got >4Gb RAM. This issue is
intermittent, and the server
finctions normally in all other respects.
I'm not getting the error message discussed, so I'm
not sure if that fix
applies to this one.
Tim
"Vera Noest [MVP]" wrote in message
news:Xns99B6D0EC7EF81veranoesthemutforsse@207.46.248.16...
> Any errors or warning in the EventLog?
> Which error message do you get when you try to
establish a new
> session to the server (I'am assuming that you
can't start a new
> session)?
> Which SP is the server running?
> When this happens, can you still ping the server?
Connect to a
> shared drive on the server?
> Check if this applies:
>
> 883670 - FIX: The Terminal Services service stops
responding in
> Windows Server 2003 and you receive an "The
RPC service is
> unavailable" error message when you try to
connect to the terminal
> server by using the Remote Desktop Connection
program
> http://support.microsoft.com/?kbid=883670
>
>
_________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private
email ___
>
> "Tim Gowen" wrote on 25 sep 2007 in
> microsoft.public.windows.terminal_services:
>
>> I'm seeing a lot of lock-ups with remote
users on a particular
>> W2K3 server. I've tried the KeepAlive
registry fix, but it was
>> already set to the recommended setting. Power
management or
>> screen savers don't seem to be the issue
either. The screens of
>> the remote session just go to the background
colour, with no
>> icons. They're still shown as connected in
the Administrator,
>> but they cannot be made to come alive.
>>
>>
>> Tim
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: TS lockups
Date:
09/27/2007 14:37:52
Are the clients and the server on the same network?
If not, check this, from the Terminal Services FAQ
http://www.microsoft.com/technet/community/en-
us/terminal/terminal_faq.mspx
Q. Sometimes when I connect to my terminal server, I
see a black
screen. Why does this occur?
A. This typically occurs if there is a device between
the client
and the server that is receiving packets but not
passing them on.
One way around this problem is to change the MTU size
for the
network adapter that is being used as a terminal
server connection
to clients.
Ethernet uses a maximum MTU size of 1500. You can
start with 500
and then slowly move up until you notice the problem
to find the
correct value to set
http://support.microsoft.com/?kbid=314825
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
"Tim Gowen" wrote on 27 sep 2007 in
microsoft.public.windows.terminal_services:
> Nothing in the event logs that's out of the
ordinary; some 1010
> errors MSGina about a user's home directory, but
this user
> doesn't seem to have the problem:
>
> Event Type: Error
> Event Source: MsGina
> Event Category: None
> Event ID: 1010
> Date: 25/09/2007
> Time: 11:12:54
> User: N/A
> Computer: LYSANDER
> Description:
> Failed to set the user's home directory (Drive H:
connected to
> Share \\York\SSmith).
>
> When the user starts a session they get only a
black screen...
> as if reconnecting to an existing locked up
session. SP is 2
> and I'm running PAE because it's got >4Gb RAM.
This issue is
> intermittent, and the server finctions normally
in all other
> respects.
>
> I'm not getting the error message discussed, so
I'm not sure if
> that fix applies to this one.
>
>
> Tim
>
> "Vera Noest [MVP]" wrote
> in message
> news:Xns99B6D0EC7EF81veranoesthemutforsse@207.46.248.16...
>> Any errors or warning in the EventLog?
>> Which error message do you get when you try
to establish a new
>> session to the server (I'am assuming that you
can't start a new
>> session)?
>> Which SP is the server running?
>> When this happens, can you still ping the
server? Connect to a
>> shared drive on the server?
>> Check if this applies:
>>
>> 883670 - FIX: The Terminal Services service
stops responding in
>> Windows Server 2003 and you receive an
"The RPC service is
>> unavailable" error message when you try
to connect to the
>> terminal server by using the Remote Desktop
Connection program
>> http://support.microsoft.com/?kbid=883670
>>
>>
_________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by
private email ___
>>
>> "Tim Gowen" wrote on 25 sep 2007 in
>> microsoft.public.windows.terminal_services:
>>
>>> I'm seeing a lot of lock-ups with remote
users on a particular
>>> W2K3 server. I've tried the KeepAlive
registry fix, but it was
>>> already set to the recommended setting.
Power management or
>>> screen savers don't seem to be the issue
either. The screens
>>> of the remote session just go to the
background colour, with
>>> no icons. They're still shown as
connected in the
>>> Administrator, but they cannot be made to
come alive.
>>>
>>>
>>> Tim
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: TS licensing
Date:
09/24/2007 16:10:49
TS Licensing is *not* concurrent. You need a dedicated
license for
each workstation or user who connects.
Choose Per User licensing if you have more clients
than users (where
each user connects from an office PC + a home PC + a
laptop).
Choose Per Device licensing if you have more users
than workstations
(in a situation where personnel works in shifts,
sharing the same
workstations).
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
=?Utf-8?B?cGV0ZTAwODU=?=
wrote on 24 sep 2007 in
microsoft.public.windows.terminal_services:
> Thinking about having 1 TS server. 12 users at
one time would
> be accessing the resources with a possibliity of
20 different
> users logging on to a TS server.
>
> What would be the cheapest licensing method for
this scenario?
Top
From: pete0085
<pete0085@discussions.microsoft.com>
To:
none
Subject:
Re: TS licensing
Date:
09/24/2007 16:50:00
There are users that roam and access more than one pc.
So I would need a per
user license.
"Vera Noest [MVP]" wrote:
> TS Licensing is *not* concurrent. You need a
dedicated license for
> each workstation or user who connects.
>
> Choose Per User licensing if you have more
clients than users (where
> each user connects from an office PC + a home PC
+ a laptop).
> Choose Per Device licensing if you have more
users than workstations
> (in a situation where personnel works in shifts,
sharing the same
> workstations).
>
>
_________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private
email ___
>
> =?Utf-8?B?cGV0ZTAwODU=?=
> wrote on 24 sep 2007 in
> microsoft.public.windows.terminal_services:
>
> > Thinking about having 1 TS server. 12 users
at one time would
> > be accessing the resources with a
possibliity of 20 different
> > users logging on to a TS server.
> >
> > What would be the cheapest licensing method
for this scenario?
>
Top
From: Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: TS has Office 2003, Workstation has 2007
Date:
09/27/2007 02:42:53
Hello A.C. Buehler,
Did you configure 2 profiles for the users on the user
properties tab? You
need one for TS and one for the fat client.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS"
with no warranties, and confers
no rights.
> I have a number of laptops that have Office 2007.
The TS is running
> Office 2003. When the laptops run in TS, all is
fine; when they run
> independently all is fine, too. However, if I
connect the laptops to
> the domain, the roaming profile supercedes the
locally installed
> Office 2007, no correct icons appear for Office,
and when the icons
> are opened, they report that the application has
not been installed.
