Need to setup VM with Terminal service

take a look at GraphOn.

Firstly, I would strongly suggest against installing any VM software onto the SBS.  It is known to cause problems.

How many users will be connecting to use the software?

SBS 2008/2010 will not work with 2 NIC''s.  It breaks DHCP, wizards, and some other features.  If it worked for you, you did not have a properly configured SBS.

Having said that though it is not supported and I have not tried it I don't believe VWware server (free) adds a second NIC.  Hyper-V does which is a problem.

Your best option is to install an RDS server which will properly integrate with SBS and Active Directory.  To do so see:
http://blog.lan-tech.ca/2013/04/11/add-2012-rds-server-to-sbs-20082011/

There are other applications like ThinStuff however none of us here on Experts-Exchange understand how they get around the required Microsoft licensing.  You may be in an unsupported and unlicensed state.

Keep in mind many applications will not work on a terminal server because it handles profiles differently.  In order for multiple users to run the application they have to be able to share some common profile information.

I believe your best option is to purchase another server, virtualize it with either ESXi or Hyper-V and then create a VM running Wi2K8 or Win2K12 server (depending on with version of Windows Server CALs you have) and enable Remote Desktop Services on it.

Thanks for the replies guys.

Only 2 users will be connecting to this VM at this point in time.

But if it is a problem to utilise the existing server I will tell the client that we need another piece of hardware. However they won't be able to purchase another server, unless it is a Hp Micro Proliant or something.

I was look at VMware Workstation. I have tried the before and it worked. I've also had to run the fix network wizard and DHCP are still all running fine. Weird, maybe I just got lucky.

I agree I have legit software I'm not about to put some grey area software over it and lose that.

Steve

So long as VMware doesn't add a NIC it should work, though not recommended or supported.  Also SBS has a lot running, be careful not to overload it with multiple VM's.

A micro server will work fine for a handful of users as a TS.

Ok question on the double NIC.

I bought a Dell T430 I think it was, it comes with 2 NIC's but there is no issue. How come?

If you go to the SBS network and sharing center under adapter settings are both NIC's present and enabled?  It is common to have 2 NIC's but one should be disabled there or in the BIOS.

This is a well documented issue, and to date I have seen no exceptions.
If you have 2 enabled NICs and you use the router for DHCP, not the SBS, and you don't use all the wizards, you may not detect problems though there will also be some DNS issues, but they are less obvious.

You are right, I finally was able to log into the client I previously had setup VMware Workstation and the adapters were disabled.

So I'm guessing that when you use the wizards in SBS it disables everything but one.

This is just a lesson in not using SBS for future systems or Virtualising SBS.

SBS doesn't disable the adapter but the wizard will advise to do so.

No concerns about using SBS in the future, it has been discontinued for almost a year and there will be no future versions.  Very disappointing as it was an incredible product.

SBS can however be virtualized without a problem, both on Hyper-V and on VMware, as well as other virtualization options.  (that is SBS can be run as a VM)

The way we have installed all SBS 2011's and most 2008's is using Hyper-V.  The host runs Server standard with Hyper-V and  SBS runs as a virtual machine.  This allows you to add a second virtual server such as a terminal server, in a fully supported and licensed manor.  

SBS 2008 premium came with the licensing to configure as above, as did the SBS premium add-on, though there were other licensing options as well.

If I were in your situation, assuming your server would support it, I would buy a single Server 2012 R2 license.  A single license now provides licensing for a hyper-v host and two virtual 2012 R2 servers.
This would allow you to have server 2012 R2 host running Hyper-v, then virtualize your existing SBS, add a second server 2012 R2 as a TS/RDS server, and still have a spare server 2102 R2  license.   The catch being if you have an OEM SBS license.  OEM licensing is not licensed for virtualization.

That does sound like the way to go. However I do have OEM SBS 2011.

Thank you licencing issues.

So it would seem that it was fundamentally flawed to begin with (ignorance on my part?) and now I need to remedy the situation.

So next best option would be a mini-pc with windows 7/8.1 ?? Some software that can run multiple users in RDP sessions?

You could install Windows 8 which includes Hyper-V and install a terminal server on it, though the licensing cost to buy Server 2012 which would include the host and 2 server VM's would actually be less expensive.  Both options require RDS CAL's and user CAL's though existing SBS users would already have the latter.

Running the ThinSoft service would require the same horse power as a small terminal server and I am not sure how ThinSoft handles a domain environment.

For that matter if it is just 2 users you could just set up 2 PC's with remote desktop access.

Rob's suggestions to set up two inexpensive pc's and allow the two remote users to connect via Remote Web Access (RWA) would be the best and cheapest option.  Remember that if you set up a TS/RDS server (regardless of whether it's VMware or HyperV) you still have to buy OS licenses for each VM and you can't use OEM to do that.

Ok thanks for the responses guys I think that my cheapest option is to do exactly what you said.

