Citrix XenApp 6.5 Expert Cookbook

By Esther Barthel MSc
  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Remote Desktop Services

About this book

In the age of cybernation, Citrix XenApp has emerged as a prolific application virtualization product. This powerful solution enables users or an enterprise to have centrally hosted and managed applications on corporate servers which can be accessed remotely from a wide range of computer and mobile devices. To deliver shared hosted virtual desktops and applications, XenApp synchronizes with Citrix tools such as NetScaler Gateway that offer secure remote access.

Giving you an insight into configuring, managing, and optimizing the advanced features of Citrix XenApp, this practical guide starts by helping you establish Remote Desktop Services and understanding the Citrix Licensing protocol. You then get a walkthrough of the Citrix Web Interface and then finally move on to successfully manage your XenApp server using PowerShell and command-line tooling.

Citrix XenApp6.5 Expert Cookbook clearly teaches you to work with the XenApp tool to deliver published desktops and applications from a XenApp server to the end user.

Packed with practical recipes, this book starts with helping you understand the basics of Remote Desktop Services and proceeds to explain in detail the usage of Citrix License servers. Furthermore, you will learn to utilize the Citrix web interface, which acts as the central portal where users remotely access their desired applications. Next, you will move on to the key technical implementation of the NetScaler Gateway tool which Citrix uses to provide secured services.

Finally, you will advance to learn about the basic management consoles and tooling, configuration, and troubleshooting methods of XenApp with command-line tools and PowerShell scripts. You will also get a glimpse into the buzzing Citrix community by learning some great additional tools and scripts built by Citrix community enthusiasts.

This guide is an invaluable tutorial to help you to explore and optimize the XenApp tool to virtually deliver desktops and applications.

Publication date:
January 2014
Publisher
Packt
Pages
420
ISBN
9781849685221

 

Chapter 1. Remote Desktop Services

In this chapter, we will cover the following topics:

  • Scripting a command-line installation of the RD License Server

  • Configuring the RD License Server

  • Scripting a command-line installation of the RD Session Host

  • Configuring the RD Session Host

  • Configuring RDS settings with Microsoft Group Policies

  • Revoking RDS Device CALs with RD License Manager

  • Creating RDS Per User CALs reports

  • Using the Licensing Diagnosis snap-in for RD Session Hosts

  • Troubleshooting RD License Server discovery

  • Troubleshooting RD License Issuance

  • Rebuilding the RD License Database

  • Recovering your RDS CALs to a new RD License Server

 

Introduction


A Citrix XenApp (CXA) infrastructure consists of many components to ensure that its users can start a published desktop or an application. One of the core components in the infrastructure is the Remote Desktop Services (RDS) role that can be installed on a Windows Server, allowing multiple and simultaneous desktop sessions to run on one Windows Server. This chapter offers a number of tips and tricks to manage, monitor, and troubleshoot the RDS Windows server role within the XenApp infrastructure.

The Citrix® XenApp infrastructure relies on two important Remote Desktop role services—the Remote Desktop (RD) License Server, which manages the RDS Client Access Licenses (CALs) that are required to start a Remote Desktop session on a Windows Server and the Remote Desktop (RD) Session Host that actually runs the user sessions on the Windows Server.

 

Scripting a command-line installation of the RD License Server


This recipe will show you how to build an unattended installation for the RD License Server by using command-line instructions. In this way, you can create an unattended installation sequence for your XenApp infrastructure deployment.

Getting ready

To install the RD Licensing Role Service you need to install and set up a new Windows Server 2008 R2 server or add the Windows Role Service to an existing server.

To build an unattended installation for the RD License Server, you can use the servermanagercmd.exe command to add the Windows Role Service to the server.

How to do it...

To add the RD License Server service to a Windows server, follow this step:

  1. Run the following command line on a Windows Server 2008 R2 server:

    servermanagercmd.exe –install RDS-Licensing -logPath C:\logs\log.txt -restart
    

How it works...

When you run the servermanagercmd.exe command, the following message is shown:

Servermanagercmd is deprecated and not guaranteed to be supported in future releases of Windows. We recommend that you use the Windows PowerShell cmdlets that are available for Server Manager.

Even though it might no longer be supported in future releases, it still works with Windows Server 2008 R2 to create an unattended installation to add Windows features, roles, or services to Windows Server 2008 R2. You can run the servermanagercmd.exe command with various parameters.

To check the installed roles and features on a Windows Server 2008 R2 server, you can use the following command line:

servermanagercmd -query [<query.xml>] [-logPath <log.txt>]

Windows Server 2008 R2 uses the following parameters:

  • -query: This specifies an optional XML file used to save the results of the query

  • -logPath: This specifies an optional log file other than the %windir%\temp\servermanager.log path used by default

When you want to change the installed roles and features on a Windows Server 2008 R2 server, you can add the following parameters to the servermanagercmd command:

servermanagercmd [-install|-remove] <Id> [-allSubFeatures]
[-resultPath <result.xml>] [-restart] [-whatIf] [-logPath <log.txt>]

This command uses the following parameters:

  • -install: This installs the specified role, role service, or feature on the Windows Server

  • -remove: This removes the specified role, role service, or feature from the Windows Server

  • -resultPath: This specifies the XML file that saves the results of the command

  • -logPath: This specifies an optional log file other than the %windir%\temp\servermanager.log file used by default

There's more...

