Solved

Configure Remote Work Place for console RDP sessions in SBS 2008

Posted on 2011-03-10
10
1,227 Views
Last Modified: 2012-05-11
Does anyone know if there is a way to force all RDP sessions created through SBS 2008's Remote Work Place to connect as console sessions?

I've been able to fine tune the RWP RDP Sessions be editing "tsweb.aspx" found at C:\Program Files\Windows Small Business Server\Bin\webapp\Remote\tsweb.aspx

But I don't see where I can add the "mstsc /console" comand to force the console connection when users connect to their desktop PCs from Remote Work Place.

Anyone?
0
Comment
Question by:mojopojo
10 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 35095200
On PC's (not servers) are you sure it doesn't? If a console session is open and the same user logs in with RWW it will take over that same session, which implies to me it is the console session. A different user would be using a different session similar to fast user switching. Are you perhaps wanting to close that other user's session when connecting? If so that can be accomplished with group policy I believe.
0
 
LVL 38

Assisted Solution

by:Philip Elder
Philip Elder earned 125 total points
ID: 35095347
The console switch applies to servers only iirc.

Users do take over their session if they leave the machine locked and log in remotely later on.

When connecting via RWW the RDP session should always behave in this manner.

Philip
0
 
LVL 3

Author Comment

by:mojopojo
ID: 35095450
No, a regular RDP session would act like that as well. If you were to say lock you PC and leave the office, then RDP in (not using Remote Work Place) using the same credentials you would unlock the old session and all of your work would be there as you left it (provided there is no GPO to log you out after a certian period). This is how they worked prior to migrating to SBS 2008. We set up their RDP connections using port-forwarding, but with no console switch.

RWP is creating a term-server session, and it is causing issues with the liscensing of a financial/time keeping software. This is also how I verified that the RWP is creating a term-session.

The aplication TimeSlips uses a liscenses when a user logs on at the console. Then, even when the user logs off it holds that liscense in use. Then when they remote in to that same PC with the smae credentials and open TimeSlips it uses a second liscense and holds that liscense indefinitly as well.

It's sloppy code and a way to force commpanies to purchase 2x the liscenses they require. And the lawyers have gone through it and there is no mention of requiring a seperate liscenses for remote connections in their liscensing agreement. I was told by Sage support that it is a known issue, they blame it on  a function of Windows and said their is no plan to fix it. Their solution was to manualy clear the liscenses each night and each time a user ends a session. That is a heck of a lot of administrator overhead! Each time a user logs off an admin has to log-on to the server and manualy clear a liscenses?!?! WTF?

In the Server Administrative TimeSlips Console you can see the liscenses in use by user name such as:

1. User1
2. Terminal Connection - User1
3. User2
4. User3
5. Terminal Connection - User3

If RWP would create a true conole connection then the users would just take over that session and only use one liscense per user. We've tested it with a direct RDP console connection (not through RWP) and it works - one user on one PC = one liscense

We are not trying to avoid paying liscensing fees. We have purchased more liscenses that we have users along with Sage's Premium Support Package. We simply would like to be able to use the liscenses we have purchased fairly - one per user, remote or at their desktop.

Creating the console session apears to be the only solution, and we were hoping we could force RWP to create the connections as such.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35095617
I suspect something else is at play here. With SBS 2003, and I just tested with SBS 2008, when you login via RWW you take over the existing session completely. Might it have to do with where the licensing information is stored.

Alternatively rather than using RWW have you considered using the TSgateway and RDP sessions. This way you still are using SSL, not port mappings necessary, but you by-pass RWW.
From an earlier post of mine:
SBS 2008 and newer makes use of the TS Gateway service. This allows you to connect directly to a corporate server or PC and bypass RWW altogether, and yet still have the same security as RWW.

To do so the connecting client must have the updated TS/RDP client, version 6.1 or newer, which requires XP SP3, Vista SP1, or Win7/Server 2008. Then start the RDP connection client | click options | advanced | connection settings | and enter the TS gateway address (your SBS server name -probably remote.yourdomain.com). Under the General tab enter the computer name to which you want to connect and user name (domain\user), and save.

Clicking on the saved connection now allows you to connect directly to the corporate PC, still using SSL, and with only a single logon. The first time the connection is used, there are two pop-ups that have to be approved but if you check 'always' they will not be present next time.

This is new to 2008 and a very useful feature, especially for folk that are always connecting to the same server or PC and don't want to have to have to do multiple logins, approve multiple popups, and select a PC.


The following link outlines RWW with SBS 2008 and shows the client connection configuration half way down the page under "TSGateway Integration".
http://blogs.technet.com/b/sbs/archive/2009/06/25/sbs-2008-introduction-to-remote-web-workplace.aspx

0
 
LVL 3

Author Comment

by:mojopojo
ID: 35096205
I've got a few SBS 2008 and Server 2008 boxes out there but have not configured or used TSgateway for any of the RDP connections yet. That's a great thought.

Were going to test it this weekend on the network I posted about. Maintaining the use of SSL was a mandate of this project. Also, a RDP configuration without the configuration overhead of configuraing port-forwarding on a firewall for each user is a beautiful thing. Let's see how this works with the aplication and liscensing in question.

Solve the issue or not, I'm glad to look into using TSGateway.

Thnaks and I'll post the results this weekend or early next week.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 13

Assisted Solution

by:connectex
connectex earned 125 total points
ID: 35096828
RWW or RDP directly will take over an existing console session as long as the same username already logged on. I personally hate this as I've had clients interrupt my console session when they've RDPed into the server. To change this:

1. Open Terminal Services Configuration.
2. On the initial screen double click on Restrict each user to a single session. Checked means console session (if alread logged on). Unchecked will always open another session, unless session limits have been reached).
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 35097191
Let us know how it goes.
I have also in a few cases found poor performance with RWW on 2008 and have not been able to resolve. However I have had no issues with performance at all using TSGateway connections.  The client also seems to like the faster/simpler logon process. On that note, the fist logon from a PC takes a little longer. Subsequent logons are very fast.
0
 
LVL 3

Author Comment

by:mojopojo
ID: 35359600
Sorry I disapeared on this.

Aparently there is no way to "force all RDP sessions created through SBS 2008's Remote Work Place to connect as console sessions".

I know more was discussed, but since that was the topic of this thread I wanted to keep the forum clean.

The only way I know to force a Windows RDP console session is to open the client from the RUN box:

WIn XP/Vista - mstsc /console
Win 7 - mstsc /admin

No one has offered any way to force this through while in RWW in SBS 2008.

There apears to be no resolution.

Thanks for the input and attention to the thread.
0
 
LVL 3

Author Closing Comment

by:mojopojo
ID: 35359608
We were not able to arive at any possible solution to this. This does not mean it is impossible. Only that we were unable to find a viable solution.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35360110
Very curious. Any RWW session I create to a PC, is to the console session. Servers are different.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now