Thoughts from the EPS Windows Server Performance Team
Useful Microsoft Blogs
Happy Sunday everyone! It’s Day Eighteen of our Windows 7 / Windows Server 2008 R2 Launch Series – only four more days to go till the big day! Today we’re wrapping up our look at some of the new Remote Desktop Services features with a quick overview of Remote Desktop IP Virtualization (RD IP Virtualization). RD IP Virtualization allows IP addresses to be assigned to remote desktop connections on a per-session or per-program basis. Prior to Windows Server 2008 R2, every session on a remote desktop server had the same IP address. I’m sure some of you are wondering, “Well, OK – big deal. Why does that matter?” Think about applications that require a unique IP address for each instance of the application. Clearly having a single IP for all the sessions, can cause a number of application compatibility problems – consider the scenario below where the backend database server refuses the second and third client connections based on their use of the same IP address as the first connection.
OK, let’s take a quick look at the architecture of the RD IP Virtualization feature. User mode applications using WinSock will be able to get Virtual IP’s – the application itself does not need to be aware of RD IP Virtualization or need to be changed in any way. However, there are some caveats – services in Session 0 will not be virtualized, nor will applications and services running inside the a remote administrator session. In addition, applications that use named pipes or any other mechanism besides sockets will not be virtualized. The RD IP Virtualization Service depends on a valid DHCP Server being active. A pool of static addresses can also be configured. The actual process for assigning the IP Addresses is as follows (the diagram below shows the sequence):
Now let’s look at how applications get their IP Addresses and what RD IP Virtualization does in each case.
WinSock provides a pluggable Service Provider Infrastructure (SPI) that facilitates the interception of the WinSock API calls. Applications don’t know about the SPI – they make their normal WinSock API calls to get network addresses. Transport Service Providers (TSP) are services that set up the connection or transfer data. There are two different types of TSP – Layered Service Providers, that we mentioned above, that intercept the WinSock API calls, and Base Service Providers (BSP) that implement lower-level protocols such as TCP/IP. Namespace Providers (NSP) are services that associate network addresses with human-friendly names. Since the applications using Namespace Service Providers are also WinSock applications, they are intercepted and assigned VIP’s as well. The diagram below gives you an idea of how this all interacts:
Now that we’ve looked at some of the underlying architecture, let’s take a look at the functional pieces. RD IP Virtualization is installed as part of the Remote Desktop Server Session Host role service, but by default it is set as “Not Enabled”.
To enable IP Virtualization, check the box as shown below, and click on Apply. You can then select if you are going to use Per Session or Per Program mode as well as select which NIC to use to host the Virtualized IP Address.
Important: If your computer has more than one network adapter, you must choose per program. Using per session Remote Desktop IP Virtualization with more than one network adapter installed on the computer is not supported.
Before we wrap up, let’s take a look at how to configure a Static IP Pool for RD IP Virtualization. Normally you would allow your DHCP server to handle the addresses, but if you want to set up a specific set of IP addresses (possibly due to firewall rules etc), here’s how you go about doing that. Remember that these addresses need to be excluded from the list of addresses that your DHCP server can hand out so that you can avoid IP Address conflicts! The basic steps are to turn on Static IP via the registry (there is no UI method to do this), then choose your IP Virtualization mode (per-app or per-session) and add your IP address information. Let’s walk through the process.
The first step is to pop open REGEDIT.EXE and navigate to the HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\TSAppSrv\VirtualIP key. Once you are at that key, you’ll need to add the following values:
Once you have these values configured, you’ll need to go in and add the IP Address information. Navigate to HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\TSAppSrv\VirtualIP\IPPool and create the following values as String (REG_SZ) values:
If you chose to set up your server in per-application mode, you will need to add the applications you want to virtualize. You can do this via the UI – ensure that the “Per program” radio button is selected and use the “Add Program” button to add the applications:
OK – that’s it for today’s post. That also wraps up our segment on some of the new Remote Desktop Services features. Tomorrow, Dane Smart will be back with a quick look at AppLocker. Until next time …
- CC Hameed
We have following scenario.
1. User connects through Thin client to Terminal Server
2. Users invokes a Web Based application which in turn conencts to a Oracle Data base running on HP-UX OS.
3. User has to print through application which has been configured through HP-UX OS such that for specific IP address the printing is directed to specific printer.
In above situation how can we use above described feature of Windows 2008 Terminal Server?
Thanks in Advance
I've installed a test Windows 2008 r2 server into a VMWare virtual machine. The server is activated but I haven't installed any TS cal's yet. Holding off until I see if everything works.
I've followed the instructions for enabling IP Virtualization for sessions and I am still only seeing one IP address being used. Nothing in the event logs saying anything about IP virtualization other than that the service has started.
It's as if the feature is still turned off even though everything in the settings (and in the registry) say that it's turned on. What gives? Is this thing real?
I am currently testing the IP virtualization (per session) on a Remote Desktop Server(virtual). I want to log what users are doing on Internet, and, because we are using Remote Desktop Server, we need to use IP Virtualization to provide one IP per user.
If I open one new user session and I make a ipconfig /all, I have one IP (prefered) that is the static IP of the server and one deprecated IP. Is IP Virtualization supposed to be working like this?
Also, after enabling IP Virtualization (per session) I cannot access Active directory tool (users and computers, dhcp, etc). I get the following error:
"Naming information cannot be located because:
The network path was not found.
Contact your system administrator to verify that yout domain
is porperly configure and is currently online."
However, as soon as I disable ip virtualization I can access any active directory tools.
Does anyone know how to fix this?