You can read more about servermanagercmd.exe on Microsoft TechNet: http://technet.microsoft.com/en-us/library/ee344834(v=ws.10).aspx.

If you are not comfortable using a deprecated command or if you want to use a method that will be supported in future Windows server releases, you can also use Windows PowerShell to install the required Windows Server 2008 R2 roles and features. Windows PowerShell 2.0 is installed by default on the server. The following PowerShell commands will install the RD Licensing Role Service on the server:

Import-Module ServerManager
Add-WindowsFeature –Name RDS-Licensing –LogPath <log.txt> -Restart

You can read more about the Add-WindowsFeature PowerShell cmdlet on Microsoft TechNet: http://technet.microsoft.com/en-us/library/ee662309.aspx.

See also

  • The Configuring the RD License Server recipe

 

Configuring the RD License Server


This recipe will show you how to configure the RD License Server by using Windows PowerShell scripts to create an unattended installation for the configuration of your XenApp infrastructure.

Getting ready

In order to configure the RD Licensing Role Service, you need to have the RD License Server installed. You can use the unattended installation directions in the previous recipe for installing the RD License Server.

To run the provided PowerShell commands, the default execution mode for PowerShell scripting needs to be changed so that the commands can be run on the server. You can change the PowerShell execution mode from Restricted to RemoteSigned with the following PowerShell command:

Set-ExecutionPolicy RemoteSigned -Force

How to do it...

To configure the RD License Server through command-line tools and/or scripts and build an unattended configuration script, follow these steps:

  1. Run the following Windows PowerShell script to configure the RD License Server:

    # Import the RDS PowerShell module 
    Import-Module RemoteDesktopServices
    # Navigate to the RDS Provider for Windows PowerShell 
    Set-Location RDS:
    # Navigate to the RD License Server configuration 
    cd  RDS:\LicenseServer\Configuration
    # Config required info fields for the activation process 
    Set-Item –Path .\FirstName -Value Test
    Set-Item –Path .\LastName -Value User
    Set-Item -Path .\Company -Value CBlab
    Set-Item -Path .\CountryRegion -Value "Netherlands, The"
    # Optional info can be configured with the following lines 
    Set-Item -Path .\eMail -Value  <Email> 
    Set-Item -Path .\OrgUnit –Value <OU>
    Set-Item -Path .\Address –Value <Address>
    Set-Item -Path .\City –Value <City>
    Set-Item -Path .\State –Value <State>
    Set-Item -Path .\PostalCode –Value <PostalCode>
    # Navigate to the RD License Server configuration
    cd  RDS:\LicenseServer
    # Activate the RD License Server
    Set-Item –Path .\ActivationStatus -Value 1 -ConnectionMethod AUTO -Reason 5
    

    Tip

    You can use the Get-Help command to get more information on the available options per item, which is as follows:

    Get-Help Set-Item -Path RDS:\LicenseServer\ActivationStatus –Detailed

  2. Add the purchased RDS CALs by using the provided wizard.

    Tip

    Using a PowerShell script to automatically add the purchased RDS CALs requires detailed knowledge of the license agreement arrangements with Microsoft and Windows PowerShell only currently supports adding RDS CALs through the automatic connection method. To keep away from adding fraud sensitive information such as your Microsoft agreement number or purchased License keys to commonly available scripts, I recommend adding the RDS CAL packs manually to the configured RD License Server rather than automating these steps in your PowerShell scripts.

How it works...

When you import the Remote Desktop Services module in Windows PowerShell, the Remote Desktop Services (RDS) provider is also included. This provider enables you to configure RDS settings through Windows PowerShell by allowing you to change the RD License Server and RD Session Host server settings with default PowerShell cmdlets, such as Get-Item, Set-Item, New-Item, and Get-ChildItem.

To use the RDS provider, you simply need to change your location to the RDS drive by using the following Set-Location cmdlet:

Set-Location RDS:

To view the current configuration of the RD License Server, use the following Get-ChildItem cmdlet:

Get-ChildItem .\LicenseServer\Configuration

With the Set-Item cmdlet, you can change a setting by specifying the location of the configuration item and the new value that has to be set, as shown in the following command line:

Set-Item -Path RDS:\LicenseServer\Configuration\<ConfigItem> -Value <ConfigItemValue>

The Set-Item cmdlet uses the following parameters:

  • -Path: This path specifies the configuration item whose settings need to be changed

  • -Value: This specifies the new value for the specified configuration item

Activating your RD License Server is also done with the following Set-Item cmdlet:

Set-Item –Path RDS:\LicenseServer\ActivationStatus -Value <Status> -ConnectionMethod <ConnectionMethod> -Reason <Reason>

The Set-Item cmdlet uses the following parameters:

  • -Path: This path specifies the configuration item whose settings need to be changed.

  • -Value: This specifies the new value for the specified configuration item. Valid entries for ActivationStatus are 1 (Activate) or 0 (Deactivate).

  • -ConnectionMethod: This specifies the connection method used for the activation process. Currently only AUTO is supported for PowerShell cmdlets.

  • -Reason: This specifies the reason for the activation. Valid entries are 0 (server redeployed), 4 (server upgraded), and 5 (first-time activation).

