Re: Trust requirements for TS License Server in a different domain
- From: burgessb <burgessb@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 3 Jun 2008 07:38:01 -0700
A bit more background. Our LS is in forest A and we do not want to move it to
a workgroup. Both domains and TS servers are Server 2003 SP1. I am basing
my decisions on http://support.microsoft.com/?kbid=279561. I'm still looking
for suggestions for the minimum Trust required.
"Vera Noest [MVP]" wrote:
Aaah, now I understand what you mean..
I never thought about the client devices, since they never have any
direct contact with the TS Licensing Server at all. I was only
thinking about the Terminal Server and the TS Licensing Server,
because the only communication is between these two server roles
(in Windows 2003).
And now of course it makes sense to differentiate between 2003 and
2008, since in 2008 there must also be communication between the LS
and a DC (in User licensing mode).
Guess I'd better update my FAQ :=)
Thanks, Ratnesh!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"Ratnesh Yadav [MSFT]" <Ratnesh.Yadav@xxxxxxxxxxxxx> wrote on 31
maj 2008 in microsoft.public.windows.terminal_services:
Sorry about the typos :(
Well actaully i wrote it from the point on view of the client.
Meaning
Per Device: Client is the machine from which user are
connecting. And
that machine is not required to be any trust relationship with
License Server Domain
Per User: Client will be User ID. In that case Domian of
that client
have to be in trust relationship with License Server Domain
Sorry I should have mention that. Thanx Vera for pointing that
out.
Ratnesh
"Vera Noest [MVP]" <vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message
news:Xns9AAF8098AE455veranoesthemutforsse@xxxxxxxxxxxxxxxx
Ratnesh, I don't think that I agree with what you say, but I
might misunderstand what you mean, since there are obvious
typo's in your post. You seem to differentiate between Windows
2003 and Windows 2008, but you've called them both 2008. You
are also mixing up Per User and Per Device TS CALs. Per User TS
CALs are actually never issued in Windows 2003, so there you
have less requirements. Per Device TS CALs *are* issued and
demand a proper trust relationship. You state that this is just
the other way around.
See also:
Can I use a single TS Licensing Server to issue TS CALs to
Terminal Servers in multiple untrusted domains and workgroups?
http://ts.veranoest.net/ts_faq_licensing.htm#LS_untrusted_domain
s _________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"Ratnesh Yadav [MSFT]" <Ratnesh.Yadav@xxxxxxxxxxxxx> wrote on
30 maj 2008 in microsoft.public.windows.terminal_services:
Windows Server 2008 Terminal Servers
- Per User Mode: Yes then you require trust
relationship between
Domain of License Server machine and other domain.
Thing needs to be taken care
(from point of
view of License Server only)
- License Server machine
should be
member of TSLS (Terminal Server license Server) group on each
Domain Controller in the trust.
- Per Device: It will work even with out trust.
Only thing you
need to worry is discoverabilty of Licesne Server
Windows Server 2008 Terminal Servers
- Per User Mode: Tracking is not supported, hence
no need to any
trust just for License Server
- Per Device: It will work even with out trust.
Only thing you
need to worry is discoverabilty of Licesne Server
Above things are from prospetive of License Server only
Ratnesh
"burgessb" <burgessb@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:1B04B1A7-CE9F-4126-B7FD-0910DDCCC564@xxxxxxxxxxxxxxxx
I've located most of the setup information to have terminal
servers in domain
forest B to acquire their TS device CALs from a License
Server in domain forest A (via registry settings, a hotfix,
and forest trust). My question is
what is the minimum forest trust required to enable this? I
would rather not
have the domain B's 'name' appear as an option on the logon
screen on Domain
A's PCs.
one-way, incoming, forest trust for one side of the trust
one-way, incoming, forest trust for both sides of the trust
one-way, outgoing, forest trust for one side of the trust
one-way, outgoing, forest trust for both sides of the trust
two-way, forest trust for one side of the trust
two-way, forest trust for both sides of the trust
- Follow-Ups:
- Re: Trust requirements for TS License Server in a different domain
- From: Vera Noest [MVP]
- Re: Trust requirements for TS License Server in a different domain
- References:
- Re: Trust requirements for TS License Server in a different domain
- From: Vera Noest [MVP]
- Re: Trust requirements for TS License Server in a different domain
- Prev by Date: Sluggish older application after user changes domain password
- Next by Date: Re: Trust requirements for TS License Server in a different domain
- Previous by thread: Re: Trust requirements for TS License Server in a different domain
- Next by thread: Re: Trust requirements for TS License Server in a different domain
- Index(es):
Relevant Pages
|
