![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
596 questions
Hello,
In an RDS environment, RDLS installs and publishes the cals, and SH must point to LS for the cals to be properly issued. For per-device and per-user CALs to work, the Remote Desktop Session Host and Remote Desktop License Server are configured in one of three configurations:
(1) Both are part of the same working group
(2) Both are in the same field
(3) In a trusted Active Directory domain or forest (two-way trust)
References: 跨域林或工作组设置 RD 许可 - Windows Server | Microsoft Learn
Please make sure that the version of the CAL you purchased is LS≥CAL≥SH according to the license usage rules
The ApsaraDB RDS CAL mode is divided into Per User and Per Device. If multiple people share one client or jump server, you usually need to select Per Device mode. If the user will log in through different clients, the Per User mode is usually selected. Also, Per User Cal can only be used in domain environments, while Per Device Cal can be used in domain environments and workgroup environments.
- If you check the IP/FQDN and CAL information of RDLS, please check the configuration on the session host (destination server) as described below, if it is not configured correctly, it will not be able to be used normally after the 120-day grace period.
Group Policy path:
gpedit.msc→Computer Configuration→Administrative Templates→Windows Components→Remote Desktop Services→Remote Desktop SessionHost→License
Verify that the following are configured correctly
- Use the specified Remote Desktop license servers
It must be configured to be enabled, and the authorization server must be specified as either FQDN or IP (native).
- Set Remote Desktop Licensing Mode
It must be configured to activate and the license type must be specified
After Group Policy is configured, gpupdate/force refreshes the policy
- regedit Open the registry and check the value of the key below
1、Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\Terminal Services
LicensingMode value,Key-value 4 for per user cal,Key-value 2 forper device cal
2、Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\RCM\Licensing Core
LicensingMode value,Key-value 4 for per user cal,Key-value 2 forper device cal
3、Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters\LicenseServers
Add the strings "SpecifiedLicenseServers",Specify License Server,is the fully qualified domain name or IP address of the license server.
4、Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices
LicenseServers specifies LicenseServer, which is the fully qualified domain name or IP address of the license server
If the value of the key changes, restart the server after the change.
- If the firewall is enabled, you need to open the required ports for RDSH and RDLS
4 ) Per cal user
When a user gets a CAL, they can connect to any session host in the domain and check if the CAL is successfully obtained by following the steps below: Open ADUC on the domain controller, open the advanced functions from the view, and open the user properties of the corresponding user. After msTSmanagingLS in the property editor, if there is a value, it proves that you got the CAL.
I hope this information helps you.
Best regards,
Jingjing Wu