As mentioned in the How to do it... section, you can use the Set-Item cmdlet to install the purchased RDS CAL packs. The required parameters for the cmdlet depend upon the used license type and agreement with Microsoft. When you are uncertain about the parameters you will need to provide, use the following Get-Help cmdlet to find the required parameters and corresponding values:

Get-Help New-Item -Path RDS:\LicenseServer\LicenseKeyPacks -Detailed

The next two examples show you how the required parameters change depending on your license type.

An example of the required parameters for an open license:

New-Item -Path RDS:\LicenseServer\LicenseKeyPacks -ConnectionMethod AUTO -LicenseType OPEN -LicenseNumber 0000000 –AuthorizationNumber 'XXXXXXXXXXXXXXX' -ProductVersion 1 -ProductType 1 -LicenseCount 1

An example of the required parameters for a retail license:

New-Item -Path RDS:\LicenseServer\LicenseKeyPacks -ConnectionMethod AUTO -LicenseType RETAIL -LicCode 'XXXXX-XXXXX-XXXXX-XXXXX-XXXXX'

Note

If you receive a permission denied error when running the PowerShell command, check out the Microsoft Knowledge Base article available at http://support.microsoft.com/kb/2648662/en-us.

Adding RDS CALs normally has to be performed only once during the initial configuration of the RD License Server as scripting this part of the configuration is subjected to the license type used. The manual installation of the CALs takes far less time than developing and testing the required PowerShell commands.

Tip

To avoid addition of fraud sensitive information such as your Microsoft Agreement number or purchased License keys to commonly available scripts, I recommend adding the RDS CAL packs manually to the configured RD License Server and to avoid automating these steps in your PowerShell scripts.

There's more...

You can read more about the RDS provider for Windows PowerShell at Microsoft TechNet: http://technet.microsoft.com/en-us/library/ee791871(v=WS.10).aspx.

If you are not comfortable running the provided PowerShell script, you can always configure and activate your RD License Server manually by following the instructions from Microsoft TechNet available at http://technet.microsoft.com/en-us/library/cc770368.aspx, and add RDS CAL license packs manually by following the instructions from Microsoft TechNet available at http://technet.microsoft.com/en-us/library/cc770368.aspx.

See also

  • The Scripting a command-line installation of the RD License Server recipe

 

Scripting a command-line installation of the RD Session Host


This recipe will show you how to build an unattended installation for the RD Session Host by using command-line instructions. In this way, you can create an unattended installation sequence for your XenApp infrastructure deployment.

Getting ready

To install the RD Session Host server Role Service, you need to install and set up a new Windows Server 2008 R2 server or add the Role Service to an existing server.

How to do it...

To add the RD Session Host server Role Service to a Windows server, follow these steps:

  1. Run the following command-line on a Windows Server 2008 R2 server:

    servermanagercmd.exe -install RDS-RD-Server -logPath C:\logs\log.txt -restart
    

    Note

    A restart is required when installing the RD Session Host role to complete the installation.

How it works...

The servermanagercmd.exe command is explained in detail in the Scripting a command-line installation of the RD License Server recipe.

There's more...

As an alternative method to the deprecated servermanagercmd.exe, you can use Windows PowerShell to install the the Windows Role Service. You can use the following PowerShell command to add the RD Session Host Role Service:

Import-Module ServerManager
Add-WindowsFeature –Name RDS-RD-Server –LogPath <log.txt> -Restart

See also

  • The Configuring the RD Session Host recipe

 

Configuring the RD Session Host


This recipe will show you how to configure the Remote Desktop Session Host by using PowerShell scripts to create an unattended installation and configuration for your XenApp infrastructure.

Getting ready

To configure the RD Session Host, you need to have the RD Session Host role installed on a Windows server. You can use the unattended installation directions from the previous recipe for the installation of the RD Session Host.

To run the provided PowerShell commands, you will need to change the default execution mode for PowerShell to a less restrictive mode on the server.

You can change the PowerShell execution mode from Restricted to RemoteSigned by running the following PowerShell command:

Set-ExecutionPolicy RemoteSigned -Force

How to do it...

To configure the RD Session Host, perform the following step:

  1. Run the following PowerShell script to configure your RD Session Host:

    # Import the RDS PowerShell module
    Import-Module RemoteDesktopServices
    # Navigate to the RDS Provider for Windows PowerShell
    Set-Location RDS:
    # Set General settings
    cd RDS:\RDSConfiguration\TempFolderSettings
    Set-Item -Path .\DeleteTempFolders -Value 1
    Set-Item -Path .\UseTempFolders -Value 1
    cd RDS:\RDSConfiguration\SessionSettings
    Set-Item -Path .\SingleSession - Value 1
    Set-Item -Path RDS:\RDSConfiguration\UserLogonMode -Value 0
    # Set the License Mode: Per User = 4, Per Device =2
    cd RDS:\RDSConfiguration\LicensingSettings
    Set-Item -Path .\LicensingType -Value 2
    # Specify the RD License Server by its FQDN
    New-Item -Path .\SpecifiedLicenseServers -Name CBDC01.cblab.local
    

These are the basic settings that are required by the XenApp infrastructure. All other settings are focused on the RDP-TCP protocol used by RDS and not the ICA protocol that will be used by the XenApp servers.

Note

The RDP-TCP settings are not discussed in detail in this book.

How it works...

How the Remote Desktop Services provider works is explained in the Configuring the RD License Server recipe.

