Solved

Need to setup VM with Terminal service

Posted on 2014-04-23
42
448 Views
Last Modified: 2014-05-04
G'day guys,

I need to setup a Windows based system that allows multiple users to RDP in securely to utilise a terribly outdated program called Ostendo.

The client uses this program for their CRM and it does a whole bunch of other things as well. But it has no mobile ready solution and over a VPN it is INCREDIBLY slow.

So my next option is to get them to RDP into a dedicated virtual system that will allow them to utilise the program.

I'm thinking VMware Workstation installed onto SBS 2011 server (Gives redundancy, backup and speed). I've tried it before and even though SBS doesn't like 2 NIC's it worked fine for me and according to google a whole bunch of other people.

Anyway my question really is what software can I install over a Win 7 installation to give Terminal service? I've previously had some experience with AADS Terminal, but they have yet to contact me back. Also someone said Thinstuff which looks ok and even has apps for Android and iOS.

So any thoughts or better ideas are much appreciated.

Thanks

Steven Swarts
TechCare
0
Comment
Question by:sjswarts
  • 18
  • 16
  • 5
  • +2
42 Comments
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40017152
take a look at GraphOn.
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40017983
Firstly, I would strongly suggest against installing any VM software onto the SBS.  It is known to cause problems.

How many users will be connecting to use the software?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40017991
SBS 2008/2010 will not work with 2 NIC''s.  It breaks DHCP, wizards, and some other features.  If it worked for you, you did not have a properly configured SBS.

Having said that though it is not supported and I have not tried it I don't believe VWware server (free) adds a second NIC.  Hyper-V does which is a problem.

Your best option is to install an RDS server which will properly integrate with SBS and Active Directory.  To do so see:
http://blog.lan-tech.ca/2013/04/11/add-2012-rds-server-to-sbs-20082011/

There are other applications like ThinStuff however none of us here on Experts-Exchange understand how they get around the required Microsoft licensing.  You may be in an unsupported and unlicensed state.

Keep in mind many applications will not work on a terminal server because it handles profiles differently.  In order for multiple users to run the application they have to be able to share some common profile information.
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40018053
I believe your best option is to purchase another server, virtualize it with either ESXi or Hyper-V and then create a VM running Wi2K8 or Win2K12 server (depending on with version of Windows Server CALs you have) and enable Remote Desktop Services on it.
0
 

Author Comment

by:sjswarts
ID: 40018936
Thanks for the replies guys.

Only 2 users will be connecting to this VM at this point in time.

But if it is a problem to utilise the existing server I will tell the client that we need another piece of hardware. However they won't be able to purchase another server, unless it is a Hp Micro Proliant or something.

I was look at VMware Workstation. I have tried the before and it worked. I've also had to run the fix network wizard and DHCP are still all running fine. Weird, maybe I just got lucky.

I agree I have legit software I'm not about to put some grey area software over it and lose that.

Steve
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40018998
So long as VMware doesn't add a NIC it should work, though not recommended or supported.  Also SBS has a lot running, be careful not to overload it with multiple VM's.

A micro server will work fine for a handful of users as a TS.
0
 

Author Comment

by:sjswarts
ID: 40019015
Ok question on the double NIC.

I bought a Dell T430 I think it was, it comes with 2 NIC's but there is no issue. How come?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40019023
If you go to the SBS network and sharing center under adapter settings are both NIC's present and enabled?  It is common to have 2 NIC's but one should be disabled there or in the BIOS.

This is a well documented issue, and to date I have seen no exceptions.
If you have 2 enabled NICs and you use the router for DHCP, not the SBS, and you don't use all the wizards, you may not detect problems though there will also be some DNS issues, but they are less obvious.
0
 

Author Comment

by:sjswarts
ID: 40019038
You are right, I finally was able to log into the client I previously had setup VMware Workstation and the adapters were disabled.

So I'm guessing that when you use the wizards in SBS it disables everything but one.

This is just a lesson in not using SBS for future systems or Virtualising SBS.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40019057
SBS doesn't disable the adapter but the wizard will advise to do so.

No concerns about using SBS in the future, it has been discontinued for almost a year and there will be no future versions.  Very disappointing as it was an incredible product.

SBS can however be virtualized without a problem, both on Hyper-V and on VMware, as well as other virtualization options.  (that is SBS can be run as a VM)

The way we have installed all SBS 2011's and most 2008's is using Hyper-V.  The host runs Server standard with Hyper-V and  SBS runs as a virtual machine.  This allows you to add a second virtual server such as a terminal server, in a fully supported and licensed manor.  