> Took me a few minutes to realize that the profile
was looking for the
> 2003, and the laptop has 2007. Incidentally, when
I take the laptops
> off the domain, the 2007 works on the laptops,
and the TS connections
> still run 2003 fine. I would like to find a way
to not lose office
> when connected to the domain. Thanks!!
>
Top
From: A.C. Buehler
<ACBuehler@discussions.microsoft.com>
To:
none
Subject:
Re: TS has Office 2003, Workstation has 2007
Date:
09/27/2007 05:05:04
No, I did not. I am not familiar with this. Do you
know of any resources on
this?
Also, the desktops have 2003, too. And some of the
users have laptops and
desktop access, too. I kind of look like this for
these users:
Desktop in Domain: Office 2003
Laptop not on domain: Office 2007
Laptop on TS: Office 2003 via TS
Laptop on Domain: Doesn't work with any office.
Thanks!
"Meinolf Weber" wrote:
> Hello A.C. Buehler,
>
> Did you configure 2 profiles for the users on the
user properties tab? You
> need one for TS and one for the fat client.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS
IS" with no warranties, and confers
> no rights.
>
> > I have a number of laptops that have Office
2007. The TS is running
> > Office 2003. When the laptops run in TS, all
is fine; when they run
> > independently all is fine, too. However, if
I connect the laptops to
> > the domain, the roaming profile supercedes
the locally installed
> > Office 2007, no correct icons appear for
Office, and when the icons
> > are opened, they report that the application
has not been installed.
> > Took me a few minutes to realize that the profile
was looking for the
> > 2003, and the laptop has 2007. Incidentally,
when I take the laptops
> > off the domain, the 2007 works on the
laptops, and the TS connections
> > still run 2003 fine. I would like to find a
way to not lose office
> > when connected to the domain. Thanks!!
> >
>
>
>
Top
From: Jeff Pitsch
<Jeff@Jeffpitschconsulting.com>
To:
none
Subject:
Re: TS Device CAL not releasing after expiration
Date:
09/27/2007 10:51:46
Were you getting 1003 and 1004 errors in the event
logs? Do you have
100 or fewer devices that have connected in the last
90 days?
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
jhferry3@gmail.com wrote:
> Hi,
>
> I have 100 TS cal licenses in per device mode. I
started getting
> calls that people couldnt connect. When I looked
at the TS licenses I
> had 2 Cal licenses that expired but I never got
them back.
>
> WHat could cause this?
>
Top
From: jhferry3@gmail.com
<jhferry3@gmail.com>
To:
none
Subject:
Re: TS Device CAL not releasing after expiration
Date:
09/27/2007 11:41:18
On Sep 27, 11:51 am, Jeff Pitsch
wrote:
> Were you getting 1003 and 1004 errors in the
event logs? Do you have
> 100 or fewer devices that have connected in the
last 90 days?
>
> Jeff Pitsch
> Microsoft MVP - Terminal Server
> Citrix Technology Professional
> Provision Networks VIP
>
> Forums not enough?
> Get support from the experts at your
businesshttp://jeffpitschconsulting.com
>
> jhfer...@gmail.com wrote:
> > Hi,
>
> > I have 100 TS cal licenses in per device
mode. I started getting
> > calls that people couldnt connect. When I
looked at the TS licenses I
> > had 2 Cal licenses that expired but I never
got them back.
>
> > WHat could cause this?
I do not see those errors but we do have less than 100
PC connecting I
would think. We only have 100 licenses.
Top
From: Jeff Pitsch <Jeff@Jeffpitschconsulting.com>
To:
none
Subject:
Re: TS Device CAL not releasing after expiration
Date:
09/27/2007 12:57:21
Then how did you figure the problem to be a licensing
issue when the
users couldn't connect?
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
jhferry3@gmail.com wrote:
> On Sep 27, 11:51 am, Jeff Pitsch
> wrote:
>> Were you getting 1003 and 1004 errors in the
event logs? Do you have
>> 100 or fewer devices that have connected in
the last 90 days?
>>
>> Jeff Pitsch
>> Microsoft MVP - Terminal Server
>> Citrix Technology Professional
>> Provision Networks VIP
>>
>> Forums not enough?
>> Get support from the experts at your
businesshttp://jeffpitschconsulting.com
>>
>> jhfer...@gmail.com wrote:
>>> Hi,
>>> I have 100 TS cal licenses in per device
mode. I started getting
>>> calls that people couldnt connect. When I
looked at the TS licenses I
>>> had 2 Cal licenses that expired but I
never got them back.
>>> WHat could cause this?
>
> I do not see those errors but we do have less
than 100 PC connecting I
> would think. We only have 100 licenses.
>
Top
From: jhferry3@gmail.com
<jhferry3@gmail.com>
To:
none
Subject:
Re: TS Device CAL not releasing after expiration
Date:
09/28/2007 08:05:25
On Sep 27, 1:57 pm, Jeff Pitsch wrote:
> Then how did you figure the problem to be a
licensing issue when the
> users couldn't connect?
>
> Jeff Pitsch
> Microsoft MVP - Terminal Server
> Citrix Technology Professional
> Provision Networks VIP
>
> Forums not enough?
> Get support from the experts at your
businesshttp://jeffpitschconsulting.com
>
> jhfer...@gmail.com wrote:
> > On Sep 27, 11:51 am, Jeff Pitsch
> > wrote:
> >> Were you getting 1003 and 1004 errors in
the event logs? Do you have
> >> 100 or fewer devices that have connected
in the last 90 days?
>
> >> Jeff Pitsch
> >> Microsoft MVP - Terminal Server
> >> Citrix Technology Professional
> >> Provision Networks VIP
>
> >> Forums not enough?
> >> Get support from the experts at your
businesshttp://jeffpitschconsulting.com
>
> >> jhfer...@gmail.com wrote:
> >>> Hi,
> >>> I have 100 TS cal licenses in per
device mode. I started getting
> >>> calls that people couldnt connect.
When I looked at the TS licenses I
> >>> had 2 Cal licenses that expired but
I never got them back.
> >>> WHat could cause this?
>
> > I do not see those errors but we do have
less than 100 PC connecting I
> > would think. We only have 100 licenses.
I sent into TS licensing and saw that 4 clients should
have expired
and didnt release the license.
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: TS Device CAL not releasing after expiration
Date:
09/28/2007 13:36:41
From:
http://ts.veranoest.net/ts_faq_licensing.htm#release_expired_TSCALs
Q: Expired TS CALs are not returned to the pool of
available
licenses
A: If Microsoft's Volume Shadow Copy Service (VSS) is
running on
the server, it could stop the thread on the TS License
Server which
reclaims expired licenses.
Stop and restart the TS Licensing Service - it will
restart the
thread, and, if the bug is the culprit, expired
licenses will be
returned to the pool of available licenses within a
couple of
minutes after the service is restarted.