The RD Session Host-specific information can be found by using the following PowerShell command to view the current configuration for the RD Session Host server:

Get-ChildItem .\RDSConfiguration

To set the license mode for the RD Session Host, you can use the following command:

Set-Item -Path RDS:\RDSConfiguration\LicensingSettings\LicensingType -Value <LicenseMode>

The Set-Item cmdlet uses the following parameters:

  • -Path: This path specifies the configuration item whose settings need to be changed.

  • -Value: This specifies the new value for the specified configuration item. Valid entries for the LicensingType are 2 (per device) or 4 (per user).

To specify an RD License Server for the RD Session Host to use, you can use the following New-Item cmdlet to add the server information:

New-Item -Path RDS:\RDSConfiguration\LicensingSettings\SpecifiedLicenseServers -Name <FQDNLicenseServer>

The New-Item cmdlet uses the following parameters:

  • -Name: This specifies the Fully Qualified Domain Name (FQDN) of the RD License Server

There's more...

You can read more about the RDS provider for Windows PowerShell at Microsoft TechNet: http://technet.microsoft.com/en-us/library/ee791871(v=WS.10).aspx.

If you are not comfortable with running the provided PowerShell scripts, you can always configure your RD Session Host manually by following the instructions from Microsoft TechNet: http://technet.microsoft.com/nl-nl/library/dd996653(v=ws.10).aspx.

See also

  • The Scripting a command-line installation of the RD Session Host recipe

  • The Configuring RDS settings with Microsoft Group Policies recipe

 

Configuring RDS settings with Microsoft Group Policies


This recipe shows you how to use Microsoft Group Policies to ensure all XenApp servers will have the same Remote Desktop Services settings applied within your infrastructure by applying the settings to your servers from a centrally configured location with Microsoft Group Policies.

Getting ready

To use Microsoft Group Policies and configure the required settings for your XenApp servers, you need to have the Group Policy Management feature installed on Windows Server 2008 R2 and be able to start the Group Policy Management Console on at least one of your servers.

You also need to ensure that the XenApp servers (or at least the RD Session Host servers) are put in their own Organizational Unit (OU) within Active Directory. This ensures you can attach Group Policy Objects (GPOs) with the required Group Policy settings to the server OU in Active Directory.

How to do it...

To configure RDS settings with Group Policies, follow these steps:

  1. Open the Group Policy Management Console by navigating to Start | Run | gpmc.msc.

  2. Select the Active Directory OU that contains the XenApp or RD Session Host servers.

  3. Click on the menu and navigate to Action | Create a GPO in this domain | Link it here....

  4. Enter a clear and explanatory name for your GPO, leave the Source Starter GPO set to none, and click on OK.

  5. Select the newly created GPO.

  6. Click on the menu and navigate to Action | Edit....

  7. Configure your RDS related settings and close Group Policy Management Console when you have finished.

    Note

    The most common RDS related settings that can be configured through Group Policies are explained in the next section.

How it works...

You can find all the RDS-related policy settings for Windows servers by navigating to Computer Configuration | Policies | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host within the Group Policy Editor.

You can configure the following RDS Session Host settings:

Subfolder

Settings

Configuration

Temporary folders

Do not delete the temp folder upon exit

This specifies whether RDS retains a user's per-session temporary folders at logoff.

Not configured = Temp folders are deleted unless specified otherwise.

Temporary folders

Do not use temporary folders per session

This specifies whether RDS creates session-specific temporary folders.

Not configured = per-session temporary folders are created unless specified otherwise.

Connections

Restrict RDS users to a single RDS session

This specifies whether users are restricted to a single remote RDS session.

Enabled = users who log on remotely will be restricted to a single session.

Connections

Allow users to connect remotely using RDS

This specifies whether remote access is allowed using RDS.

Not configured = the RDS setting determines whether a remote connection is allowed.

Licensing

Set the Remote Desktop licensing mode

This specifies the type of RDS client access license (RDS CAL) required: Per User or Per Device.

Enabled = Policy setting overrules installation settings.

Licensing

Use the specified RD License Servers

This specifies the order in which an RD Session Host server attempts to locate RD License Servers.

Enabled = RD Session Host server first attempts to locate the specified license servers. If this fails, it will attempt an automatic license server discovery.

These are the basic settings that are required by the XenApp infrastructure to be set. All other policy settings are focused on the RDP-TCP protocol used by Windows Remote Desktop Services and not the ICA protocol that is used by the XenApp servers.

Note

The RDP-TCP settings are not discussed in detail in this book.

There's more...

You can read more on All Group Policy Settings for Remote Desktop Services in Windows Server 2008 R2 at Microsoft TechNet: http at //technet.microsoft.com/en-us/library/ee791756(v=ws.10).aspx.

See also

  • The Configuring the RD Session Host recipe

 

Revoking RDS Device CALs with the RD License Manager


This recipe will show you how to manually revoke RDS Device CALs with the RD License Manager to manage the amount of available RD Licenses in your XenApp infrastructure.

Getting ready

To manage RDS Device CALs, a RD License Server needs to be installed and activated in the XenApp infrastructure. The RD License Server must also be issuing RDS Device CALs to client devices connecting to the RD Session hosts by the RDP protocol. Use the RD License Manager to check whether RDS Device CALs are issued by the RD License Server.

How to do it...

