How to programmatically determine the work under the terminal server. Dedicated connection port

480 auto

Today, most people know that you can connect to a computer remotely, over a network, and, first of all, over the Internet. Actually, when visiting a website, we also remotely connect to the computer on which this site is located. But in this article we will talk about terminal access. About one in which the user sees the "screen" of a remote computer.

As you know, development goes in a spiral. Computers are also developing along it. When there were no personal computers, computer centers were one big computer, filled with large cabinets of processors, RAM, and storage devices. Users got access to such a computer only through a physical terminal, which, in fact, included only a screen, a keyboard, and some kind of network card.

When they appeared and began to develop rapidly personal computers, it became possible to use more and more powerful programs offline. It's comfortable specific user, but often not rational for the organization as a whole.

Software, especially application software, is becoming not only more powerful and functional, but also more expensive. When it is installed on personal computers, it is licensed by the number of workstations. However, not all of them use licensed software every day or full time. An employee may fall ill or go on vacation. Total number workers may change over time. At the same time, as a rule, there is no possibility to refuse extra licenses.

Over time, when the power of computers increased again, the idea arose to install application software not on individual computers users, but on the server and work with it in terminal mode.

Installing software on a server allows you to optimize the number and type of licenses required.

In the case of a terminal-server installation, the following licensing models are encountered:

1. by the number of jobs (devices);
2. by the number of users;
3. by the number of connections.

The second and third options are preferred because they allow the most flexibility in using the licensed application.

For example, if a company has 100 employees who may need an application, but actually have no more than 50 employees using it at the same time, you can purchase fewer licenses.

The first option differs little from licensing individual working computers, but it can also be quite attractive in terms of price, since the cost of a license is based on a separate workplace for a server installation of an application, it is often lower than the cost of an individual license.

With the advent and development of technology virtual computers and computer clouds it became possible to place a terminal server in the cloud.

This allows:

• use virtual infrastructure, which in many respects is more efficient than the "iron" one;
• if necessary, change the computing power of the server (increase or decrease the number of processor cores, size random access memory and disk space);
• provide access to corporate software from anywhere where there is Internet;
• save licenses (if you rent virtual server pre-installed application software).

In conclusion, it should be noted that the possibility of organizing terminal access available as for servers with an operating system

Updated: 01/25/2019 Published: 19.09.2017

The instruction is divided into 6 steps. The first 3 represent standard actions to configure the terminal server. The rest are professional advice to help you build a reliable and professional terminal server infrastructure.

Used as operating system Windows Server 2012 R2 / 2016.

Step 1. Choosing equipment and preparing the server for work

Equipment selection

Choosing equipment for of this type servers, it is necessary to rely on the requirements of applications that will be launched by users and the number of latter. For example, if a terminal server is installed for the 1C program, and the number of simultaneously working employees is 20, we get following characteristics(approximately):

1. Processor from Xeon E5.
2. At least 28 GB of memory (1 GB for each user + 4 for the operating system + 4 headroom - this is a little less than 20%).
3. It is better to build a disk system on the basis SAS drives. The volume must be taken into account individually, as it depends on the nature of the tasks and methods for their solution.

Server preparation

Before you start installing the operating system, do the following:

1. Set up a fault-tolerant RAID array (levels 1, 5, 6, or 10, or combinations thereof). This setting performed in the controller's built-in utility. To launch it, follow the prompts on the screen while the server is loading.
2. Connect the server to the source uninterruptible power supply(UPS). Check that it works. Turn off the power to the UPS and make sure the server is still running.

Step 2: Installing Windows Server and Basic System Setup

System installation

During the installation of the system, it is important to consider only one nuance - disk system should be split into two logical partitions. The first (small, 70 - 120 GB) allocate for system files, the second one is for user data.

There are two main reasons for this:

1. A small system disk is faster and faster to maintain (check, defragment, antivirus scan, and so on)
2. Users should not be able to store their information on system partition. Otherwise, the disk may become full and, as a result, slow and unstable work server.

Basic Windows Server Setup

• Check if the time and time zone settings are correct;
• Set a friendly name for the server and, if necessary, enter it in the domain ;
• If the server is not connected directly to the Internet, turn off the firewall;
• For remote administration, enable remote desktop;
• Install all system updates.

Step 3. Installing and configuring a terminal server

System preparation

Starting with Windows 2012, the terminal server must run in an Active Directory environment.