SBS 2008 premium came with the licensing to configure as above, as did the SBS premium add-on, though there were other licensing options as well.

If I were in your situation, assuming your server would support it, I would buy a single Server 2012 R2 license.  A single license now provides licensing for a hyper-v host and two virtual 2012 R2 servers.
This would allow you to have server 2012 R2 host running Hyper-v, then virtualize your existing SBS, add a second server 2012 R2 as a TS/RDS server, and still have a spare server 2102 R2  license.   The catch being if you have an OEM SBS license.  OEM licensing is not licensed for virtualization.
0
 

Author Comment

by:sjswarts
ID: 40019063
That does sound like the way to go. However I do have OEM SBS 2011.

Thank you licencing issues.

So it would seem that it was fundamentally flawed to begin with (ignorance on my part?) and now I need to remedy the situation.

So next best option would be a mini-pc with windows 7/8.1 ?? Some software that can run multiple users in RDP sessions?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40019070
You could install Windows 8 which includes Hyper-V and install a terminal server on it, though the licensing cost to buy Server 2012 which would include the host and 2 server VM's would actually be less expensive.  Both options require RDS CAL's and user CAL's though existing SBS users would already have the latter.

Running the ThinSoft service would require the same horse power as a small terminal server and I am not sure how ThinSoft handles a domain environment.

For that matter if it is just 2 users you could just set up 2 PC's with remote desktop access.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 40019681
Rob's suggestions to set up two inexpensive pc's and allow the two remote users to connect via Remote Web Access (RWA) would be the best and cheapest option.  Remember that if you set up a TS/RDS server (regardless of whether it's VMware or HyperV) you still have to buy OS licenses for each VM and you can't use OEM to do that.
0
 

Author Comment

by:sjswarts
ID: 40019728
Ok thanks for the responses guys I think that my cheapest option is to do exactly what you said.

Also thank you for mentioning OEM is not permitted in a Virtual Scenario.

I did receive word from AADS that there product circumvents any legalities caused by Microsoft. I will post what they said up here, maybe one of you guys can respond to it.

Apparently the mobile version of Experts Exchange doesn't allow for attachments.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40019967
Thanks, I would be curious as to their response.  They are a reputable company that has been around for quite a while, but being privy to hundreds of Microsoft licensing seminars, talks, and discussions, I don't know how they license it.  I am not discrediting the company, just don't understand.

Just as a side note:  If considering a Terminal Server do you need office?  That drives the licensing cost up quite a bit as only Volume license versions can be installed and you need a license for each user which run > $500 each.  Using 2 PC's you can even use OEM Office.

Licensing costs are a consideration as Cris mentioned (very ball park pricing):
2 PC = 2 OEM Windows, and 2 OEM Office,  <$1000 (included with PC)  CALs are covered by SBS
2 Workstation VM's = 2 Win7/8 Volume licenses, two Office FPP licenses = $1600
1 TS = 1 Server 2012 R2, 2 volume licenses Office, 2, 2 RDS CAL's = $2200

You can run Libre office on a terminal server as an option and then use Outlook Web Access.
0
 

Author Comment

by:sjswarts
ID: 40026512
Steven,

1.       The current price for a  5 user version is : $249.08 (ExGst)

2: Ostendo can run on terminal services (http://www.ostendo.info/platforms-devices/Network-servers.php).

Any program that can run on a terminal server can run on AADS.

However some companies do have pricing dependant on concurrent users.

3: You need to ensure that Windows is licenced at both ends. Also Microsoft Office needs a licence for each user. However this can be  OEM .

We have a client here who is a senior legal practitioner in a major law firm who had similar questions and supplied his ruling (attached) .

This was before the company was purchased and was called XPU. However the software is the same.

You can also see the issue addressed here:

Regards

Adrian
XPU-Legality-.pdf
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40027039
The attached document to me says multiple users can share a single session.  No mention of multiple sessions, i.e. one for each user, and that has always been the issue. Remote Assistance and Netmeeting both share sessions by default.

One of the reasons I suggest the product t is illegal is there is a hack that allows a second session on XP/Win 7.  I cannot discuss that here as it has been clearly labeled illegal by Microsoft.  So why is a 3rd party allowed to modify the O/S?

As for OEM it is my understanding that no OEM licenses are licensed for virtualization except a few server versions that are sold with a hyper-v host licenses allowing to be installed as host & VM.  OEM licensing is specifically offered to Original Equipment Manufactures to be installed on and sold in conjunction with 1 physical machine by the system builder and cannot be installed on any other device.