To revoke RDS Device CALs, follow these steps:

  1. Open the RD License Manager by navigating to Start | Run | licmgr.

  2. Double-click on the RD License Server in the right pane.

  3. Double-click on Installed TS or RDS Per Device CALs, as shown in the previous screenshot

  4. Right-click on the Per Device CAL that you want to revoke and select Revoke License.

  5. Click on Yes to confirm the revocation of the CAL.

  6. Click on OK.

The status of the revoked Per Device CAL has now been changed to Revoked.

How it works...

Each RD Session Host needs to be configured with an RD License Server and the RD licensing mode to run user sessions. The configured RD licensing mode determines the type of RDS CAL that will be requested from the RD License Server. This can either be a Per User or a Per Device RDS CAL.

When a user wants to set up a Remote Desktop session on an RD Session Host, the host will check whether or not a valid RDS CAL is presented and will request an RDS CAL with the RD License Server, if one cannot be provided. The following flowchart provides a (simplified) view of the process followed by the RD Session Host to check and request an RDS Device CAL for the client device:

If the device cannot present an RDS Device CAL, a temporary RDS Device CAL will be issued by the RD License server. If the device presents a temporary or expired RDS Device CAL, a permanent RDS Device CAL will be issued if the RD License Server has RDS Device CALs available. If no RDS Device CALs are available, no permanent RDS Device CAL can be issued and the issued RDS Device CAL is not replaced on the client device. If a valid temporary CAL is available, a Remote Desktop session can still be started; if not, the request is denied, and the Remote Desktop session is denied.

An RD License Server can always issue temporary CALs whether it is activated or not. An unlimited supply of temporary RDS CALs is installed by default on each RD License Server. Temporary RDS CALs are valid for 90 days.

Each permanent RDS CAL issued by the RD License server is automatically configured with an expiry date. This date is a random period of 52 to 89 days from the request date. The expiry date for each RDS CAL is logged by the RD License server to ensure that when the expiry date is reached, the RDS CAL is automatically returned to the pool of available RDS Device CALs on the RD License Server. The returned RDS CAL can be issued immediately to a new device when a CAL is requested.

If by any chance you want to return a RDS Device CAL to the pool of available CALs before it is expired, you can use the RD Licensing Manager to revoke a Per Device CAL.

Note

Keep in mind that only RDS Per Device CALs can be revoked and not RDS Per User CALs.

The revocation of RDS Device CALs is only meant to return issued CALs for devices that are no longer in use and there is no mechanism to dynamically manage your license pool. You are only allowed to revoke up to 20 percent of the CALs within a period of two and a half months.

There's more...

You can read more about Remote Desktop licensing at Microsoft TechNet at http://technet.microsoft.com/en-us/library/cc772298.aspx.

You can read more about Remote Desktop licensing at Microsoft TechNet at http://technet.microsoft.com/en-us/library/cc772298.aspx.

To keep track of the issued RDS Device CALs and automatically generate reports, you can use the Visual Basic script that is developed and provided on Microsoft's MSDN website to generate RDS Per Device CAL reports. The following screenshot is an example of such a report:

You can download the script and read more about it at Microsoft's MSDN blog at http://blogs.msdn.com/b/rds/archive/2007/08/10/generating-per-device-license-usage-reports-for-ts-license-servers-running-windows-server-2008.aspx.

See also

  • The Scripting a command-line installation of the RD License Server recipe

  • The Configuring the RD License Server recipe

  • The Creating RDS Per User CALs Reports recipe

 

Creating RDS Per User CALs Reports


This recipe will show you how to create RDS User CAL reports from the RD Licensing Manager. Unlike RDS Device CALs, the issued RDS User CALs are not shown in the management console. A report has to be created to get an overview of the issued RDS Per User CALs.

Getting ready

In order to manage your RDS Per User CALs, you need to have an RD License Server installed and activated so that it can issue RDS User CALs. In addition to this, you also need to have RDS Per User CALs installed on your RD License server and have your RD Session Host servers configured for the Per User license mode. This will ensure that your RD Session Host will request a valid Per User RDS CAL to be presented for each user that starts a Remote Desktop session on the server.

Note

You can check the previous recipes in this chapter for directions on setting up and configuring your RD License Server and RD Session Hosts.

How to do it...

You can check whether your RD License server is issuing RDS Per User CALs with the RD Licensing Manager. Unlike the Per Device CALs where all issued licenses are shown in the console, a report has to be generated to get an overview of the issued RDS Per User CALs. Follow these steps to generate the report:

  1. Open the RD License Manager by navigating to Start | Run | licmgr.

  2. Double-click on RD License Server in the right pane.

  3. Check if RDS Per User CALs are installed (shown in the right pane of the previous screenshot).

  4. Right-click on Reports in the left pane and select Create Report | Per User CAL Usage….

  5. Select Entire Domain and click on Create Report.

  6. Click on OK.

  7. Right-click on the newly created report in the Reports overview and select Save As.

  8. Save the report as a Comma Delimited (CSV) file.

You can view the report with either Notepad or Microsoft Excel as shown in the following screenshot:

There's more...

If you want to automate the generation of the Per User RDS CAL usage reports, you can also run the following PowerShell script:

# Import the RDS PowerShell module 
Import-Module RemoteDesktopServices
# Navigate to the RDS Provider for Windows PowerShell 
Set-Location RDS:
# Generate the Per User CAL report 
cd RDS:\LicenseServer\IssuedLicenses\PerUserLicenseReports
New-Item -Path . -Name PerUser20130707 -Scope DOM
# Check report settings 
Get-ChildItem –Path .\20130707_133613\Win2K8-Win2K8R2
Get-Item –Path .\20130707_133613\Win2K8-Win2K8R2\IssuedLicenses\*

The report name is automatically generated and based on the creation date of the report.

