Environment
Novell Open Enterprise Server 11 SP1 (OES 11SP1) Linux
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Domain Services for Windows
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Domain Services for Windows
Situation
Configuration of Remote Desktop Licensing fails on a Windows 2008R2 server joined to a DSfW domain with the following warning:
The same issue is seen with VMware composer, VMware view connection server and Windows Deployment Services as well.
Warning: This license server is not registered as a service connection point (SCP) in Active Directory Domain Services (AD DS). The license server will not appear in the list of known license servers in the Remote Desktop Session Host Configuration tool. To register the license server as an SCP in AD DS, use Review Configuration in the Remote Desktop Licensing Manager tool.
The following role services were installed:
Remote Desktop Session Host Remote Desktop Licensing Warning: Ensure that your RD Session Host servers are correctly configured to use this license server. For more information, see <a href="ts_license.chm::/html/7cd57119-808e-4777-ab21-1f75a718c1ad.htm">Configure License Settings on an RD Session Host Server.</a> Informational: <a href="ts_admin.chm::/html/21ea97a1-a75d-4ff6-87b1-faab342050a4.htm">Enable Windows 7 features on this RD Session Host server by using Desktop Experience.</a> Warning: Use the Remote Desktop Session Host Configuration tool to specify a Remote Desktop license server for this RD Session Host server to use. For more information, see <a href="tscc.chm::/html/fed1c160-dde3-49d5-a54f-a4e7a39f1695.htm">Configure License Settings for an RD Session Host Server</a>.
The same issue is seen with VMware composer, VMware view connection server and Windows Deployment Services as well.
Resolution
The Additional Information section contains a script which can be used to correct the issue on an already installed server.The server versions can be oes2sp3, oes11fp0 and oes11sp1.
Use the update-acl.pl script to allow creation, deletion and search of entries under the sub-tree of the computer object joined to the domain.
Steps to apply the:
Copy the script to /tmp directory
#chmod +x update_acl.pl
#perl update_acl.pl
Use the update-acl.pl script to allow creation, deletion and search of entries under the sub-tree of the computer object joined to the domain.
Steps to apply the:
Copy the script to /tmp directory
#chmod +x update_acl.pl
#perl update_acl.pl
Cause
The root cause of the issue is that the computer account is the "account" used to create the CN=TermServLicensing object below the computer account itself does not have the permissions required to create the object.
Additional Information
Download the update_acl.pl from dsfwdude.com or create the script by copying and pasting the below information.
If you download the script run
tar -jxvf update_acl.bz2
chmod +x update_acl.pl
#!/usr/bin/perl -I. -I.. -I/opt/novell/xad/lib64/perl -I/opt/novell/xad/lib/perl
use strict;
use warnings;
use XAD::registry;
my $LDAP_ERR_DUP_ACL = 20;
my $debug = 0;
sub update_acls {
my $mapped_domain_nc = registry::getReg("Mapped Domain NC");
my $temp_file = "/var/opt/novell/xad/ds/domain/domain_nc.ldif";
if (not -e $temp_file) {
open LDIFFILE, ">$temp_file" or die ("Could not open the LDIF file\n");
print LDIFFILE "dn: $mapped_domain_nc\n";
print LDIFFILE "changetype: modify\n";
print LDIFFILE "add: ACL\n";
print LDIFFILE "ACL: 7#subtree#[This]#[Entry Rights]\n";
print LDIFFILE "ACL: 3#subtree#[This]#[All Attributes Rights]\n";
close LDIFFILE;
}
my $ldapmodify_cmd = "LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf /usr/bin/ldapmodify -Y EXTERNAL -Q -c";
print "Executing $ldapmodify_cmd -f $temp_file > /dev/null 2>&1 \n" if ($debug);
my @output = `$ldapmodify_cmd -f $temp_file > /dev/null 2>&1`;
if ( $? && $? == $LDAP_ERR_DUP_ACL) {
my $err = $? >> 8;
chomp (@output);
print "Couldn't update the ACLs on the domain root container: @output : $err \n";
exit -1;
}
else {
print "Successfully updated the ACLs on the domain root container\n";
}
}
update_acls;
#!/usr/bin/perl -I. -I.. -I/opt/novell/xad/lib64/perl -I/opt/novell/xad/lib/perl
use strict;
use warnings;
use XAD::registry;
my $LDAP_ERR_DUP_ACL = 20;
my $debug = 0;
sub update_acls {
my $mapped_domain_nc = registry::getReg("Mapped Domain NC");
my $temp_file = "/var/opt/novell/xad/ds/domain/domain_nc.ldif";
if (not -e $temp_file) {
open LDIFFILE, ">$temp_file" or die ("Could not open the LDIF file\n");
print LDIFFILE "dn: $mapped_domain_nc\n";
print LDIFFILE "changetype: modify\n";
print LDIFFILE "add: ACL\n";
print LDIFFILE "ACL: 7#subtree#[This]#[Entry Rights]\n";
print LDIFFILE "ACL: 3#subtree#[This]#[All Attributes Rights]\n";
close LDIFFILE;
}
my $ldapmodify_cmd = "LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf /usr/bin/ldapmodify -Y EXTERNAL -Q -c";
print "Executing $ldapmodify_cmd -f $temp_file > /dev/null 2>&1 \n" if ($debug);
my @output = `$ldapmodify_cmd -f $temp_file > /dev/null 2>&1`;
if ( $? && $? == $LDAP_ERR_DUP_ACL) {
my $err = $? >> 8;
chomp (@output);
print "Couldn't update the ACLs on the domain root container: @output : $err \n";
exit -1;
}
else {
print "Successfully updated the ACLs on the domain root container\n";
}
}
update_acls;