For more details, check:
279561 - How to Override the License Server Discovery
Process in
Windows Server 2003 Terminal Service
http://support.microsoft.com/?kbid=279561
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
"jhferry3@gmail.com" wrote on 28 sep 2007 in
microsoft.public.windows.terminal_services:
> On Sep 27, 1:57 pm, Jeff Pitsch
> wrote:
>> Then how did you figure the problem to be a
licensing issue
>> when the users couldn't connect?
>>
>> Jeff Pitsch
>> Microsoft MVP - Terminal Server
>> Citrix Technology Professional
>> Provision Networks VIP
>>
>> Forums not enough?
>> Get support from the experts at your
>> businesshttp://jeffpitschconsulting.com
>>
>> jhfer...@gmail.com wrote:
>> > On Sep 27, 11:51 am, Jeff Pitsch
>> > wrote:
>> >> Were you getting 1003 and 1004
errors in the event logs? Do
>> >> you have 100 or fewer devices that
have connected in the
>> >> last 90 days?
>>
>> >> Jeff Pitsch
>> >> Microsoft MVP - Terminal Server
>> >> Citrix Technology Professional
>> >> Provision Networks VIP
>>
>> >> Forums not enough?
>> >> Get support from the experts at your
>> >>
businesshttp://jeffpitschconsulting.com
>>
>> >> jhfer...@gmail.com wrote:
>> >>> Hi,
>> >>> I have 100 TS cal licenses in
per device mode. I started
>> >>> getting calls that people
couldnt connect. When I looked
>> >>> at the TS licenses I had 2 Cal
licenses that expired but I
>> >>> never got them back. WHat could
cause this?
>>
>> > I do not see those errors but we do have
less than 100 PC
>> > connecting I would think. We only have
100 licenses.
>
> I sent into TS licensing and saw that 4 clients
should have
> expired and didnt release the license.
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: TS & VFP question
Date:
09/21/2007 14:11:02
Hi,
Generally I would recommend Windows Server 2003
R2 Standard x64 Edition w/SP2. This will give you
access
to large amounts of installed RAM without the extra
cost
of Enterprise. For a 64-bit TS I would suggest 8GB as
a minimum with 12GB, 16GB or more if needed.
It may be a good idea to purchase Software Assurance
on
your server license as well as the Windows and TS CALs
so
that you will get Server 2008 when it is released in
Feb.
As always you should *test* your applications for
compatibility
and to determine how much CPU, RAM, Disk I/O, and
network bandwidth they use. That way you can plan and
make your hardware/software purchases with confidence.
Another thing to consider with 64-bit is that you will
need to
have 64-bit printer drivers or preferrably use a third
party
universal printer driver solution.
Where will the database files reside? If you are using
.dbf
files then storing them locally will allow you to
achieve the
highest performance and stability. If your VFP app is
a
frontend for a SQL database then it is different.
If the files will be local then I would recommend the
server
have redundant power supplies, hot swap fans, hardware
RAID, redundant 15K drives (prefer RAID 10), etc. with
a 4-hour response on-site warranty minimum.
-TP
Keith Wheeler wrote:
> I am looking at deploying a Visual FoxPro app to
about 40 people using
> Terminal Server. Here are my questions:
>
> 1) Should I use Win2K3 Std. R2 which maxes out at
4GB RAM or Ent. R2
> which maxes out at 64GB?
>
> 2) Can I use Win2K3 64-bit OS? And would that
have any advantages /
> disadvantages on this scenario?
>
> TIA
Top
From: Doug Dwyer <Doug
Dwyer@discussions.microsoft.com>
To:
none
Subject:
Re: Thin Clients vs Win XP / PE
Date:
09/26/2007 11:26:04
I just had this issue with a win98 machine with 32 mb
ram and the TS sessions
was usable until the user printed something to the
local redirected printer.
The mouse would jump and everything would lag. I
replaced the the PC with a
current Win xp machine and the same thing does not
occur.
Check out the specs of the computer! The TS client may
work but if you
expect the pc to do more than just the screen, mouse
and keyboard
redirections you will need more computer.
"TP" wrote:
> Hi Marcus,
>
> Let me start out by saying that the symptoms you
describe have
> almost always been caused by network issues in my
experience.
> The above is based on a server that is not
overloaded or having
> problems due to hardware or driver issues. Of
course your
> situation could be one of the unusual cases.
>
> You have mentioned that your switch logs are
clean--that is a
> plus. How about more low-tech troubleshooting
like continuous
> pings? Pick a few of the most troublesome
workstations and run
> a continuous ping to the TS. When the users
notice a delay, have
> them look at the pings. They should see an
endless stream of
> replies with time> when the delay is 45
seconds like you mentioned. Teach them
> how to use Ctrl-Break every so often to view
statistics and verify
> that no packets were lost.
>
> When the users experience a delay have them press
Ctrl-Alt-End.
> Does the Windows Security dialog come up
immediately or is
> there a long delay?
>
> One key thing I noticed is that based on the
information you have
> provided your problem seems to be more user
and/or workstation
> specific. I say this based upon your description
that all users
> experience some lag occasionally but for one it
is particularly painful.
> What is different about this one user? Do they
run different software,
> have different printers, etc.? About how much lag
do all users
> experience? How often is occasionally?
>
> When you run perfmon on the TS what do the
numbers look like
> when a problem occurs? For example, CPU
utilization, Commit
> charge total, Pages/sec, Avg Disk Queue Length?
Are you seeing
> missing data points?
>
> What Write Policy do you have set on your Virtual
Disk? If you
> have a PERC card with battery backup then I would
recommend
> setting it to Write-Back. Check in Server
Administrator (newer
> server) or Array Manager Console (older server).
What settings
> do you have on the Policies tab of the Properties
of your PERC
> card? Have you contacted Dell Server Support and
asked them
> to verify that you have configured the controller
and array for the
> best performance, and that you have the latest
firmware and drivers?
>
> There are certain cases where delays or pauses
may occur. For
> example, tranferring a large file (or clipboard
data) from the client
> to the TS, situations where the shell is waiting
for an operation to
> complete, problems with printer autocreation or
printer drivers, etc.
>
> What are you running for the server OS? 2003 x64
Standard R2 SP2?
>
> What software is loaded on your TS servers? Which
programs do
> the users typically have problems with? All
programs?
>
> Thanks.
>
> -TP
>
> Marcus Cotey wrote:
> > Well lets, for the moment, forget about my
one user...and lets
> > discuss this from a general perspective. Say
the KB article is not
> > the issue...but we are experiencing on all
our clients a keyboard lag
> > (buffering) to some degree or another. What
would cause that?