If your IT environment has a domain controller, simply attach our server to it. Otherwise, install the controller role on our server.

Installing the role and features

In the quick launch panel, open Server Manager:

click Control- Add roles and features:

In the Select Server Roles window, select Remote Desktop Services:

• Remote Desktop Licensing
• Remote Desktop Session Host

* when prompted to install additional components, we agree.

If necessary, also set the remaining checkboxes:

• Web access - the ability to select terminal applications in the browser
• Connection broker - for a terminal server cluster, the broker controls the load of each node and distributes it.
• Virtualization host - to virtualize applications and run them through the terminal.
• Gateway - A central server for connection authentication and traffic encryption. Allows you to configure RDP inside HTTPS.

Installing Remote Desktop Services

After reboot open Server Manager and press Control- Add roles and features:

In the "Select installation type" window, select Installing Remote Desktop Services and press Further:

In the Select Deployment Type window, select Quick launch and press Further:

In "Select Deployment Scenario" − Session based desktop deployment — Further:

Configuring Remote Desktop Licensing

For correct operation server, you need to configure the licensing service. To do this, open the server manager and click on Facilities - Terminal Services - :

Activate server:

Open Server Manager again and go to Remote Desktop Services:

In the "Deployment Overview" click on Tasks - Edit Deployment Properties:

In the window that opens, go to Licensing- Select the type of licenses - prescribe the name of the license server (in this case local server) and make money Add:

Apply settings by clicking OK.

Adding licenses

Open Server Manager and click on Facilities - Terminal Services - Remote Desktop Licensing Manager:

In the window that opens, click right click mouse over our server and select Install licenses:

In the window that opens, click Further- select the program for which the licenses were purchased, for example, Enterprise Agreement - Further- enter the agreement number and license data - select the product version, license type and quantity - Further - Ready.

You can check the licensing status in Server Manager: Facilities - Terminal Services - Remote Desktop Licensing Diagnostic Tool.

Step 4. Terminal Server Tuning

Session limit

By default, remote desktop users can be logged in at active state no limit. This may result in freezes or problems when reconnection. For solutions possible problems set limits on terminal sessions.

For some server Windows roles(in particular, terminal) there is a database of successful configurations. Adhering to the advice of this database, you can increase the reliability and stability of the system.

For a Remote Desktop Server, you generally need to follow these guidelines:

1. The Srv.sys file must be configured to run on demand.

sc config srv start= demand

2. Creation of short file names should be disabled.

AT command line on behalf of the administrator enter:

fsutil 8dot3name set 1

Shadow copies

If storage is intended valuable information on the terminal server, you should configure the ability to restore previous versions files.

Step 5: Set up maintenance tools

The main tools that help to fully maintain the server are monitoring and backup.

Backup

For a terminal server, all user working directories must be backed up. If the server itself is organized general directory for exchange and storage important information, copy it too. The best solution there will be daily copying of new data, and with a certain frequency (for example, once a month), the creation of a complete archive.

Monitoring

Worth monitoring:

1. Network availability of the server;
2. Free disk space.

Step 6. Testing

Testing consists of 3 main steps:

1. Verify Windows logs and make sure there are no errors. If they are found, all problems must be eliminated.
2. Run the Best Practices Analyzer steps.
3. Conduct a live test of the service from the user's computer.

Dedicated connection port

By default, port 3389 is used to connect to the terminal server via RDP. If you want the server to listen on a different port, open the registry and go to the branch:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Finding the key PortNumber and give it a value in decimal notation equal to desired number port:

You can also use the command:

reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 3388 /f

* where 3388 — port number on which the terminal server will receive requests.

So! After installing Windows, go to Administrator. If everything is done correctly, we will see the "Manage Your Server" window and no (!) activation messages.

Adding the "Terminal Server" Role

The list of "roles" (now it's called that ;-) of our server is empty. Add a role to our server. The computer simulates searching for something there by local network, and invites us to choose: m / y the role that we need in HIS opinion and the one that is needed in YOUR opinion. Since we no longer believe in an artificial mind and other fairy tales, and our opinion is somehow dearer to us, we choose: Custom.

In the list of roles that appears, select Terminal Server, and click Next. Click Next again, and after OK - confirming our readiness to reboot the computer.

