Planning the License Server
A license server is required when Terminal Server is deployed for hosting applications and desktops. A license server stores all Terminal Server client license tokens that have been installed for a terminal server or group of terminal servers. It tracks the license tokens that have been issued by the Microsoft License Clearinghouse (the service that Microsoft maintains to activate license servers and to issue licenses to the license servers that request them). The license server manages client licenses through the terminal server. There is no direct communication between the client and the license server. For more information about Terminal Services licensing and how it works, see Terminal Server Licensing overview in Help and Support Center for Windows Server 2003 and the "Microsoft Windows Server 2003 Terminal Server Licensing" white paper at the Terminal Services link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
If you have a terminal server that is running Windows Server 2003, you must also have a license server that is running Windows Server 2003. You can use a license server that is running Windows Server 2003 to serve license tokens onto the terminal server that is running Windows Server 2003, or you can upgrade an existing license server that is running Windows 2000 to Windows Server 2003. You can set the Prevent License Upgrade Group Policy setting to prevent the license server from handing out Windows Server 2003 CALs to terminal servers that are running Windows 2000.
For Windows Server 2003 you are no longer required to host Terminal Server licensing on a domain controller, but if you do not, you must configure the Terminal Server to discover the license server. For more information, see "Configuring the Preferred License Server" later in this section.
For information about how to transfer licenses from one license server to another, see Repeat the installation of a client access license in Help and Support Center for Windows Server 2003.
A terminal server must be able to connect to an activated license server before license tokens can be issued. To help you with your deployment planning and to give you time to install a license server and add license tokens, there is a 120-day grace period after the first client connects to a terminal server that is running Windows before you must have a license server activated. After this period, if the terminal server does not find an activated license server, clients are denied access. This grace period also ends when the first license token is issued to a client.
You can manage your license servers and Terminal Services license tokens using the Terminal Server Licensing administrative tool. For more information, see Terminal Services administrative tools in Help and Support Center for Windows Server 2003.
When planning your license server requirements, consider your organization’s domain structure in order to choose a license server type and to select a server that is a good candidate for hosting Terminal Server Licensing. If, for example, you are deploying terminal servers for different business units or cost centers within your organization, consider deploying a license server for each Terminal Server deployment rather than a license server to service an entire domain or site. This enables each business unit to manage its own licenses and related costs. You must, however, configure your terminal servers to discover the correct license server in this situation. There is information about configuring a preferred license server later in this section.
Choosing the License Server Type
There are two types of license servers for Windows Server 2003, a domain license server and an enterprise license server. Decide which of the two types of license servers you require.
Domain license server
A domain license server is appropriate for managing Terminal Server users within a domain. Use a domain license server if you have only one domain, or if you want to manage licenses in each of your domains separately. If you have workgroups or Windows NT 4.0 domains, a domain license server is the only type that you can install, and any terminal server within the Windows NT 4.0 domain or workgroup can discover the license server. Terminal servers in a Windows 2000 or Windows Server 2003 domain can discover domain license servers only if they are in the same domain as the license server.
Enterprise license server
An enterprise license server can serve terminal servers in any domain within a site, but the domain must be a Windows Server 2003 or Windows 2000 Active Directory domain. Both the license server and Terminal Server must be within the same site.
This type of license server is appropriate if you manage users across multiple domains within a site, or if you are planning to restructure your domains. Enterprise license servers can be installed only by using Add or Remove Programs, not during Windows Server 2003 Setup. For more information about installing the license server, see "Designing Server Setting Configurations" later in this chapter.
Choosing a License Server Host Server
Servers running Windows Terminal Services can work only with license servers that are running Windows. In Windows Server 2003 domains, you can deploy the enterprise license server on either a domain controller or a member server. You are no longer required to install the license server on a domain controller, as was required in Windows 2000. For information about upgrading your license servers, see "Upgrading to Windows Server 2003 Terminal Server" later in this chapter.
If you plan to deploy a domain license server, and you choose not to deploy your license server on a domain controller, you must directly edit the registry to configure Terminal Server to locate the license server. You must do this even if the license server and the terminal server are the same computer. For more information about this process, see "Configuring the Preferred License Server" later in this section.