> > Forgot about all the other symptoms and just
think of this from the
> > user perspective that the keyboard input
seems slow, say once or
> > twice an hour and sometimes the slowness is
short in duration (couple
> > of secs) to almost a full minute.
> >
> > What would your thoughts on that be? The
Term Servers themselves are
> > pretty darn beefy (the slowest one has a
quad processor with 8GBs of
> > RAM) so I can't imagine it is a hardware
issue. Switch logs are
> > clean so it doesn't look like a network
issue.
>
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: Terminal Services Session Screen Saver possible to
disable?
Date:
09/21/2007 10:55:39
Hi,
Place your TS servers in a separate OU and create a
GPO
with the settings you want. Move your TS servers into
this
OU. Enable Loopback policy with the Replace option.
Add an entry for Deny Apply Group Policy for Domain
Admins
to the above GPO security so that your policies will
not apply
to admins that logon to the TS.
Loopback processing of Group Policy
http://support.microsoft.com/kb/231287
After you have completed the above users will have a
different
GPO applied when they logon to the TS but still have
the current
GPO applied when logging on to their local PC.
-TP
Version7 wrote:
> Our problem is we have a user based group policy
that has the
> following settings,
>
> Password protect the screen saver Enabled
> Screen Saver Enabled
> Screen Saver timeout Enabled
> Number of seconds to wait to enable the Screen
Saver
> Seconds: 900
>
> This locks our users computers after 10 minutes.
Since this is a
> user based policy this follows the user's when
they log into the
> several terminal servers. This becomes very
annoying for the users
> to have to unlock there TS session after 10
minutes when they just
> unlocked there computer. Is there a way to
superseed the User based
> group policy and perm disable the Screen saver on
the TS Servers? Or
> maybe this is not the best solution and there is
a better one.
>
> We want to keep a policy in place that
automatically locks the users
> computers after 10 minutes however we dont want
the terminal service
> sessions to lock. Is this possible? Thanks
Top
From: Johan Strange
<JohanStrange@discussions.microsoft.com>
To:
none
Subject:
Re: Terminal Services Session Screen Saver possible to
disable?
Date:
09/21/2007 12:46:03
Thats right - GPO is applied Local - Site - Domain -
OU - Child
"TP" wrote:
> Hi,
>
> Place your TS servers in a separate OU and create
a GPO
> with the settings you want. Move your TS servers
into this
> OU. Enable Loopback policy with the Replace
option.
>
> Add an entry for Deny Apply Group Policy for
Domain Admins
> to the above GPO security so that your policies
will not apply
> to admins that logon to the TS.
>
> Loopback processing of Group Policy
>
> http://support.microsoft.com/kb/231287
>
> After you have completed the above users will
have a different
> GPO applied when they logon to the TS but still
have the current
> GPO applied when logging on to their local PC.
>
> -TP
>
> Version7 wrote:
> > Our problem is we have a user based group
policy that has the
> > following settings,
> >
> > Password protect the screen saver Enabled
> > Screen Saver Enabled
> > Screen Saver timeout Enabled
> > Number of seconds to wait to enable the
Screen Saver
> > Seconds: 900
> >
> > This locks our users computers after 10
minutes. Since this is a
> > user based policy this follows the user's
when they log into the
> > several terminal servers. This becomes very
annoying for the users
> > to have to unlock there TS session after 10
minutes when they just
> > unlocked there computer. Is there a way to
superseed the User based
> > group policy and perm disable the Screen
saver on the TS Servers? Or
> > maybe this is not the best solution and
there is a better one.
> >
> > We want to keep a policy in place that
automatically locks the users
> > computers after 10 minutes however we dont
want the terminal service
> > sessions to lock. Is this possible? Thanks
>
Top
From: Version7
<Version7@discussions.microsoft.com>
To:
none
Subject:
Re: Terminal Services Session Screen Saver possible to
disable?
Date:
09/26/2007 14:06:00
Thanks a lot this works perfect. I never used this
loopback option before,
Used correctly this is very powerful.
"TP" wrote:
> Hi,
>
> Place your TS servers in a separate OU and create
a GPO
> with the settings you want. Move your TS servers
into this
> OU. Enable Loopback policy with the Replace
option.
>
> Add an entry for Deny Apply Group Policy for
Domain Admins
> to the above GPO security so that your policies
will not apply
> to admins that logon to the TS.
>
> Loopback processing of Group Policy
>
> http://support.microsoft.com/kb/231287
>
> After you have completed the above users will
have a different
> GPO applied when they logon to the TS but still
have the current
> GPO applied when logging on to their local PC.
>
> -TP
>
> Version7 wrote:
> > Our problem is we have a user based group
policy that has the
> > following settings,
> >
> > Password protect the screen saver Enabled
> > Screen Saver Enabled
> > Screen Saver timeout Enabled
> > Number of seconds to wait to enable the
Screen Saver
> > Seconds: 900
> >
> > This locks our users computers after 10
minutes. Since this is a
> > user based policy this follows the user's
when they log into the
> > several terminal servers. This becomes very
annoying for the users
> > to have to unlock there TS session after 10
minutes when they just
> > unlocked there computer. Is there a way to
superseed the User based
> > group policy and perm disable the Screen
saver on the TS Servers? Or
> > maybe this is not the best solution and
there is a better one.
> >
> > We want to keep a policy in place that
automatically locks the users
> > computers after 10 minutes however we dont
want the terminal service
> > sessions to lock. Is this possible? Thanks
>
Top
From: Patrick Rouse
<PatrickRouse@discussions.microsoft.com>
To:
none
Subject:
RE: Terminal Services installation on Great Plains server
Date:
09/23/2007 13:32:00
What is typically done is to install do a clean
install of the Server
Standard OS, Install Terminal Server, then install the
client application,
i.e. the GP Client, and the client portion of your
custom application. The
backend databases should be running on different
servers, except in
environments where you have only one server.
--
Patrick C. Rouse
Microsoft MVP - Terminal Server
Provision Networks VIP
Citrix Technology Professional
President - Session Computing Solutions, LLC
http://www.sessioncomputing.com
"Andrew" wrote:
> Hello,
>
> We run Great Plains 7.5 on one of our member
servers (Win2003) in test
> environment. Besides GP there is a custom
developed application and SQL
> Server 2000 installed on this box. We are
planning to provide multiple user
> access to our custom application through the
Terminal Services (Application
> mode). The best practice is to install Terminal
Server on a clean machine and
> then install software through Add Or Remove
Programs. There is no problem to
> reinstall custom application but will the
Terminal Server installation affect
> the Great Plains that can lead to GP
redeployment??
>
> Thanks in advance. Any help is appreciated.
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: Terminal Server lockups
Date:
09/28/2007 15:01:59
Hi,
This could be caused by many things.
