Trending Topics

Implement and configure AWS Backup for VMware Cloud on AWS VM workloads

Image
In our previous post we saw the design of the AWS Backup on VMC. In this post we’re going through the implementation steps As per the design and best practice, we are going to use the ENI for the Backup traffic CREATE A VPC ENDPOINT  TO CREATE AN INTERFACE ENDPOINT FOR AN AWS SERVICE 1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc    2. In the navigation pane, choose Endpoints 3. Choose Create endpoint 4. Name the endpoint   5. For Service category, choose AWS services 6. For Service name, search “ Backup ” and select “ backup-gateway ” service from the dropdown 7. For VPC, select the VPC which we used for SDDC deployment and extension 8. To create an interface endpoint for Amazon S3, you must “uncheck” Additional settings, Enable DNS name. This is because Amazon S3 does not support private DNS for interface VPC endpoints 9. For  Subnets , select one subnet per Availability Zone which we used for SDDC VMC selection  10. For Security group , sel

Windows Server 2008 Terminal Server Licensing

Windows Server 2008 Terminal Services will present a whole new set of features and functionality that will most likely be of interest to many. As organizations explore these new technologies, it will be important to understand how Windows Server 2008 terminal server licensing differs from Windows Server 2003 and how Microsoft is making the process of terminal server licensing easier to manage. This two-part series will explore the changes in terminal services licensing in Windows Server 2008, including functional changes and management improvements.
Some highlights of the changes are as follows:
  • Per User CAL allocation is still not enforced – although it can be tracked in Active Directory.
  • Terminal Server CAL revocation for Per-Device CALs
  • Changes to license server discovery
  • New built-in tools to assist in troubleshooting licensing-related issues
  • Interface changes surrounding management and reporting

Installation Process Changes

The first noticeable change in the licensing process is the installation of the terminal server licensing service itself. In Windows Server 2003 and earlier, you would simply install Terminal Server Licensing from the Add/Remove Programs component of Control Panel. However, everything in Windows Server 2008 is role-based. In other words, you install the Terminal Services Licensing role on the server rather than selecting an “optional component” to install.
Another thing that has changed is an additional rights requirement when installing a Domain-scope license server. The administrator performing the installation must have Domain Admin rights because part of the installation now involves adding the license server computer account to the Terminal Server License Servers security group in Active Directory. As with Windows Server 2003, Enterprise Admin rights are still required to install a Forest-scope license server in order to update the same TS-Enterprise-License-Server site object.
As with Windows Server 2003, the following steps are necessary to complete the terminal services licensing process:
  • Install the TS Licensing Role on the server
  • Activate the License Server with the Microsoft Clearinghouse
  • Install per-user and/or per-device CALs on the License Server
  • Configure your terminal servers to discover/use the License Server
To install the TS Licensing Role on a Windows Server 2008 host:
  1. Open Server Manager and select Roles from the hierarchy. On the right side, select Add Roles. This will launch the Add Roles wizard.
  2. From the Select Server Roles screen, check the box next to Terminal Services and click Next.
  3. On the Introduction to Terminal Services screen, click Next.
  4. Select TS Licensing and click Next.
  5. Configure the type of discovery scope that should be used for this License Server, either Domain or Forest. Also, select where the TS Licensing database files should be located.
  6. Click Install to install the role.
As with Windows Server 2003, Server 2008 caches the installation files for most roles so there is no need to supply the installation media when installing any of the Terminal Services Roles.
License Server activation remains unchanged, except for a small terminology change; Windows Server 2003’s Internet (Automatic) activation is now just called Automatic.

License Database Files

Once the installation is complete, you will notice a few differences in the files contained in the LServer directory compared to those from Windows Server 2003. The changes are a result of an updated JET database format, also used with Microsoft Exchange 2007.
Windows Server 2008
Windows Server 2003
 Purpose
edb.chk
edb.chk
 This is a checkpoint file used to determine which transactions in the transaction log (edb.log) must still be committed to the licensing database. This file is updated each time a transaction is committed to disk and is used to quickly recover the integrity of the licensing database if the database was not shut down correctly.
edb.log
edb.log
 Current transaction log for the Terminal Service Licensing database (TLSLic.edb). This file will grow to 5 MB in size, at which time it will be renamed to edbxxxxx.log, starting with edb00001.log and incrementing each time.
edbres00001.jrs
edbres00002.jrs
res1.log
res2.log
 Reserve transaction log files that serve as a drive space placeholder. There are two of these created, typically 5 MB in size, and are only used in the event the drive hosting the transaction logs runs out of space. These files are used to facilitate a clean shutdown of the database.
In Windows Server 2003, these files were simply res1.log and res2.log.
edbtmp.log
---
 This is used as a template transaction log file, which is used when the edb.log file reaches 5 MB in size and is renamed. While edb.log is being renamed, edbtmp.log begins accumulating new transactions, and is then renamed to edb.log once the existing edb.log file has been renamed.
Once edbtmp.log is renamed to edb.log, a new empty edbtmp.log file will be created. There was no Windows Server 2003 equivalent.
TLSLic.edb
TLSLic.edb
 This is the actual Terminal Services Licensing database file.
tmp.edb
tmp.edb
 This is temporary workspace for processing transactions.