Note

It is currently not possible to specify a custom report name with the-Name parameter for the New-Item cmdlet to generate a Per User CAL usage report.

See also

  • The Scripting a command-line installation of the RD License Server recipe

  • The Configuring the RD License Server recipe

  • The Scripting a command-line installation of the RD Session Host recipe

  • The Configuring the RD Session Host recipe

  • The Configuring RDS settings with Microsoft Group Policies recipe

 

Using the Licensing Diagnosis snap-in for RD Session Hosts


This recipe will show you how to use the Licensing Diagnosis snap-in of the RD Session Host Configuration console. This snap-in allows you to check the health of your RD Session Host configuration and the communication with the RD License server.

Getting ready

In order to use the Licensing diagnosis snap-in, you need an installed and configured RD Session Host and an installed and configured RD License server as well. In order to read information on the RD License server with the Licensing Diagnosis snap-in, you also need to run it with a user account that has administrator privileges on the RD License server.

How to do it...

To use the Licensing Diagnosis snap-in, follow these steps:

  1. Open the RD Session Host Configuration console by navigating to Start | Run | tsconfig.msc.

  2. Click on Licensing Diagnosis in the left pane:

  3. Select the RD License server in the Remote Desktop Services License Server Information pane to view more details on the RD License server:

If the Licensing Diagnosis snap-in detects problems reading the RD Session Host configuration or has problems communicating with the RD Licensing Server, it will show clear warnings and/or error messages in the Licensing Diagnosis Information pane.

Note

The How it works... section of this recipe will provide more details on the different error messages that can be shown and their common fixes.

How it works...

The Licensing Diagnosis snap-in provides administrators with a quick diagnostic tool to check the configuration of the RD Session Host and the communication to and from the RD License servers. It will also provide clear error and warning messages when problems are detected.

Administrative privileges

To use the Licensing Diagnosis snap-in, it must be executed on the RD Session Host with an account that has local administrator permissions on the host. If your account does not have these permissions, a warning is shown when Licensing Diagnosis is selected in the left pane:

To view the RD License server information, the same account also needs administrative privileges on the RD License server. Without those privileges, the following error will be shown:

It is possible to provide separate credentials in the management console for the RD License server. By selecting the license server in the Remote Desktop Services License Server Information pane, and by selecting Provide Credentials from the Action menu, you can enter the required account information. After providing the right credentials, the RD Licensing server information is shown and no errors are reported.

RD Licensing service not started

When the RD License service is not started, the following error is shown:

License server <LicenseServerName> is not available. This could be caused by network connectivity problems, the RD Licensing service is stopped on the license server, or RD Licensing is no longer installed on the computer...

Make sure the RD Licensing service is started on the RD License server. If it is not started, start the service and refresh the Licensing Diagnosis information to see if the problem is resolved.

There's more...

You can read more on Licensing Diagnosis problems at the MSDN blog at http://blogs.msdn.com/b/rds/archive/2008/02/01/licensing-diagnosis-problems-and-resolutions.aspx.

See also

  • The Configuring the RD License Server recipe

  • The Configuring the RD Session Host recipe

  • The Troubleshooting RD License Issuance recipe

 

Troubleshooting RD License Server discovery


This recipe will show you how to troubleshoot the RD License Server discovery.

How to do it...

As of Windows Server 2008 R2, automatic discovery of the RD License Server is no longer supported. To check whether a RD License Server is configured, follow these steps:

  1. Open the Windows registry by navigating to Start | Run | regedit.

  2. Check the content of the following key:

    HKLM\SYSTEM\ControlSet001\services\TermService\Parameters\LicenseServers\SpecifiedLicenseServers
    
  3. If no RD License server is specified, specify the correct server name and retest the RD License Server discovery.

  4. If a RD License server is specified, test whether a connection can be made to the server with Telnet:

    telnet <RDLicenseServer> 135
    

    Note

    If a connection can be made through telnet, a blank screen with a blinking prompt will be shown. Press Ctrl + ] to close the connection and Q to exit the Telnet client.

How it works...

When installing a RD License server, a discovery scope needs to be provided for the server. Previous versions of Windows Server (2000, 2003, and 2008) Terminal Services were able to use a discovery process to automatically find the Terminal Server (TS) License server by checking the Active Directory for specified TS License servers.

This automatic discovery process is no longer supported for the RD Session Host servers running on Windows Server 2008 R2 and later. You are now required to specify a RD License server in the RD Session Host configuration or through Group Policy settings. If errors report that no RD License Server can be found by the RD Session Host, make sure a RD License server is configured through the RD Session Host Configuration console or through Microsoft Group Policy settings. You can check the following registry key for the specified License Server entries:

HKLM\SYSTEM\ControlSet001\services\TermService\Parameters\LicenseServers\SpecifiedLicenseServers

If a RD License Server is specified, make sure the RD Licensing service is running and network connectivity is available between the RD Session Host and the RD License Server. RD Licensing uses Remote Procedure Call (RPC) over TCP port 135 and a dynamically assigned port above 1024. For communication with Microsoft Clearinghouse during activation and the RDS CAL installation process, internet communications over TCP port 443 are required as well.

