We’ve been using a linux computer running samba and openldap as our primary domain controller for a windows domain for years. I absolutely love the fact that I don’t have to deal with windows and their crazy licensing. More importantly, this setup makes it easy for me to create accounts to give people access to everything in our shop. This includes windows accounts, linux accounts and website accounts.
Recently, I bought a very big, fast, loaded with ram server for some of our group to use for their very big designs. These are designs that would run overnight to compile or simulate. On this new server, I also put an ssd drive to help performance even more.
Currently, all of our windows computers are running Windows 7, which everyone likes. I thought that this server should probably run a Windows Server OS, so I installed Windows Server 2012 on it. I made my standard changes to the registry to allow it to join our linux PDC.
HLKM\ System\ CurrentControlSet\ Services\ LanmanWorkstation\ Parameters Add two DWORDS with the following values: DomainCompatibilityMode = 1 DNSNameResolutionRequired = 0
Next, open gpedit.msc and change:
Computer Configuration -> Administrative Templates -> System -> User Profiles Set maximum wait time for the network if a user has a roaming profile or remote home directory = 0
Then, you can join our regular domain as usual.
The next part is where I had to play around with a bunch of stuff, but I hope I describe the important parts.
We now need to allow remote connections. Go to Control Panel – System and then Remote Settings. I selected “Allow remote connections to this computer”. And then under “Select Users”, I added DOMAIN\Domain Admins and DOMAIN\Domain Users. At this point, I could use Remote Desktop from another computer and log into this server. Yay! But then Boo! I soon discovered that we were limited to just two users at a time. (And this is when I wanted to punch Bill Gates in the face.) To allow more than two users, you had to buy Remote Desktop CALs for each of the other users and serve them from a license server.
In our case, we had to run the license server on this computer. Normally, people would probably run it on their PDC. But since ours was running linux, that wouldn’t work.
Start Server Manager and click on ‘Add roles and features’. At the installation type, select ‘Role-based or feature-based installation’. (EVERY website says to click on the Remote Desktop Services Installation. However, this requires running something on the domain controller, so it just won’t work.) Select the name of your server, which for us was the only one listed. Go to Remote Desktop Services and select the following:
Remote Desktop Connection Broker Remote Desktop Licensing Remote Desktop Session Host Remote Desktop Virtualization Host
Some other stuff might get selected with this, so accept those as well. I think I had to reboot after this was done, but I don’t exactly remember.
After rebooting, in Control Panel – Administrative Tools – Remote Desktop Services, you should have two links:
RD Licensing Diagnoser Remote Desktop Licensing Manager
If you start the Licensing Manager, you should be able to right-click on your server name and “Install Licenses”. This is where you’ll enter the code for your CALs.
Thanks to this website, I found that the next step needs to be open gpedit.msc and go to:
Computer Configuration \ Administrative Templates \ Windows Components \ Remote Desktop Services \ Remote Desktop Session Host \ Licensing
Enable “Use the specified Remote Desktop license servers” and set the license server name to the NetBIOS name of your server So if your server is usually PHYSICS\ADMIN, you’d put ADMIN in the box. If you put the ip address or fqdn in the box, things won’t work right. Secondly, enable “Set the Remote Desktop licensing mode” to Per User. (You might use Per Device, it’s up to you.) Again, I can’t remember if I had to reboot after these changes or not. Knowing me, I probably did.
Now if you go back to the RD Licensing Diagnoser, you should see the number of CALs that you got as available for clients. I also get a warning about “The RD Licensing Diagnoser tool is running with local account credentials…” Since things work, I’m happy to ignore this.
There were some other changes I made in the Local Group Policy Editor (gpedit.msc) that were just for us.
Computer Configuration \ Administrative Templates \ Windows Components \ Remote Desktop Services \ Remote Desktop Session Host \ Connections
Enabled “Allow users to connect remotely by using Remote Desktop Services”
Enabled “Limit number of connections” to 999999 (unlimited)
Enabled “Restrict Remote Desktop Services users to a single Remote Desktop Services session”
That pretty much does it. Took me the better part of an entire day to get this configured, so I hope it works well for us. It’s good to periodically go through this insanity with Microsoft products. It makes me very happy that I only have to deal with them every few years. I’m definitely much happier in the linux realm.