As a start how about *completely* removing the
anti-virus,
backup, and any other
security/anti-malware/anti-spyware/etc.
type of software from the TS server. After this is
done restart
the server and have your users work as normal and
report any
problems to you.
Are there any errors in the System and Application
logs?
When you have performance issues what numbers do you
see in task manager for CPU, Commit Charge Total, and
Physical Memory Total? If CPU utilization is high,
which
processes are using the bulk of the CPU?
Thanks in advance for answering my questions.
-TP
Ray234 wrote:
> We are running Windows Server 2003 Terminal
Services. We are getting
> random lockups where the taskbar is missing on
the server, and the
> only way to get it back is to reboot. Also, users
will get
> performance issues including lockups and slow
performance. Sometimes
> their taskbar is missing. When this happens,
either the backup will
> fail and/or the Symantec Anti-Virus will stop
getting the definition
> updates. Rebooting will fix both. We have ran
multiple virus and
> spyware scans and checked startup items with
Hijack This. I have
> removed and re-installed Symantec and the backup
client. I have
> updated Windows to SP2, updated several device
drivers, but can't
> figure out why this keeps locking up. I have
changed the virtual
> memory settings to higher amounts and also to
System Managed.
>
> Any ideas would be appreciated.
Top
From: Ray234
<Ray234@discussions.microsoft.com>
To:
none
Subject:
Re: Terminal Server lockups
Date:
10/01/2007 15:06:05
I'll have to look into removing Symantec from this
server. I don't like
leaving 25+ users on a server with no A/V protection.
As far as the logs go, the System log had:
1) Dcom service failed (5-6 entries).
2) "Timeout waiting for a transaction response
from the Symantec Antivirus
service" several times.
The Application log had:
1) Application Hang errors - Excel, IE, Outlook,
Acrobat.
2) Fault Bucket.
The server is currently 2 days behind in definitions,
and the backup failed
last night with a "TCP Reconnect timeout".
I did an 'arp -a', but didn't see the server that does
the backup and
Symantec updates (same server for both). I did a ping
of that server, and
then it showed up. I cleared the arp cache before
that. Didn't hear from
any users of any other issues, but most likely they'll
show up tomorrow, if
it follows the trend.
As far as performance, the CPU was about 3-5%, with
spikes of 10-15%. The
Physical memory is: Total-2096492, Available-92240,
System Cache-414632. The
Commit Charge is: Total-2825012, Limit-4043560,
Peak-2890136. They Kernel
Memory is: Total-264136, Paged-206216, Nonpaged-57920.
Hope that helps.
Ray
"TP" wrote:
> Hi,
>
> This could be caused by many things.
>
> As a start how about *completely* removing the
anti-virus,
> backup, and any other
security/anti-malware/anti-spyware/etc.
> type of software from the TS server. After this
is done restart
> the server and have your users work as normal and
report any
> problems to you.
>
> Are there any errors in the System and
Application logs?
>
> When you have performance issues what numbers do
you
> see in task manager for CPU, Commit Charge Total,
and
> Physical Memory Total? If CPU utilization is
high, which
> processes are using the bulk of the CPU?
>
> Thanks in advance for answering my questions.
>
> -TP
>
> Ray234 wrote:
> > We are running Windows Server 2003 Terminal
Services. We are getting
> > random lockups where the taskbar is missing
on the server, and the
> > only way to get it back is to reboot. Also,
users will get
> > performance issues including lockups and
slow performance. Sometimes
> > their taskbar is missing. When this happens,
either the backup will
> > fail and/or the Symantec Anti-Virus will
stop getting the definition
> > updates. Rebooting will fix both. We have
ran multiple virus and
> > spyware scans and checked startup items with
Hijack This. I have
> > removed and re-installed Symantec and the
backup client. I have
> > updated Windows to SP2, updated several
device drivers, but can't
> > figure out why this keeps locking up. I have
changed the virtual
> > memory settings to higher amounts and also
to System Managed.
> >
> > Any ideas would be appreciated.
>
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: Terminal Server lockups
Date:
10/01/2007 16:22:32
Hi Ray,
All of your regular users should have limited rights
to the server.
They should not be a member of any of the built-in
local groups
besides Users and Remote Desktop Users. The TS should
be
set to Full Security in Terminal Services
Configuration. With that
in mind the likelihood of them doing serious damage to
the server
is greatly reduced (not eliminated).
Do you allow your users to browse the Internet while
on your
TS? Are they allowed to download files?
Are you stripping dangerous attachments from email
messages
before they reach the mailboxes? Do you have Antivirus
on
your email server scanning each message?
Do you have your security zones configured so that
users are
unable to run programs from unapproved network
locations?
Are you using Software Restriction Policies to limit
which
programs each user can run?
Do you have Group Policies configured for your TS to
limit
what each user can do while logged on to the TS?
My suggestion to remove the Antivirus is a temporary
measure.
I would recommend that you consider the above
questions and
then decide whether it is an acceptable risk or not to
remove
the Antivirus. Antivirus software can help reduce but
by no
means eliminate the risk of infection/data loss.
What other third-party applications are installed that
integrate
with the shell or IE? For example, one sign (there are
many)
of an application that integrates with the shell is
that when you
right-click on a file/folder an extra menu will be
automatically
added (like "Scan for Viruses"). The default
shell is explorer.exe;
this is what provides the taskbar, desktop icons, etc.
It appears that you don't have enough RAM in your
server for
the load. I recommend increasing to 4GB. This will
*not*
normally cause the crashing you are seeing, but will
cause
slowness and temporary pauses.
Has this server always had crashes/hangs like this?
If there are lots of issues it *may* be better to
simply restore
the last known working image of the server. If you do
not have
that then perhaps a complete reinstall may be called
for.
You may have too many different variables in play on
your
server for me to help you via a newsgroup post.
Removing
variables is helpful because it will allow us to drill
down to
the real cause which is often not obvious.
-TP
Ray234 wrote:
> I'll have to look into removing Symantec from
this server. I don't
> like leaving 25+ users on a server with no A/V
protection.
>
> As far as the logs go, the System log had:
> 1) Dcom service failed (5-6 entries).
> 2) "Timeout waiting for a transaction
response from the Symantec
> Antivirus service" several times.
> The Application log had:
> 1) Application Hang errors - Excel, IE, Outlook,
Acrobat.
> 2) Fault Bucket.
>
> The server is currently 2 days behind in
definitions, and the backup
> failed last night with a "TCP Reconnect
timeout".
> I did an 'arp -a', but didn't see the server that
does the backup and
> Symantec updates (same server for both). I did a
ping of that
> server, and then it showed up. I cleared the arp
cache before that.
> Didn't hear from any users of any other issues,
but most likely
> they'll show up tomorrow, if it follows the
trend.
>
> As far as performance, the CPU was about 3-5%,
with spikes of 10-15%.