CAL Types

Windows Server 2008 License Servers can issue a plethora of Terminal Server license types, including all varieties of Windows Server 2008, Windows Server 2003 and Windows 2000 CALs. However, the only Windows Server 2008 Terminal Server CALs now available are Per-User and Per-Device. Absent is the eluding “External Connector License”, although surely it won’t be missed as it was hardly ever used due to cost.
In total, a Windows Server 2008 License Server can issue 9 different types of Terminal Server CALs:
Operating System
Per-User CAL
Per Device CAL
Internet/External Connector License
Temporary CAL
“Built-In” CAL
Windows Server 2008
X
X
-
X
-
Windows Server 2003
X
X
X
-
-
Windows 2000 Server
-
X
X
-
X
Temporary CALs issued from a license server always match the version of Windows on which the license server runs, so Windows Server 2008 license servers will only issue Windows Server 2008 temporary CALs. The “built-in” CAL still exists and can be issued to clients connecting to a Windows 2000 terminal server.

License Server Discovery Process

The discovery process has not changed much from Windows Server 2003 to 2008. However, the terminology has changed for the discovery mode. Windows Server 2003 offered a choice of three modes - Workgroup, Domain or Enterprise; however Windows Server 2008 now refers to the latter more appropriately as Forest.
Selecting Forest mode adds an entry in the Active Directory site object, just as it did in Windows Server 2003. Since the same location in Active Directory is used, no schema updates are necessary prior to installing a Windows Server 2008 license server.
As for the actual discovery process, nothing has changed:
  • Workgroup mode license servers must be in the same local subnet as the terminal servers to be discovered automatically.
  • Domain mode license server will be discovered automatically provided the license server is installed on a domain controller.
  • Forest mode license servers will always be discovered automatically by terminal servers as an entry for the terminal server is made in the Active Directory site object (just as in Windows Server 2003). Microsoft recommends using Forest mode for most implementations.
  • A license server installed on the same server as the terminal server itself will always be discovered, regardless of mode.

Popular posts from this blog

HOW TO EDIT THE BCD REGISTRY FILE

Image
The BCD registry file controls which operating system installation starts and how long the boot manager waits before starting Windows. Basically, it’s like the Boot.ini file in earlier versions of Windows. If you need to edit it, the easiest way is to use the Startup And Recovery tool from within Vista. Just follow these steps: 1. Click Start. Right-click Computer, and then click Properties. 2. Click Advanced System Settings. 3. On the Advanced tab, under Startup and Recovery, click Settings. 4. Click the Default Operating System list, and edit other startup settings. Then, click OK. Same as Windows XP, right? But you’re probably not here because you couldn’t find that dialog box. You’re probably here because Windows Vista won’t start. In that case, you shouldn’t even worry about editing the BCD. Just run Startup Repair, and let the tool do what it’s supposed to. If you’re an advanced user, like an IT guy, you might want to edit the BCD file yourself. You can do this
Read more

AD LDS – Syncronizing AD LDS with Active Directory

Image
First, we will install the AD LDS Instance: 1. Create and AD LDS instance by clicking Start -> Administrative Tools -> Active Directory Lightweight Directory Services Setup Wizard. The Setup Wizard appears. 2. Click Next . The Setup Options dialog box appears. For the sake of this guide, a unique instance will be the primary focus. I will have a separate post regarding AD LDS replication at some point in the near future. 3. Select A unique instance . 4. Click Next and the Instance Name dialog box appears. The instance name will help you identify and differentiate it from other instances that you may have installed on the same end point. The instance name will be listed in the data directory for the instance as well as in the Add or Remove Programs snap-in. 5. Enter a unique instance name, for example IDG. 6. Click Next to display the Ports configuration dialog box. 7. Leave ports at their default values unless you have conflicts with the default values. 8. Click N
Read more

DNS Scavenging.

                        DNS Scavenging is a great answer to a problem that has been nagging everyone since RFC 2136 came out way back in 1997.  Despite many clever methods of ensuring that clients and DHCP servers that perform dynamic updates clean up after themselves sometimes DNS can get messy.  Remember that old test server that you built two years ago that caught fire before it could be used?  Probably not.  DNS still remembers it though.  There are two big issues with DNS scavenging that seem to come up a lot: "I'm hitting this 'scavenge now' button like a snare drum and nothing is happening.  Why?" or "I woke up this morning, my DNS zones are nearly empty and Active Directory is sitting in a corner rocking back and forth crying.  What happened?" This post should help us figure out when the first issue will happen and completely avoid the second.  We'll go through how scavenging is setup then I'll give you my best practices.  Scavenging s
Read more