Take the following situations into consideration when choosing where to host Terminal Server Licensing:
If you are deploying a license server to serve only one terminal server, consider installing the license server on the same server as Terminal Server. Terminal Server licensing causes negligible network traffic, but placement on the same server as Terminal Server eliminates the need for the server to go over the network to obtain licenses, and Terminal Server users experience no downtime if problems occur on the network.
If you are deploying a license server for a terminal server that is hosting applications for remote clients or for users who access applications over the Internet, place the license server so that it can be accessed easily by the terminal server because there is no direct communication between the client and the license server.
Terminal Services Licensing takes about a megabyte (MB) of disk space to install, and about 10 MB of additional disk space per 1,000 licenses. If you plan to activate the license server and install subsequent license key packs automatically through the Terminal Services Licensing tool, the license server must communicate with the Microsoft License Clearinghouse using Secure Sockets Layer (SSL). SSL is a secure connection; however, as an added security precaution, avoid placing your license server on a server that hosts sensitive data that you would not otherwise want exposed to the Internet. For more information about methods to activate the license server, see Activating a Terminal Server license server in Help and Support Center for Windows Server 2003. For more information about methods for installing subsequent Client Access Licenses, see Install Client Access Licenses in Help and Support Center for Windows Server 2003.
Setting Up Fault Tolerant License Servers
One activated license server can serve many terminal servers and Terminal Server users simultaneously. In large implementations of Terminal Services, you might want to deploy at least two licensing servers for fault tolerance. Terminal Server Licensing is not cluster-aware. However, you can improve fault tolerance for the license server by deploying two license servers per domain.
You can host Per Device and Per User licensing on the same server.
Choose two host servers for licensing and install all licenses on one license server; do not install any licenses on the backup server. The full server functions as the primary license server and can service all license requests. If the primary license server becomes unavailable, the backup license server can issue 90-day temporary license tokens to clients that need them. When the primary license server is back online, it replaces the temporary license tokens the next time the clients connect.
Configuring the Preferred License Server
If you choose not to deploy your license server on a domain controller, you must configure Terminal Services to locate the license server by directly editing the registry. For more information about the Terminal Services license server discovery process for Windows Server 2003, see article 279561, "How to Override the License Server Discovery Process in Windows Server 2003 Terminal Services." To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
Do not edit the registry unless you have no alternative. The registry editor bypasses standard safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. If you must edit the registry, back it up first and see the Windows Server 2003 Resource Kit Registry Reference on the Windows Server 2003 Deployment Kit companion CD, or at http://www.microsoft.com/reskit.
To select a specific license server
On each terminal server, in the Run dialog box, type regedit, and then click OK.
Locate the following path in the registry and select it:
On the Edit menu, point to New, and then click Key to add a subkey named LicenseServers, if one does not already exist.
Select the LicenseServers subkey, and on the Edit menu, point to New, and then click Key and type in the NetBIOS name, fully qualified domain name, or IP address of the appropriate license server to add the new subkey under LicenseServers.
Repeat step 4 for each license server you want the terminal server to discover.
The order of the license servers listed in the registry subkey does not guarantee the order in which the license servers are discovered. If you have more than one implementation of Terminal Server in your organization, you should also configure the license servers themselves to discover only the servers intended to service that implementation by using this procedure.
When Terminal Server discovers a license server, it continues to use that license server until it becomes unavailable. If the licence server is out of licenses, it will forward the request to a license server that has the requested type of license.
If your license servers are not on domain controllers, they will only discover other license servers if their registries are configured for them to do so.
If you are deploying more than one license server to serve separate Terminal Server implementations and if you do not need to keep the licenses allocated to each implementation separate, consider adding the names of all of the license servers in your site or domain to the registry subkey LicenseServers for fault tolerance. However, if you need to keep the licenses allocated to each implementation separate, for example if they are managed by a different administrator or are in different cost centers, you should add to the registry subkey only the name of the license server or servers specific to each terminal server. In this situation, consider deploying two license servers if fault tolerance is a concern.