Also thank you for mentioning OEM is not permitted in a Virtual Scenario.

I did receive word from AADS that there product circumvents any legalities caused by Microsoft. I will post what they said up here, maybe one of you guys can respond to it.

Apparently the mobile version of Experts Exchange doesn't allow for attachments.

Thanks, I would be curious as to their response.  They are a reputable company that has been around for quite a while, but being privy to hundreds of Microsoft licensing seminars, talks, and discussions, I don't know how they license it.  I am not discrediting the company, just don't understand.

Just as a side note:  If considering a Terminal Server do you need office?  That drives the licensing cost up quite a bit as only Volume license versions can be installed and you need a license for each user which run > $500 each.  Using 2 PC's you can even use OEM Office.

Licensing costs are a consideration as Cris mentioned (very ball park pricing):
2 PC = 2 OEM Windows, and 2 OEM Office,  <$1000 (included with PC)  CALs are covered by SBS
2 Workstation VM's = 2 Win7/8 Volume licenses, two Office FPP licenses = $1600
1 TS = 1 Server 2012 R2, 2 volume licenses Office, 2, 2 RDS CAL's = $2200

You can run Libre office on a terminal server as an option and then use Outlook Web Access.

Steven,

1.       The current price for a  5 user version is : $249.08 (ExGst)

2: Ostendo can run on terminal services (http://www.ostendo.info/platforms-devices/Network-servers.php).

Any program that can run on a terminal server can run on AADS.

However some companies do have pricing dependant on concurrent users.

3: You need to ensure that Windows is licenced at both ends. Also Microsoft Office needs a licence for each user. However this can be  OEM .

We have a client here who is a senior legal practitioner in a major law firm who had similar questions and supplied his ruling (attached) .

This was before the company was purchased and was called XPU. However the software is the same.

You can also see the issue addressed here:

Regards

Adrian
XPU-Legality-.pdf

The attached document to me says multiple users can share a single session.  No mention of multiple sessions, i.e. one for each user, and that has always been the issue. Remote Assistance and Netmeeting both share sessions by default.

One of the reasons I suggest the product t is illegal is there is a hack that allows a second session on XP/Win 7.  I cannot discuss that here as it has been clearly labeled illegal by Microsoft.  So why is a 3rd party allowed to modify the O/S?

As for OEM it is my understanding that no OEM licenses are licensed for virtualization except a few server versions that are sold with a hyper-v host licenses allowing to be installed as host & VM.  OEM licensing is specifically offered to Original Equipment Manufactures to be installed on and sold in conjunction with 1 physical machine by the system builder and cannot be installed on any other device.

I must say I don't fully understand Office 2013 licensing. With any previous version of office they simply would not install on a Terminal Server (newer than 2003)  if it's not a volume license version.  This was a block built-in by Microsoft to enforce licensing.  I have read with Office 2013 on a 2012 TS/RDS server the connecting client  holds the Office license.  If so an OEM version would be acceptable there.  I cannot confirm that at this time.

As mentioned I'm not trying to discredit the vendor, and there is not much point in arguing licensing rights here as there will be no final resolution, but wanted to point out the potential pit falls.  Though audits are not common, they do happen and Microsoft penalties are steep.

No drama mate,

I totally appreciate your sentiments over that of a sales person.

Tomorrow I'm going onsite to install 2 workstations and setup them up for RDP as was listed here before.

Just curiously is it a better idea to RDP straight to each workstation or first VPN in and then RDP using in house IP addresses?

Is there a speed difference? I guess it would be safer using the VPN method or not?

Oh ok that sounds good.

Is there any white paper or tutorial on how to setup the individual PC for that? Is it in the SBS Connect process where you can add the computer to a specific individual?

Fantastic thank you guys. I will post back in the next few days with my *hopefully* success stories :)

I was also going to point out that while your legal practitioner may give his opinion concerning Microsoft licensing...the only one that count's in MS.   Of course the interesting thing there is that if you call Microsoft Licensing 3 times, you'll get at least two different answers :-)   So always record the date, time and name of who you speak with at Microsoft Licensing

All you need to do is join the domain using the connect wizard  https://connect.
This will configure the PC appropriately.
Then in the properties of the user; SBS management console | Users and groups | Users   you can select to which PC's the user is allowed to connect and allow/deny remote web access permissions.

They then remotely access the server using  https://remote.domain.com   select the PC and login.  There needs to be a certificate installed to work.  Best if a 3rd party certificate, and port 443 forwarded to the server.
RWA outline:
http://blogs.technet.com/b/sbs/archive/2011/03/10/introduction-to-sbs-2011-remote-web-access-rwa.aspx
Certificate install:
http://blog.lan-tech.ca/2012/05/17/sbs-2008-2011-adding-an-ssl-certificate/

There definitely should be a thankyou button associated with posts, because all I really want to say is "Thank you"

You are very welcome sjswarts.
@Cris, sorry to duplicate regarding RWA, I didn't see your post while typing.