After the reboot, we go under the Administrator, and we say the installation of the terminal server Finish. Now: in the window Managing your computer there is a role: Terminal Server. Although it says below that: "Since the terminal license server was not found, the terminal server will issue temporary connection licenses, each of which will expire after 120 days."

This situation does not suit us in any way, for this reason we are installing a terminal license server. To do this, go to Start → Control Panel → Add or Remove Programs → Windows Components. Put a tick next to point Terminal Server Licensing. We press Next. After finish.

Terminal Server activation:

Now we have a terminal license server installed. But it still needs to be activated!.

If there is a corporate proxy, you need to register it in Control Panel → Settings.

Go to Administration → Terminal Server Licensing. We see that the server found on our computer is in the Not activated state.

We right-click, we say Activate server. Select the connection type Automatic. We enter our personal data (name, organization, surname, country - strictly those that were entered during Windows installation). I left the next page (E-Mail, address) blank. We press Next, and we wait.

Activation must be successful. It is not clear what meaning Microsoft put into this activation? What is it for except for collecting statistics? After successful activation, you will be prompted to add licenses. We continue.

The Client Access License (CAL) Activation Wizard will start, which will first get into Microsoft again. After that it will ask the type of license you want to install. I chose the Enterprise Agreement, and the next step was to ask for the magic number.

Now you need to specify the product - Windows Server. License type - per Device. The license installed perfectly. Close the Terminal Server Licensing window.

Setting up the server

From the Administration folder we pull out the shortcuts Computer Management and Terminal Server Manager to the desktop. It's not necessary, but it's much more convenient.

We go into Computer Management, create a group / user groups 1s.

To do this, go to Administration → Terminal Services Configuration. AT Server settings Setting remove the restriction "Restrict each user to one session". In the Connections list, select connections and configure their Properties:

Client Settings tab:

We replace the user settings for disks and printers with our own:

• connect everything (that is, the top checkbox must be unchecked, and the next 3 must be active and installed);
• Limit color depth to 16 bits;
• Forbid forwarding of LPT, COM, Audio ports.

Permissions tab:

• We add the created user groups 1c and set their rights: Guest Access + User Access, I set it to full.

Close Terminal Services Configuration. Next we do the following:

• We go to My computer.
• We say Propetries on drive C:
• Go to the Security tab
• We're talking advanced...
• We remove the rights that allow the Users group to create folders and files.

Go to Control Panel → System. "Automatic update" tab. Disable everything automatic update completely.

Go to Administration → Local Security Settings → Account Policies → Password Policy. Set "Maximum password age" = 0 - it's more convenient.

We go into Computer Management, add ourselves as a user.
Let's not forget:

• Password never expires
• Add yourself to user groups 1s.
• Uncheck "Require user`s permission" on the "Remote control" tab

Connecting to the server:

We are trying to connect from another computer to the terminal server. To do this, we need to install a client on the computer. XP already has a similar client: "Start → Utilities → Accessories → Communication → Remote control desktop."
Although, even on XP it is worth reinstalling: the client as part of Win2003 Server will still be newer.

The client is located in the folder: C:\WINDA\SYSTEM32\CLIENTS\TSCLIENT. it supports installation on Windows 98 as well. Install it on all machines from which you want to work on the terminal server.

After starting the client, click the "Options" button. For 1s users, the following settings should be applied:

General tab:

• fill in the fields computer, username, password
• domain (if network with domains - domain name, if without domain names - server name)

Windows Terminal Server Connection Client window

Screen tab:

• desktop - full screen;
  color palette - 16 bits.

Tab "Local resources":

sound - do not play;
keys - only in full screen mode;
automatically connect to disks and printers - As you wish.

Tab "Advanced":

• speed - modem 28.8 - must remain 1 checkmark - graphics caching.

Now these settings can be saved to a file with the RDP extension. Pay attention to the "Save password" checkbox on the "General" tab. For operating systems Win2000 and WINXP this checkbox is available. For others, no. Unfortunately, Win9x users do not have the ability to save the password in an RDP file - for this reason, configure your Win9x users that, except for the password for 1s, they will need to type the password on Windows.

How to deal with this password is up to you. It is possible to assign 1 password to everyone, it is possible to generate own password for any user. Although, it is extremely better for you to know the password of any user - it will come in handy for remote joining and administering sessions.

After setting up the connection properly, make sure it works, and if you want, save it to an RDP file (perhaps directly to your desktop).