> The Physical memory is: Total-2096492,
Available-92240, System
> Cache-414632. The Commit Charge is:
Total-2825012, Limit-4043560,
> Peak-2890136. They Kernel Memory is:
Total-264136, Paged-206216,
> Nonpaged-57920.
>
> Hope that helps.
>
> Ray
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: Terminal Server Licensing Service in SBS2003 environment
Date:
09/24/2007 16:07:20
Hi Cary,
from
http://ts.veranoest.net/ts_faq_licensing.htm#move_LS
Q: How do I move my TS licenses to a new TS Licensing
Server?
A: Here are the steps to move your TS CALs from one TS
Licensing
Server to another:
1. install the Terminal Server Licensing component on
the
new server
2. activate the TS Licensing Server on the new server
3. install your TS CALs on the new server. Since
licenses
cannot be installed more than once, you will have to
call
the Microsoft Clearinghouse. They will re-issue your
licenses for installation on the new server.
* make sure that you have all the paperwork for the
licenses
at hand (purchase contracts, licensing agreements,
etc)
* start the Terminal Services Licensing tool,
right-click
the server, choose Properties, choose
"Telephone" on the
"Connection Metod" tab, choose your country
or region,
click "OK".
Right-click the server again, choose "Install
licenses",
click "Next".
* call the regional Clearinghouse telephone number;
they
will guide you through the rest of the installation
process
4. verify that your Terminal Server(s) can locate the
new
TS Licensing Server
5. deactivate the TS Licensing Server on the old
server
and uninstall it
The above list assumes installation on a new, separate
server.
Since you are going to wipe the original server, you
cannot perform
them in the exact order as above. Make sure that you
have the
paperwork, and make sure that you deactivate and
uninstall the old
TS Licensing Server, to fully remove it from the
forest. Otherwise
it will still be listed in the AD and might cause a
problem if a
new TSLS is configured in the future in that forest.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
"Cary W. Shultz" wrote on 24
sep 2007 in
microsoft.public.windows.terminal_services:
> Good afternoon!
>
> I have not ever done what we are going to do on Thursday
so I
> want to make sure that I have my ducks in a row.
>
> We inherited this environment recently.....
>
> SBS2003 environment: single server, multiple
physical locations.
> The SBS2003 Server is the only server in that
forest.
>
> The previous consultant placed a TS (on a Domain
> Controller...eeh gads!) in another forest and
created the
> identical user accounts on that TS box as exist
in the SBS2003
> domain.
>
> Well, we are going to wipe that TS Server,
install WIN2003 SP2,
> join it to the SBS2003 Domain as a member server,
install TS in
> application mode and then install the
applications.
>
> My question is this: the licensing server is
currently the
> machine that we are going to wipe. How do I
transfer the
> license from that machine to the SBS2003. I mean,
installing
> TSLS and going through the process on a fresh
install is a piece
> of cake. I have done it many times. I have never
had to
> "transfer".
>
> I want to avoid the situation where users can no
longer access
> the terminal server!
>
> Thanks,
>
> Cary
Top
From: Cary W. Shultz
<cshultz@nospam.outsourceitcorp.com>
To:
none
Subject:
Re: Terminal Server Licensing Service in SBS2003 environment
Date:
09/24/2007 16:50:46
Vera,
Thanks! I knew to look at your web site (it has saved
my butt more than
once!) but I have simply been swamped with a ton of
projects this week (yes,
it is only Monday!).
Thanks,
Cary
"Vera Noest [MVP]" wrote in message
news:Xns99B5EB356579Fveranoesthemutforsse@207.46.248.16...
> Hi Cary,
> from
>
http://ts.veranoest.net/ts_faq_licensing.htm#move_LS
>
> Q: How do I move my TS licenses to a new TS
Licensing Server?
>
> A: Here are the steps to move your TS CALs from
one TS Licensing
> Server to another:
>
> 1. install the Terminal Server Licensing
component on the
> new server
> 2. activate the TS Licensing Server on the new
server
> 3. install your TS CALs on the new server. Since
licenses
> cannot be installed more than once, you will have
to call
> the Microsoft Clearinghouse. They will re-issue
your
> licenses for installation on the new server.
> * make sure that you have all the paperwork for
the licenses
> at hand (purchase contracts, licensing agreements,
etc)
> * start the Terminal Services Licensing tool,
right-click
> the server, choose Properties, choose
"Telephone" on the
> "Connection Metod" tab, choose your
country or region,
> click "OK".
> Right-click the server again, choose
"Install licenses",
> click "Next".
> * call the regional Clearinghouse telephone
number; they
> will guide you through the rest of the
installation
> process
> 4. verify that your Terminal Server(s) can locate
the new
> TS Licensing Server
> 5. deactivate the TS Licensing Server on the old
server
> and uninstall it
>
> The above list assumes installation on a new,
separate server.
> Since you are going to wipe the original server,
you cannot perform
> them in the exact order as above. Make sure that
you have the
> paperwork, and make sure that you deactivate and
uninstall the old
> TS Licensing Server, to fully remove it from the
forest. Otherwise
> it will still be listed in the AD and might cause
a problem if a
> new TSLS is configured in the future in that
forest.
>
>
_________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private
email ___
>
>
> "Cary W. Shultz" wrote on 24
> sep 2007 in
microsoft.public.windows.terminal_services:
>
>> Good afternoon!
>>
>> I have not ever done what we are going to do
on Thursday so I
>> want to make sure that I have my ducks in a
row.
>>
>> We inherited this environment recently.....
>>
>> SBS2003 environment: single server, multiple
physical locations.
>> The SBS2003 Server is the only server in that
forest.
>>
>> The previous consultant placed a TS (on a
Domain
>> Controller...eeh gads!) in another forest and
created the
>> identical user accounts on that TS box as
exist in the SBS2003
>> domain.
>>
>> Well, we are going to wipe that TS Server,
install WIN2003 SP2,
>> join it to the SBS2003 Domain as a member
server, install TS in
>> application mode and then install the
applications.
>>
>> My question is this: the licensing server is
currently the
>> machine that we are going to wipe. How do I
transfer the
>> license from that machine to the SBS2003. I
mean, installing
>> TSLS and going through the process on a fresh
install is a piece
>> of cake. I have done it many times. I have
never had to
>> "transfer".
>>
>> I want to avoid the situation where users can
no longer access
>> the terminal server!
>>
>> Thanks,
>>
>> Cary
Top
From: Vera Noest [MVP]
<vera.noest@remove-this.hem.utfors.se>
To:
none
Subject:
Re: Terminal Server Licensing Service in SBS2003 environment
Date:
09/25/2007 13:12:01
You're welcome, Cary!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___
"Cary W. Shultz" wrote on 24
sep 2007 in
microsoft.public.windows.terminal_services:
> Vera,
>
> Thanks! I knew to look at your web site (it has
saved my butt
> more than once!) but I have simply been swamped
with a ton of
> projects this week (yes, it is only Monday!).
