No announcement yet.

Rolling out a new Terminal Server 2008 environment - Story from the field

  • Filter
  • Time
  • Show
Clear All
new posts

  • Rolling out a new Terminal Server 2008 environment - Story from the field

    Hi all,
    I'm rolling out a new application to my organization via Terminal Services 2008.
    I'm looking for any advice on some of the issues we are encountering and any Tips / Tricks that would be handy.
    I'll do my best to keep this updated as the whole process rolls in to live so everyone can share in my experiences.

    Here's the scenario.
    Windows 2008 32 Bit Enterprise Servers running on VMWare ESX 3.5 servers.
    Virtual 2Gb RAM each dual cpu, 40Gb HDD.
    used becase the app we are deploying has issues on 64bit platforms.
    IBM HS21XM ESX Host hardware with 32Gb RAM and fibre connected to DS4800 SAN.

    All servers homed in AD in their own OU with inheritance blocked and new GPO's applied.
    Loopback processing turned on / replace mode in GPO.
    Same as i've done with Citrix servers in the past.

    User accounts to be set up with Terminal Services profiles since they have never had that done yet. Using Hyena to bulk change TS Profile paths for 2000 users.

    Also have seperate TS Profile Path specified in GPO for users logging in from seperate domain in another region. Just to keep some of their quirky settings from mixing with the local users. To explain / for example. Users in Africa have TS Profile path set to \\FILESVR1\AFRICAPROFILES and users in England have TS Profile path set to \\FILESVR1\ENGLANDPROFILES .

    TS Profile File server in same location as Terminal Servers so no latency issues.

    Terminal Server 2008 Server builds.
    Patched up to the latest Windows patches.
    VMWare tools installed
    Page File set to fixed size - Terminal Licensing Server manually set - Firewall and Auto Updates service disabled for now. Just to keep environment static while testing.
    Tried setting Default Logon Domain name in registry to get around RDC client 6.1 prepend username with domain issue. But from what i've read i'ts not going to work unless everything at the client end is Windows Vista!!! More on this later.
    Set Idle Time out
    Turn off DEP only for Windows processes.
    Set regional settings and copied to Default User profile and System accounts via Regional settings in AD.
    Turned off the ANNOYING Internet Explorer Enhanced security!!!
    Our custom app installed onto the server and then it is cloned to template to allow for multiple builds with the exact same config.
    A must for Terminal Servers hosting an app.

    Any app changes will be made to master template and servers re-imaged from there if needed.

    FARM setup

    Created DNS entry for... "TSFARM" yeah o.k I know NOT very original but it'll pass for now.
    Round robined the TSFARM alias across 4 servers in DNS.
    Built seperate Terminal Server 2008 server with logons disabled to act as the Session Broker and TS Licensing server.
    Added all server computer accounts to the local Session Directory - Terminal Servers - TS Web Access groups on the Session broker server.
    Joined the TSFARM through Terminal Server Config on each TS 2008 App server.

    Tested and... all load balances beautifully
    By Beautifully I MEAN kinda average because its only based on user load and not quite as snazzy as the load evaluators u get in Citrix. But it'll pass for the price difference between the 2.

    Created an RDP file which launches the app off the TS Farm(opted not to use the TS Web Access even though it looks cool! Some users just don't appreciate flashy new gizmos!!!) and deployed via logon script to AD group to the users desktop.
    Not publishing full desktops.
    More a fan of publishing apps than desktops, users do less damage.'
    Suits for this situation because it is only 1 app we are deploying in this project.

    Luckily using M$ Systems Center Config Manager on this site so managed to deploy the RDC 6.1 client to 95% of our desktops in one hit.
    A few late nights avoided there!

    So here we are.
    TS FARM ready to go.
    Hosting about 17 users per server at the moment as its only a small test group.
    Users are training on the system and its going o.k.

    Issues so far.

    1.) Blasted RDC 6.1 client and its necessity to put DOMAIN\Username in the login credentials. Why oh why oh why. Not going to go Vista on my desktops to get the passthrough ability thankyou very much, so living with this one at the moment. Users ticking save password and then only getting prompted when the password changes every 3 months after that.
    Can anyone show me a Windows XP SP2 or 3 PC with RDC6.1 client logging in automatically? Or forcing the domain name without asking for the logon every time i'd be VERY greatful.

    2.) Printers - Oh yes. Why do we have to have printers!!! Haven't tested this yet but our printers map via logon script. SO i'm assuming they will be able to install in the TS Session somehow using some wizzy elevated priveleges? Or I'm going to be up tomorrow night installing all our printer drivers into the gold VMWare template of the 2008 TS Server and having to add them in manually every time Sally in accounts wants to buy a new ink jet printer that will print duplex on A1!!! Haven't started reading about ways to use Universal or enhanced printer drivers in TS2008 yet so again PLEASE let me know if you have done this or have a bright idea.

    3.) Management Tools - I've got stuff all really. What tools do you use to manage your TS 2008 Farm? M$ don't give you much to start with. Why cant they just buy Citrix and be done with it! I mean REALLY!

    4.) Profile Management - No tools here yet either. I need to get my Group Policy set clean so it does things like delete cache copies of roaming profiles - turn off screen savers - legal notice caption text. Gives the users a solid environment to work in. Anyone got some GPO templates for their TS or Citrix servers they'd like to share?


    That's it for now.
    Questions - Suggestions all welcome