Software installation:

From personal experience I can say that it is worth installing as little software on the server as possible. It is better to install only the most necessary, since the speed of working with the server depends on the number of programs and the load.

I would limit myself to installing the following software on the server:

• Total Commander;
• WINRAR;
• XPRUS;
• Software for helping the database (for example MUSCUL).

All the software was installed correctly - that is, through the Control Panel. From Office I installed only Word, Excel and Access. Disabled things like Binder and Panel_Office.

After that, it remains to go to "C:\Documents and Settings\Administrator" and "C:\Documents and Settings\All users" and correct the contents of the folders

• \Start men;
• \Start menu\Programs;
• \Start menu\Programs\Startup;
• \Deskto.

for extra labels.

http://bazzinga.org/js/tiny_mce/themes/advanced/skins/default/img/items.gif); background-position: 0px 0px; "> Install 1c: Enterprise:

We install 1s as always by running the installation.

Create a folder to store future databases. It contains subfolders for the corresponding user groups, into which we transfer from the old location of the 1c base.

We check access to the folder with 1c databases:

• Right-click Propetries (Properties) → Security (Security) → Advance.
• all rights must be inherited from the root of the disk: Administrators, SYSTEM and Hosts must have "Full Control", group 1c - the rights "Read & Execute.

• We add rights for the corresponding user group 1c (which owns this database). Check all boxes except:
  Full Control, Delete, Change Permissions, Take Ownership (for "This folder, subfolders and files")
• thus, our group with "Special" rights will appear in the list of rights

A little secret: if you want someone other than Administrator to be able to save any of the 1c databases, you need to give this person write permissions to the file C:\Program Files\1cv77.ADM\BIN\1CV7FILE.LST .

• right click → Propetries → Security → Advanced
• add rights for the 1c-Admins group: Put all the checkboxes, except for: Full Control, Delete, Change Permissions, Take Ownership

When you first start 1c, you may encounter the fact that 1c did not want to accept its own metal security key. At startup, he thinks for a long time, and later writes: "The protection key was not found" - and falls out.

However, I have not heard of such problems from other people. Installing an emulator will help you HASP drivers. However, that's another story!

Leave your comment!

Basically, in our company, all workplaces were built on the basis of HP t5530 thin clients. The exception was a few jobs with special requirements(exotic hardware or software) and several laptops of key employees. The total number of jobs was approximately 120 units. All this was served by two terminal servers (Windows 2003 Ent), one server Active Directory and one file storage. Internet access server with FreeBSD. Working tasks are standard - IE (access to a remote online database), TheBat with mail in huge quantities, MS Office (Word/Excel), 1С.

Unfortunately, all software, with very rare exceptions, was unlicensed for one reason or another. And, of course, contained quite a large number of information that was not supposed to get to certain authorities.

At some point, the authorities set the task - to take a number of measures in case of unforeseen and not very visits of certain persons. Time was given a minimum, and funding was not given at all.

After a short brainstorming came up with the following idea:

From what was found in the server room, a relatively good terminal server was assembled, which, theoretically, could withstand the entry of all users. Of course, they could hardly work there. This server hosted Active Directory with a copy of user accounts, a large amount of white documentation, set up the software and generally imitated in every possible way that all the work takes place on it.

The thin clients and the fake server were placed on a separate subnet, say 192.168.1.1/24(A). All real servers were on the 192.168.0.1/24(B) subnet. On FreeBSD, virtual interfaces were raised in subnet A by the number of terminal servers. AT normal mode thin clients accessed by IP addresses of virtual interfaces, where they were redirected to real servers in subnet B. If hour X arrived, redirection from all interfaces to 1 IP of the fake server in subnet A was turned on.

Users were accordingly instructed that if the connection with the terminal was interrupted, and after its restoration they see a certain picture, then it is necessary, it is necessary to remain calm, imitate work and not panic and shout “why everything is not working”.

This whole system worked in manual mode- i.e. Everybody necessary manipulations were made by executing the script by the administrator on duty. Over time, the plans were to implement auto mode, by crossing with already existing system office notifications about guests (radio key fob for secretaries and light signaling in the right rooms).

In general, the system turned out to be: a) very budgetary, b) not requiring a long time to recover after the guests leave.

terminal server can be a solution for organizations where the number of users is large, but the computing power of the workplaces is insufficient. Also, the configured server solves the problem of administration and installation of the 1C client.