>
> Thanks,
>
> Cary
>
> "Vera Noest [MVP]" wrote
> in message
>
news:Xns99B5EB356579Fveranoesthemutforsse@207.46.248.16...
>> Hi Cary,
>> from
>>
http://ts.veranoest.net/ts_faq_licensing.htm#move_LS
>>
>> Q: How do I move my TS licenses to a new TS
Licensing Server?
>>
>> A: Here are the steps to move your TS CALs
from one TS
>> Licensing Server to another:
>>
>> 1. install the Terminal Server Licensing
component on the
>> new server
>> 2. activate the TS Licensing Server on the
new server
>> 3. install your TS CALs on the new server.
Since licenses
>> cannot be installed more than once, you will
have to call
>> the Microsoft Clearinghouse. They will
re-issue your
>> licenses for installation on the new server.
>> * make sure that you have all the paperwork
for the licenses
>> at hand (purchase contracts, licensing
agreements, etc)
>> * start the Terminal Services Licensing tool,
right-click
>> the server, choose Properties, choose
"Telephone" on the
>> "Connection Metod" tab, choose your
country or region,
>> click "OK".
>> Right-click the server again, choose
"Install licenses",
>> click "Next".
>> * call the regional Clearinghouse telephone
number; they
>> will guide you through the rest of the
installation
>> process
>> 4. verify that your Terminal Server(s) can
locate the new
>> TS Licensing Server
>> 5. deactivate the TS Licensing Server on the
old server
>> and uninstall it
>>
>> The above list assumes installation on a new,
separate server.
>> Since you are going to wipe the original
server, you cannot
>> perform them in the exact order as above.
Make sure that you
>> have the paperwork, and make sure that you
deactivate and
>> uninstall the old TS Licensing Server, to
fully remove it from
>> the forest. Otherwise it will still be listed
in the AD and
>> might cause a problem if a new TSLS is
configured in the future
>> in that forest.
>>
>>
_________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by
private email ___
>>
>>
>> "Cary W. Shultz" wrote on
>> 24 sep 2007 in
microsoft.public.windows.terminal_services:
>>
>>> Good afternoon!
>>>
>>> I have not ever done what we are going to
do on Thursday so I
>>> want to make sure that I have my ducks in
a row.
>>>
>>> We inherited this environment
recently.....
>>>
>>> SBS2003 environment: single server,
multiple physical
>>> locations.
>>> The SBS2003 Server is the only server in
that forest.
>>>
>>> The previous consultant placed a TS (on a
Domain
>>> Controller...eeh gads!) in another forest
and created the
>>> identical user accounts on that TS box as
exist in the SBS2003
>>> domain.
>>>
>>> Well, we are going to wipe that TS
Server, install WIN2003
>>> SP2, join it to the SBS2003 Domain as a
member server, install
>>> TS in application mode and then install
the applications.
>>>
>>> My question is this: the licensing server
is currently the
>>> machine that we are going to wipe. How do
I transfer the
>>> license from that machine to the SBS2003.
I mean, installing
>>> TSLS and going through the process on a
fresh install is a
>>> piece of cake. I have done it many times.
I have never had
>>> to "transfer".
>>>
>>> I want to avoid the situation where users
can no longer access
>>> the terminal server!
>>>
>>> Thanks,
>>>
>>> Cary
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: Terminal Server licensing grace period is about to expire.
Date:
09/27/2007 11:24:02
Hi Kelly,
Please follow the instructions in the KB article you
referenced
to fix this issue.
Thanks.
-TP
KJM wrote:
> I have added some new terminal servers to my
Citrix Farm and I get the
> following msg in the event log. I already have an
established
> terminal server licensing server that I have used
for years.
>
> Event Type: Warning
> Event Source: TermService
> Event Category: None
> Event ID: 1009
> Date: 9/26/2007
> Time: 8:45:18 PM
> User: N/A
> The terminal server licensing grace period is
about to expire on
> 9/20/2007 and the service has not registered with
a license server
> with installed licenses. A terminal server
license server is
> required for continuous operation. A terminal
server can operate
> without a license server for 120 days after
initial start up.
>
> Obviously, the expiration date is in the past and
I can connect to the
> terminal server without issue. I have not tried a
new box that has not
> connected to the termnial server farm yet though.
I have hardcoded
> the license server in the registry and when I use
lsview to locate a
> license server it comes back with the accurate
license server. Is
> this a bogus msg as referenced in MS article:
>
http://support.microsoft.com/default.aspx/kb/885013
>
> I am using per user CAL and per user mode on the
TS.
>
> Thanks for the help,
>
> Kelly
Top
From: KJM
<KJM@discussions.microsoft.com>
To:
none
Subject:
Re: Terminal Server licensing grace period is about to expire.
Date:
09/27/2007 11:43:01
I will do so. Is there any reason why I wouldn't get
this msg on the other
10 servers that have been in the farm for a couple of
years? I have not had
to add the LicensingGracePeriodEnded entry for those
servers. I know it's
easy to add the entry and see if I continue to get the
msgs but I just
wanted to confirm that my licensing was behaving
properly before suppressing
the msg.
Thanks for your quick reply,
Kelly
"TP" wrote:
> Hi Kelly,
>
> Please follow the instructions in the KB article
you referenced
> to fix this issue.
>
> Thanks.
>
> -TP
>
> KJM wrote:
> > I have added some new terminal servers to my
Citrix Farm and I get the
> > following msg in the event log. I already
have an established
> > terminal server licensing server that I have
used for years.
> >
> > Event Type: Warning
> > Event Source: TermService
> > Event Category: None
> > Event ID: 1009
> > Date: 9/26/2007
> > Time: 8:45:18 PM
> > User: N/A
> > The terminal server licensing grace period
is about to expire on
> > 9/20/2007 and the service has not registered
with a license server
> > with installed licenses. A terminal server
license server is
> > required for continuous operation. A
terminal server can operate
> > without a license server for 120 days after
initial start up.
> >
> > Obviously, the expiration date is in the
past and I can connect to the
> > terminal server without issue. I have not
tried a new box that has not
> > connected to the termnial server farm yet
though. I have hardcoded
> > the license server in the registry and when
I use lsview to locate a
> > license server it comes back with the
accurate license server. Is
> > this a bogus msg as referenced in MS
article:
> >
http://support.microsoft.com/default.aspx/kb/885013
> >
> > I am using per user CAL and per user mode on
the TS.
> >
> > Thanks for the help,
> >
> > Kelly
>
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: Terminal Server licensing grace period is about to expire.
Date:
09/27/2007 12:08:13
This is a known issue. I do not know the exact set of
steps to reproduce the issue so it may or may not
appear
on your other servers.