You can install the Telnet client to check network connectivity on a Windows Server 2008 R2 server by running a command prompt as Administrator and using the following command line:

pkgmgr /iu:"TelnetClient"

This will run the Windows Package Manager and install the Telnet client.

Note

For more information on the port numbers used by Windows services, check Microsoft's Knowledge Base: http://support.microsoft.com/kb/832017 and http://support.microsoft.com/kb/154596.

See also

  • The Configuring the RD License Server recipe

  • The Troubleshooting RD License Issuance recipe

 

Troubleshooting RD License Issuance


This recipe will show you how to troubleshoot problems concerning Remote Desktop Licenses being issued to devices or users trying to set up a RD session.

How to do it...

To troubleshoot RD License Issuance, follow these steps:

  1. Open the Event Viewer by navigating to Start | Run | eventvwr.msc.

  2. For RDS Per Device CALs, navigate to Windows Logs | System.

  3. Search for informational events with ID 82.

  4. For RDS Per User CALs, navigate to Applications and Services Logs | Microsoft | Windows | TerminalServices-Licensing | Admin.

  5. Search for informational events with ID 4143.

  6. If no entries are found, RD licenses are not issued.

    Note

    Check for known events in the table in the next section to find a solution for common RD License server problems.

How it works...

For troubleshooting purposes, a quick list of common RD Licensing error messages and their recommended solutions are provided in the following table:

ID

Error message

Solution

17

One or more RD Licensing certificates on server "%1" are corrupt. RD Licensing will only issue temporary licenses until the server is reactivated.

When a RD Licensing server is activated with the automatic connection method, Microsoft Clearinghouse sends the server a digital certificate chain that validates the ownership and identity of the server. On February 26, 2010, a certificate that was part of this digital certificate chain expired and it is flagged as a corrupt certificate by the RD License server.

A hotfix is available at Microsoft's Knowledge Base: http://support.microsoft.com/kb/983385.

20

The RD license server "%1" does not have a sufficient number of permanent RDS CALs for product "%3". Only "%2" permanent RDS CALs remain.

Buy additional RDS CALs of the right type (User/Device) and install them on the RD license server.

21

The RD license server "%1" does not have any remaining permanent RDS CALs of the type "%2". As a result, the RD license server cannot issue RDS CALs of the type "%2" to the RD Session Host server "%3".

Check the RD licensing mode configured on the RD Session Host server. Make sure it matches the type of RDS CALs installed on the RD license server.

22

The RD license server "%1" does not have any RDS CALs installed and registered with the Microsoft Clearinghouse for product "%2". Therefore, the RD license server cannot issue RDS CALs of the type "%2" to the RD Session Host server "%3".

Buy and install the required RDS CALs.

38

The RD license server cannot issue a RDS CAL to the client because of following error: "%1!s!"

The RD License server installation has become corrupted. Reinstall the RD License server role.

To preserve the issued license information, back up the RD Licensing database folder (%windir%\system32\LServer) before removing the role.

4105

The RD license server cannot update the license attributes for user "%1!s!" in the AD Domain "%2!s!". Ensure that the computer account for the license server is a member of Terminal Server License Servers group in AD domain "%2!s!".

Make sure the RD License server is a member of the Terminal Server License Servers group in AD.

For a RD license server installed on a DC, the Network Service account also needs to be a member of that group. To track or report the usage of RDS Per User CALs, a reboot is required.

Issuance of RDS Per User CALs

Issued RDS Per User CALs are logged in the Event log by Information entries with the Event ID 4143. These will appear in the Applications and Services Logs section under Microsoft | Windows | TerminalServices-Licensing | Admin.

Issuance of RDS Per Device CALs

Issued RDS Per Device CALs are logged in the Event log by Information entries with the Event ID 82 in the Windows Logs under System.

Reissue a RDS Per Device CAL

RD Licensing information concerning RDS Per Device CALs are stored on the client device in the registry:

HKLM\SOFTWARE\Microsoft\MSLicensing.

To remove the Per Device CAL from the client device, you can delete the hardware ID and store subkeys from the registry and reboot the client. The client device will request a new CAL at the next RD session.

Tip

Always create a backup of the registry when editing or deleting keys and values.

When the entire MSLicensing registry key is deleted and needs to be recreated, you will have to run the Remote Desktop connection as an administrator with the corresponding privileges to have sufficient rights to create the corresponding registry keys.

Note

You can provide any user credentials for the RD Session as these are used to log on to the RD Session Host, not to create the registry keys.

There's more...

For a complete overview of Remote Desktop Services Events in Windows Server 2008 R2, check out Microsoft TechNet at http://technet.microsoft.com/en-us/library/ff404148%28v=ws.10%29.aspx.

See also

  • The Configuring the RD License Server recipe

  • The Configuring the RD Session Host recipe

  • The Configuring RDS settings with Microsoft Group Policies recipe

  • The Using the Licensing Diagnosis snap-in for RD Session Hosts recipe

  • The Troubleshooting RD License Issuance recipe

 

Rebuilding the RD License Database


This recipe will show you how to rebuild the RD Licensing database to solve Remote Desktop License server issues.

Getting ready

To automatically rebuild the RD Licensing database, the computer running the RD Licensing Manager needs to have internet access (TCP port 443). The RD License server itself does not require internet access, only the computer running the management console.

Check if your RD License Server is configured for Automatic connection (recommended) through the properties of your RD License Server in the RD License Manager, before you start the rebuilding process.