No problem Rob...great minds..right? :-)

Right!  :-)

Ok guys, I have followed all the instructions placed above.

1) I added the computer to the user using SBS Console
2) installed the certificate (my laptop not part of the domain)
3) accessed https://remote.DOMAIN_NAME.com.au 
4) I can see all the computers that are available to connect to, but....

Nothing happens when I click on them. It just sits there, if I use IE it will say "run activex control" when I click allow it sits there. In Chrome it just sits there regardless.

Any idea what I might be missing?

This is what I find in event viewer under application:

WebHost failed to process a request.
 Sender Information: System.ServiceModel.Activation.HostedHttpRequestAsyncResult/64985922
 Exception: System.ServiceModel.ServiceActivationException: The service '/Remote/BuiltIns/RDP/RemoteDesktopWebService.svc' cannot be activated due to an exception during compilation.  The exception message is: Memory gates checking failed because the free memory (882417664 bytes) is less than 5% of total memory.  As a result, the service will not be available for incoming requests.  To resolve this, either reduce the load on the machine or adjust the value of minFreeMemoryPercentageToActivateService on the serviceHostingEnvironment config element.. ---> System.InsufficientMemoryException: Memory gates checking failed because the free memory (882417664 bytes) is less than 5% of total memory.  As a result, the service will not be available for incoming requests.  To resolve this, either reduce the load on the machine or adjust the value of minFreeMemoryPercentageToActivateService on the serviceHostingEnvironment config element.
   at System.ServiceModel.Activation.ServiceMemoryGates.Check(Int32 minFreeMemoryPercentage, Boolean throwOnLowMemory, UInt64& availableMemoryBytes)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CheckMemoryCloseIdleServices(EventTraceActivity eventTraceActivity)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)
   --- End of inner exception stack trace ---
   at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result)
 Process Name: w3wp
 Process ID: 4416

It will only work with IE.  Chrome & Firefox do not support Active-X.
You may need to add it as a safe site in IE under Internet options | Security | Trusted sites and also switch on compatibility mode for this site.  The necessary options vary with browser version/#

Just saw your second message.  I have never seen memory as an issue relating to RWA.  Perhaps try the suggestions I recommended and if that fails reboot the machine to free up memory.

Rats, I was busily editing my previous post with more information. Now that is all lost.

Anyway according to the error message above, the server doesn't have enough memory free. 32GB I have in total, but in use is 31.2GB.

Somewhere in my previous experience I remember that Exchange(?) consumes free memory to speed things up and releases it as needed.

How do I decrease the buffer size of what Exchange can use? or decrease the amount required to successfully start a RDP connection?

This will have to be a permanent fix, because I will have multiple people accessing it.

Exchange/SQL should not be a problem, they will use as much free RAM as is available but they will easily give it up for any other application requiring more RAM.  I have never set limits on any SBS.

Ok seems like it is a problem with .NET 4.5.1 which I do have installed on the server. *Face*Palm*

Anyway here is an article on it, but I'm not well versed in powershell - http://blogs.technet.com/b/sbs/archive/2014/01/13/troubleshooting-an-unexpected-error-occurred-message-when-using-remote-web-access-to-connect-to-computers.aspx

Ok I can confirm that following that blog post actually works. However I did not use PowerShell as someone mentioned but rather I used the copy out of folder, edit and then replace file with the edited file.

Now to test function in a simulated environment.

Thanks for the help :)

Interesting I have never seen that error, however you shouldn't need powershell for that edit.

Sorry to come back late to the conversation...client visit:-)
RobertPearman is a friend of RobWill's and mine and he loves powershell :-) but as with many things there's more than one way to achieve the same goal.

NET 4.5.1 is not required for SBS 2011.   About the only way you'd get it is if you manually check for updates on the server rather than using the SBS console and WSUS and the number 1 rule with SBS is USE THE CONSOLE.

Well interestingly enough I DID use the console to install the update to .NET and I just checked and there is another update available but not deployed. although that says only 4.5 instead of 4.5.1

Could it be some program installed it?

Either way I completely agree use the console. Too many headaches otherwise.

Just to let everyone know I got it sets and working and the client is happy. So cheers to all, I'll attribute points soon.

Glad to hear it is working.
Cheers from the far side of the pond, Canada.
--Rob

Ok g'day guys,

Sorry for the delay wanted to check to see if it would work for awhile without issue.

Anyway all seems to be good now. Although one person is using a Windows XP laptop and that has issues with connecting through initially.

But this was the fix: http://support.microsoft.com/kb/951608

Anyway its all good now, thanks for your support and have a great day.

Till next time

Steven Swarts
TechCare

Initial idea was flawed with a lack of understanding in relation to MS Licensing.

SBS products cannot run 2 NIC's without potentially disastrous issues.

However there is a work around using extra hardware and RWA. Which works very well. All be it with more hardware in play and more power consumed.