How to set up a terminal server for 1C

For stable operation 1C need to prepare the park highly powerful computers and servers. As the number of users and the depth of implementation of 1C products grows, the appetite for configurations increases. Sooner or later, the opportunities to improve the performance of servers, client machines, and network parameters will dry up, and you will have to look for other solutions to the client's performance problem. The terminal server for 1C is one of the working ways to simplify the life of administrators and reduce the requirements for terminal clients.

Using a terminal server for 1C

If you do not use terminal servers, users' computers perform calculations on their own, for which information is transferred from the database to clients. This process is independent of the type of database. This option of work involves serious investments so that the performance on the server and workplaces is at a decent level.

When working with a terminal server, the client computer plays the role of only a keyboard and monitor. The network is only responsible for transmitting signals from the user's keyboard to the server and displaying the result of the commands entered from the keyboard back. In this regard, the requirements for their characteristics are significantly reduced. There is no need to purchase and regularly update terminal clients and provide a high-speed connection to the server.

With the growing popularity of 1C programs and the increase in areas in which this software is being implemented, more and more companies are using the 1C terminal server. Saving on technology is far from the only reason why many organizations are inclined in favor of the option of working with 1C using a server.

Benefits of Terminal Servers

In addition to savings by reducing the cost of working clients and the network, the operation of terminal servers allows you to:

• Increase the calculation speed of 1C software and reduce the load on the network. This is critical if you have configured file version DB. The terminal server will be faster even with minor operations;
• Ensure the safety of data when the connection between the terminal client and the server fails. After all, not data is sent, but their display. In the event of a failure, clients can simply reconnect to the server and continue from where the network failed. This advantage terminal servers is important, since 1C programs are sensitive to failures and power outages at workplaces;
• Increase the security of information in the database. It is much more difficult to make a copy of the database from the terminal server under the client, and users connect to the server under unique logins and passwords;
• Simplify the IT structure in the company, which will save time for system administrators.

In addition, the capabilities of server OS from Microsoft allow staff administrators to configure the ability to connect terminal clients to the 1C server, so setting up the 1C server is such an important issue.

Installing a terminal server for 1C

For example, let's install a terminal server for 1C in Windows Server 2012:

1. You need to go to the connection properties on the server and set the desired IP address;

To check if our server is visible, try to register on the client computer ping command <Адрес терминального сервера>on the command line;

If the ping was successful, on the server, open "Server Manager" and click "Add roles and features";

Select the type of server installation - "Installation of roles and features";

We select our server for 1C from the server pool and click "Next";

At the stage of selecting server roles, we need to find and check the box opposite the "Remote Desktop Services" role;

Click "Next" twice and at the stage of selecting role services on the server, you must put two checkboxes:

In the next window, check "Automatically restart the server if required" and start the installation of the terminal server;

After some time, the terminal server for 1C will be successfully installed.

Set up a server for 1C

Now we need to configure client user access to the server. For this:

1. Install 1C on the server;
2. Open Administration. Go to "Computer Management". Go to the section " Local Users” and select “Users”. Create a new user on the server;
3. In the window that opens, fill in the fields "User", " Full name”, “Description”, “Password” and “Password Confirmation”;

Click "Create". Then we go into the properties of the created server user. On the "Group Membership" tab, add "Remote Desktop Users";

Then on the server go to " Local Policy security." Click on the left "Assignment of user rights" and on the right go to the properties "Allow logon through Remote Desktop Service";

The default server gives access only to administrators. Add users using "Add user or group...";

When all users are listed on the server, click Apply.

The terminal server is configured, and client computers can connect to it.

Connecting to a terminal server

Connection to the configured 1C terminal occurs through the RDP protocol. Microsoft family systems have a built-in tool called "Remote Desktop Connection". To find this tool, go to "Start" - "All Programs" - "Accessories":

In the window that opens, you must specify the parameters:

• In the "Computer" field, enter the address of the terminal server;
• In the "User" field, you must specify the name under which you want to log in to given server. Naturally, for this the user must be allowed remote control;

• In the next window, you will need to enter the user password to access the server.

If the settings are made correctly and the data is entered correctly, then a window will open in which you will see a slightly modified desktop.

Further work does not differ from the situation in which 1C is installed on your computer.