How to do it...

To automatically rebuild the RD License server, follow these steps:

  1. Open the RD License Manager by navigating to Start | Run | licmgr.

  2. Right-click on RD License Server in the left pane and select Manage Licenses.

  3. Click on Next in the Manage licenses Wizard Welcome screen.

  4. A connection to Microsoft Clearinghouse is set up.

  5. Select Rebuild the license server database in the action select step.

  6. Provide a reason for the rebuild action and click on Next:

  7. Read the warning message.

  8. Select the Confirm deletion of licenses currently installed on this license server checkbox and click on Next.

  9. The RD Licensing database has been deleted.

  10. Click on Next to reinstall the licenses in the reinstalling licenses step.

  11. Select your License program and click on Next:

  12. Fill out the required license information (License Code, Agreement number, and so on), and click on Next.

  13. Your licenses are being reinstalled.

  14. Select Continue if you need to install more licenses and repeat steps 11 to 13.

  15. Select Finish rebuilding the RD License database in the reinstalling additional licenses step and click on Next.

  16. Complete the Manage Licenses Wizard by clicking on Finish.

  17. Select the RD License server in the left pane and check if the installed licenses are shown in the right pane and whether all licenses are available or not.

    Note

    New licenses might not be checked out unless your client device or user has a temporary or expired RDS CAL and a renewal request is made. When a valid CAL is presented to the RD Session Host no request will be made with the RD License Server and no CAL will be checked out.

There's more...

You can read more about rebuilding the RD Licensing Database at Microsoft TechNet: http://technet.microsoft.com/nl-nl/library/ff817600%28v=ws.10%29.aspx.

See also

  • The Configuring the RD License Server recipe

  • The Revoking RDS Device CALs with the RD License Manager recipe

  • The Creating RDS Per User CALs Reports recipe

  • The Recovering your RDS CALs to a new RD License Server recipe

 

Recovering your RDS CALs to a new RD License Server


This recipe will show you how to recover your RDS CALs to a new RD License server when you cannot restore your original server or when you simply need to transfer your licenses to a new RD License server.

Getting ready

In order to automatically rebuild the RD Licensing database, the computer running the RD Licensing Manager needs to have internet access (TCP port 443). The RD License server itself does not require internet access, only the computer running the management console.

Also check if your RD License Server is configured for automatic connection (recommended) through the properties of your RD License Server in the RD License Manager.

How to do it...

To automatically recover your licenses to a new RD License server, follow these steps:

  1. Add the Remote Desktop Licensing server role to the new RD License server.

  2. Open RD License Manager (by navigating to Start | Run | licmgr on the new RD License server).

  3. Activate the new RD License Server without adding any licenses.

  4. Right-click on the RD License Server in the left pane and select Manage RDS CALs.

  5. Click on Next in the Manage RDS CALs Wizard welcome screen.

  6. A connection to Microsoft Clearinghouse is set up.

  7. Select Migrate RDS CALs from another license server to this license server.

  8. Select a reason for migrating and then click on Next:

  9. If you select the The source license server is being replaced option, provide the following information:

    • The source license server name or IP address

    • Whether or not it is still available

    • The operating system

    • The original RD License server ID

  10. If you select the The source license server is no longer functioning option, accept the agreement not to use your source license server as RD License server and agree to manually remove the RDS CALs from your original RD License server.

  11. Click on Next.

  12. Follow steps 11 to 16 from the How to do it… section of the previous recipe to install the RDS CALs.

There's more...

You can read more about recovering (or migrating) RDS CALs at Microsoft TechNet at http://technet.microsoft.com/en-us/library/dd851844.aspx.

See also

  • The Scripting a command-line installation of the RD License Server recipe

  • The Configuring the RD License Server recipe

  • The Rebuilding the RD License Database recipe

About the Author

  • Esther Barthel MSc

    Esther Barthel MSc has been working in different roles and functions as an IT consultant since she finished her Masters degree in Computer Science in 1997. She has worked as a web developer, database administrator, and server administrator until she discovered how Server-Based Computing ( SBC ) combined servers, desktops, and user experience in one solution. She has been specializing in virtualization solutions such as SBC, VDI, application, and server virtualization for over seven years now and currently works as a senior consultant at PepperByte, where she designs and implements Citrix® solutions for both small-business and large-enterprise infrastructures scaling from 100 to 15,000 users.

    Ever since she hosted introduction days for technical female student candidates, Esther has been sharing her passion and knowledge for IT. What started out as small internal meetings to report on the latest technologies is growing from technical blog posts into international presentations at Citrix® User Groups and events like E2EVC. There's no surprise that she has now taken up the challenge to write her first technical book, Citrix® XenApp 6.5 Expert Cookbook, for a well-known publisher, Packt Publishing , offering a selection of recipes (how-to's) that allow experienced Citrix® XenApp® administrators to automate, monitor, troubleshoot, and manage advanced XenApp® infrastructures.

    Esther is a Citrix Certified Professional - Apps and Desktops ( CCP-AD), Citrix Certified Integration Architect ( CCIA), and RES Software Certified Professional ( RCP ).

    You can follow her on social media on her blog (http://www.virtues.it), on Twitter at @virtuEs_IT, or contact her directly through e-mail, [email protected]

    Browse publications by this author
Book Title
Unlock this full book FREE 10 day trial
Start Free Trial