I must say I don't fully understand Office 2013 licensing. With any previous version of office they simply would not install on a Terminal Server (newer than 2003)  if it's not a volume license version.  This was a block built-in by Microsoft to enforce licensing.  I have read with Office 2013 on a 2012 TS/RDS server the connecting client  holds the Office license.  If so an OEM version would be acceptable there.  I cannot confirm that at this time.

As mentioned I'm not trying to discredit the vendor, and there is not much point in arguing licensing rights here as there will be no final resolution, but wanted to point out the potential pit falls.  Though audits are not common, they do happen and Microsoft penalties are steep.
0
 

Author Comment

by:sjswarts
ID: 40027060
No drama mate,

I totally appreciate your sentiments over that of a sales person.

Tomorrow I'm going onsite to install 2 workstations and setup them up for RDP as was listed here before.

Just curiously is it a better idea to RDP straight to each workstation or first VPN in and then RDP using in house IP addresses?

Is there a speed difference? I guess it would be safer using the VPN method or not?
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 40027068
RDP is very secure.  The VPN adds some overhead.  
The best and most secure method is join them to the domain and then access through remote web access as suggested by Cris.  This eliminates the need for an RDS CAL and is more secure as it uses SSL and a certificate to verify site authenticity.
0
 

Author Comment

by:sjswarts
ID: 40027114
Oh ok that sounds good.

Is there any white paper or tutorial on how to setup the individual PC for that? Is it in the SBS Connect process where you can add the computer to a specific individual?
0
 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 250 total points
ID: 40027152
If you go to the SBS Console you can assign/restrict  users to computers.   It's not part of the /connect process
Here's a link to a blog post by the SBS Product team on RWA  http://blogs.technet.com/b/sbs/archive/2011/03/10/introduction-to-sbs-2011-remote-web-access-rwa.aspx
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:sjswarts
ID: 40027159
Fantastic thank you guys. I will post back in the next few days with my *hopefully* success stories :)
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 40027161
I was also going to point out that while your legal practitioner may give his opinion concerning Microsoft licensing...the only one that count's in MS.   Of course the interesting thing there is that if you call Microsoft Licensing 3 times, you'll get at least two different answers :-)   So always record the date, time and name of who you speak with at Microsoft Licensing
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40027162
All you need to do is join the domain using the connect wizard  https://connect.
This will configure the PC appropriately.
Then in the properties of the user; SBS management console | Users and groups | Users   you can select to which PC's the user is allowed to connect and allow/deny remote web access permissions.

They then remotely access the server using  https://remote.domain.com   select the PC and login.  There needs to be a certificate installed to work.  Best if a 3rd party certificate, and port 443 forwarded to the server.
RWA outline:
http://blogs.technet.com/b/sbs/archive/2011/03/10/introduction-to-sbs-2011-remote-web-access-rwa.aspx
Certificate install:
http://blog.lan-tech.ca/2012/05/17/sbs-2008-2011-adding-an-ssl-certificate/
0
 

Author Comment

by:sjswarts
ID: 40027164
There definitely should be a thankyou button associated with posts, because all I really want to say is "Thank you"
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40027179
You are very welcome sjswarts.
@Cris, sorry to duplicate regarding RWA, I didn't see your post while typing.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 40027187
No problem Rob...great minds..right? :-)
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40027393
Right!  :-)
0
 

Author Comment

by:sjswarts
ID: 40028641
Ok guys, I have followed all the instructions placed above.

1) I added the computer to the user using SBS Console
2) installed the certificate (my laptop not part of the domain)
3) accessed https://remote.DOMAIN_NAME.com.au
4) I can see all the computers that are available to connect to, but....

Nothing happens when I click on them. It just sits there, if I use IE it will say "run activex control" when I click allow it sits there. In Chrome it just sits there regardless.

