Hello,
I'm trying to configure my Windows 2008 servers to get RDS CAL from a license servers located in another domain without any trust relationship (and with impossibility to create them for some reasons). According with several tech notes, it seems possible to distribute RDS CAL in "per device" mode, and in accepting that some functionalities don't work on the TSE servers (like the diagnose features).
I performed several tests and I observed the following behavior when a device tries to connect with RDP client to a Windows Server 2008 R2 in TSE mode for which the license server is in a domain X and whose the type of the requested RDS CAL is "per device":
1. If the TSE server is in a workgroup, the attempt to connect to the license server during the initial setup of the TSE server fails in NTLM, and succeeded in NTLMv1 in anonymous mode.
2. If the TSE server is in a domain Y that is disjoint from the license server and not trusted by the domain X (and reciprocally), the attempt to connect to the license server during the initial setup of the TSE server fails in NTLM. Then nothing happens.
I tried to obtain the same behavior in the second situation, without success for the moment:
a. I checked the "License server security group" restriction on the license server but it is not activated.
b. I tried to activate the NTLM compatibility mode with the registry keys "LMCompatibility" and "LMCompatibilityLevel" but it is not enough.
c. I tried to inactive the restriction on the anonymous connection with the registry keys "restrictanonymous" and "TurnOffAnonymousBlock" but again it is not enough.
Is anyone has a solution or suggestion to solve this issue? Thanks
I'm trying to configure my Windows 2008 servers to get RDS CAL from a license servers located in another domain without any trust relationship (and with impossibility to create them for some reasons). According with several tech notes, it seems possible to distribute RDS CAL in "per device" mode, and in accepting that some functionalities don't work on the TSE servers (like the diagnose features).
I performed several tests and I observed the following behavior when a device tries to connect with RDP client to a Windows Server 2008 R2 in TSE mode for which the license server is in a domain X and whose the type of the requested RDS CAL is "per device":
1. If the TSE server is in a workgroup, the attempt to connect to the license server during the initial setup of the TSE server fails in NTLM, and succeeded in NTLMv1 in anonymous mode.
2. If the TSE server is in a domain Y that is disjoint from the license server and not trusted by the domain X (and reciprocally), the attempt to connect to the license server during the initial setup of the TSE server fails in NTLM. Then nothing happens.
I tried to obtain the same behavior in the second situation, without success for the moment:
a. I checked the "License server security group" restriction on the license server but it is not activated.
b. I tried to activate the NTLM compatibility mode with the registry keys "LMCompatibility" and "LMCompatibilityLevel" but it is not enough.
c. I tried to inactive the restriction on the anonymous connection with the registry keys "restrictanonymous" and "TurnOffAnonymousBlock" but again it is not enough.
Is anyone has a solution or suggestion to solve this issue? Thanks