Since you are using Per User mode you will be fine so
long as your TS servers are able to contact an
activated
TS Licensing server. If they are not you will see
additional
warnings/errors in your error log, for example:
Type: Warning
Source: TermService
Event ID: 1010
Description: The terminal server could not locate a
license server.
Confirm that all license servers on the network are
registered in
WINS/DNS, accepting network requests, and the Terminal
Server Licensing Service is running.
Type: Error
Source: TermService
Event ID: 1008
Description: The terminal server licensing grace
period has expired
and the service has not registered with a license
server with
installed licenses. A terminal server license server
is required for
continuous operation. A terminal server can operate without
a
license server for 120 days after initial start up.
Type: Warning
Source: TermService
Event ID: 1026
Description: The terminal server could not locate a
license server in
the domain. Confirm that all license servers on the
network are registered in WINS/DNS, accepting network
requests,
and the Terminal Server Licensing Service is running.
You will also notice problems connecting to the TS.
The error
messages you receive may be unclear that the problem
is really a
licensing issue.
In your case you are describing a warning that refers
to a date
that has clearly past, however, you don't mention any
symptoms
or other errors/warnings in your logs. This fits the
bug symptoms
exactly.
-TP
KJM wrote:
> I will do so. Is there any reason why I wouldn't
get this msg on the
> other 10 servers that have been in the farm for a
couple of years? I
> have not had to add the LicensingGracePeriodEnded
entry for those
> servers. I know it's easy to add the entry and
see if I continue to
> get the msgs but I just wanted to confirm that my
licensing was
> behaving properly before suppressing the msg.
>
> Thanks for your quick reply,
>
> Kelly
Top
From: KJM <KJM@discussions.microsoft.com>
To:
none
Subject:
Re: Terminal Server licensing grace period is about to expire.
Date:
09/27/2007 12:19:00
Your correct. The eventid 1009 referenced earlier is
all that I am
receiving. Thanks for your help!
Kelly
"TP" wrote:
> This is a known issue. I do not know the exact
set of
> steps to reproduce the issue so it may or may not
appear
> on your other servers.
>
> Since you are using Per User mode you will be
fine so
> long as your TS servers are able to contact an
activated
> TS Licensing server. If they are not you will see
additional
> warnings/errors in your error log, for example:
>
> Type: Warning
> Source: TermService
> Event ID: 1010
> Description: The terminal server could not locate
a license server.
> Confirm that all license servers on the network
are registered in
> WINS/DNS, accepting network requests, and the
Terminal
> Server Licensing Service is running.
>
> Type: Error
> Source: TermService
> Event ID: 1008
> Description: The terminal server licensing grace
period has expired
> and the service has not registered with a license
server with
> installed licenses. A terminal server license
server is required for
> continuous operation. A terminal server can
operate without a
> license server for 120 days after initial start
up.
>
> Type: Warning
> Source: TermService
> Event ID: 1026
> Description: The terminal server could not locate
a license server in
> the domain. Confirm that all license servers on
the
> network are registered in WINS/DNS, accepting
network requests,
> and the Terminal Server Licensing Service is
running.
>
> You will also notice problems connecting to the
TS. The error
> messages you receive may be unclear that the
problem is really a
> licensing issue.
>
> In your case you are describing a warning that
refers to a date
> that has clearly past, however, you don't mention
any symptoms
> or other errors/warnings in your logs. This fits
the bug symptoms
> exactly.
>
> -TP
>
> KJM wrote:
> > I will do so. Is there any reason why I
wouldn't get this msg on the
> > other 10 servers that have been in the farm
for a couple of years? I
> > have not had to add the
LicensingGracePeriodEnded entry for those
> > servers. I know it's easy to add the entry
and see if I continue to
> > get the msgs but I just wanted to confirm
that my licensing was
> > behaving properly before suppressing the
msg.
> >
> > Thanks for your quick reply,
> >
> > Kelly
>
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: Task Manager - allowing user to end their own process
Date:
09/24/2007 16:40:37
Hi,
By default users will only see their own processes in
task
manager and can end them if necessary. Since you
disabled
right-click on taskbar they will need to use
Ctrl-Alt-End to
access task manager. You may want to remove the Run
command so that they will not have that option.
If the users are seeing more than just their own
processes
then they either have too much rights or their
registry has
the taskman flag set for Show processes from all
users.
-TP
tnt wrote:
> Guys,
>
> We have locked most of the stuff users can do on
the terminal server
> environment, i.e. disallowing right-cling on task
bar.
>
> I have occasionally had users called because the
application they run
> froze on them. Can I allow the user to right
click the task manager
> and end their own process and not others?
>
> Tent
Top
From: tnt
<tnt@discussions.microsoft.com>
To:
none
Subject:
Re: Task Manager - allowing user to end their own process
Date:
09/27/2007 02:24:01
TP,
Thanks for the reply. I remember reading something
about the default user
being able to end their own tasks.
Is there anyway I can hide hide "processes
tab" on the task manager?
By the way, when you do Ctrl-Alt-End, don't you get
the task manager locally
and not the one that is opened from your terminal
session ( I am using RDP
and not the actual terminal hardware -dumb termina).
Thanks,
Tntl
"TP" wrote:
> Hi,
>
> By default users will only see their own
processes in task
> manager and can end them if necessary. Since you disabled
> right-click on taskbar they will need to use
Ctrl-Alt-End to
> access task manager. You may want to remove the
Run
> command so that they will not have that option.
>
> If the users are seeing more than just their own
processes
> then they either have too much rights or their
registry has
> the taskman flag set for Show processes from all
users.
>
> -TP
>
> tnt wrote:
> > Guys,
> >
> > We have locked most of the stuff users can
do on the terminal server
> > environment, i.e. disallowing right-cling on
task bar.
> >
> > I have occasionally had users called because
the application they run
> > froze on them. Can I allow the user to right
click the task manager
> > and end their own process and not others?
> >
> > Tent
>
Top
From: TP
<tperson.knowspamn@mailandnews.com>
To:
none
Subject:
Re: Task Manager - allowing user to end their own process
Date:
09/27/2007 09:12:10
I do not know of a way to hide the processes tab.
Ctrl-Alt-End brings up the Windows Security dialog box
in your Remote session.
-TP
tnt wrote:
> TP,
>
> Thanks for the reply. I remember reading
something about the default
> user being able to end their own tasks.
>
> Is there anyway I can hide hide "processes
tab" on the task manager?
>
> By the way, when you do Ctrl-Alt-End, don't you
get the task manager
> locally and not the one that is opened from your
terminal session ( I
> am using RDP and not the actual terminal hardware
-dumb termina).
>
> Thanks,
> Tntl
Top
Post your
questions, comments, feedbacks and suggestions
|