Any idea what I might be missing?
0
 

Author Comment

by:sjswarts
ID: 40028650
This is what I find in event viewer under application:

WebHost failed to process a request.
 Sender Information: System.ServiceModel.Activation.HostedHttpRequestAsyncResult/64985922
 Exception: System.ServiceModel.ServiceActivationException: The service '/Remote/BuiltIns/RDP/RemoteDesktopWebService.svc' cannot be activated due to an exception during compilation.  The exception message is: Memory gates checking failed because the free memory (882417664 bytes) is less than 5% of total memory.  As a result, the service will not be available for incoming requests.  To resolve this, either reduce the load on the machine or adjust the value of minFreeMemoryPercentageToActivateService on the serviceHostingEnvironment config element.. ---> System.InsufficientMemoryException: Memory gates checking failed because the free memory (882417664 bytes) is less than 5% of total memory.  As a result, the service will not be available for incoming requests.  To resolve this, either reduce the load on the machine or adjust the value of minFreeMemoryPercentageToActivateService on the serviceHostingEnvironment config element.
   at System.ServiceModel.Activation.ServiceMemoryGates.Check(Int32 minFreeMemoryPercentage, Boolean throwOnLowMemory, UInt64& availableMemoryBytes)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CheckMemoryCloseIdleServices(EventTraceActivity eventTraceActivity)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)
   --- End of inner exception stack trace ---
   at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result)
 Process Name: w3wp
 Process ID: 4416
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40028652
It will only work with IE.  Chrome & Firefox do not support Active-X.
You may need to add it as a safe site in IE under Internet options | Security | Trusted sites and also switch on compatibility mode for this site.  The necessary options vary with browser version/#
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40028654
Just saw your second message.  I have never seen memory as an issue relating to RWA.  Perhaps try the suggestions I recommended and if that fails reboot the machine to free up memory.
0
 

Author Comment

by:sjswarts
ID: 40028656
Rats, I was busily editing my previous post with more information. Now that is all lost.

Anyway according to the error message above, the server doesn't have enough memory free. 32GB I have in total, but in use is 31.2GB.

Somewhere in my previous experience I remember that Exchange(?) consumes free memory to speed things up and releases it as needed.

How do I decrease the buffer size of what Exchange can use? or decrease the amount required to successfully start a RDP connection?

This will have to be a permanent fix, because I will have multiple people accessing it.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40028663
Exchange/SQL should not be a problem, they will use as much free RAM as is available but they will easily give it up for any other application requiring more RAM.  I have never set limits on any SBS.
0
 

Author Comment

by:sjswarts
ID: 40028671
Ok seems like it is a problem with .NET 4.5.1 which I do have installed on the server. *Face*Palm*

Anyway here is an article on it, but I'm not well versed in powershell - http://blogs.technet.com/b/sbs/archive/2014/01/13/troubleshooting-an-unexpected-error-occurred-message-when-using-remote-web-access-to-connect-to-computers.aspx
0
 

Author Comment

by:sjswarts
ID: 40028682
Ok I can confirm that following that blog post actually works. However I did not use PowerShell as someone mentioned but rather I used the copy out of folder, edit and then replace file with the edited file.

Now to test function in a simulated environment.

Thanks for the help :)
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40028689
Interesting I have never seen that error, however you shouldn't need powershell for that edit.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 40028716
Sorry to come back late to the conversation...client visit:-)
RobertPearman is a friend of RobWill's and mine and he loves powershell :-) but as with many things there's more than one way to achieve the same goal.

NET 4.5.1 is not required for SBS 2011.   About the only way you'd get it is if you manually check for updates on the server rather than using the SBS console and WSUS and the number 1 rule with SBS is USE THE CONSOLE.
0
 

Author Comment

by:sjswarts
ID: 40028813
Well interestingly enough I DID use the console to install the update to .NET and I just checked and there is another update available but not deployed. although that says only 4.5 instead of 4.5.1

Could it be some program installed it?

Either way I completely agree use the console. Too many headaches otherwise.

Just to let everyone know I got it sets and working and the client is happy. So cheers to all, I'll attribute points soon.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40028816
Glad to hear it is working.
Cheers from the far side of the pond, Canada.
--Rob
0
 

Author Comment

by:sjswarts
ID: 40041233
Ok g'day guys,

Sorry for the delay wanted to check to see if it would work for awhile without issue.

Anyway all seems to be good now. Although one person is using a Windows XP laptop and that has issues with connecting through initially.

But this was the fix: http://support.microsoft.com/kb/951608

Anyway its all good now, thanks for your support and have a great day.

Till next time

Steven Swarts
TechCare
0
 

Author Closing Comment

by:sjswarts
ID: 40041237
Initial idea was flawed with a lack of understanding in relation to MS Licensing.

SBS products cannot run 2 NIC's without potentially disastrous issues.

However there is a work around using extra hardware and RWA. Which works very well. All be it with more hardware in play and more power consumed.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Remote Desktop Shadowing often has a lot of benefits. When helping end users determine problems, it is much easier to see what is going on, what is being slecected and what is being clicked on. While the industry has many products to help with this,…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now