If you would like to read the first part of this article series please go to Terminal Services License Server High-Availability and Recovery (Part 1).
In part one of this article, I explored ways to provide redundancy for your enterprise’s terminal services license servers. However, license server recoverability plays an equally critical role in ensuring that license servers are always available.
License Server Backup
Backing up your license servers is a critical component of license server recoverability. Regardless of the lengths you have gone to ensure redundant license servers are available, there is always the possibility that the surviving license server(s) will not contain any available CALs. Therefore, you must be able to rapidly recover a failed license server.
To facilitate fast recovery, each license server must be backed up exclusively as each license server has a unique identity. When license servers are activated, the Microsoft Clearinghouse exchanges key information with the license server and activates it based on this information. Digital certificates are generated for the license server so it can communicate with the Clearinghouse and digitally sign CALs issued from that license server. Furthermore, these certificates are exchanged with terminal servers so they can validate CALs issued by the license server. For these reasons, license server databases from one license server cannot be restored to a different license server; they must be backed up exclusively. In addition, the license server’s system state must also be captured in a backup to restore the license server’s identity and activation status as part of the recovery process.
License Server Backup and Restoration Options
Your environment most likely already contains an enterprise backup mechanism already in place. Regardless of the backup processes you use to back up a license server, the following components must be included in the backup process:
- System State, which will capture the activation status and identity of the license server.
- LServer directory (%SYSTEMROOT%\System32\LServer by default), to capture the actual licensing database.
- Repair directory (optional – %SYSTEMROOT%\Repair)
Preferably, the entire server should be backed up, including the system drive and any pertinent data drives, but items one and two above represent the minimum.
Recovering a License Server
The process of recovering a failed license server varies based on how it was backed up. Possible failures could include a hardware issue, such as a failed drive, motherboard or dead power supply. It could also be the result of a data corruption or operating system failure. Finally, human error could be responsible. Whatever the reason, ensure your organization has well-documented procedures for recovering your license servers to make the process as efficient as possible.
If the server’s operating system is still in tact, then the recovery process may simply be to recover the last known working backup of the System State and LServer backup, and restore that information to the license server. However, if the operating system is corrupt or the failure requires a complete server rebuild, you may have more work ahead.
Note:
Please note that if you are restoring the System State and LServer directory, the Licensing Service must be running while the restore is processed.
Leveraging Your Existing Enterprise Backup and Recovery Processes
The simplest way to back up your license servers may be to install an appropriate backup agent on the server and use your normal backup processes to archive the server. This leverages the existing backup mechanism deployed in your environment, such as UltraBac, Symantec NetBackup, Legato, CA ARCserve etc.
If your product and licensing support it, consider leveraging a bare-metal restore option for fast recovery without needing to install a base operating system first. Otherwise, the base Windows installation will need to be built first, and the backup agent reinstalled to initiate a restore.
A bare-metal restore option allows the server to be booted from alternate media, such as a CD-ROM or PXE network boot, and connect directly to the backup server to restore the image over the network. Furthermore, some solutions include the ability to restore the backup to alternate hardware, although this usually requires backing up the entire server, rather than just the System State and LServer directory. This option can be costly but can save a significant amount of time in the restoration process.
|
Pros |
|
|
Cons |
|
Using Windows Backup
Windows Backup is a perfectly acceptable mechanism for backing up a license server and can save on costly backup agents. Simply schedule a nightly or weekly backup of the critical license server data and back it up to a file on a file server (or other regularly backed up host). Then, the normal backup mechanism deployed in your environment can archive the license server backup file when it performs a regularly schedule file server backup. This option prevents having to install costly backup agents on your license servers just to back up a few files.
Unfortunately, in this case the restoration process includes a complete OS rebuild followed by a restoration of the Windows Backup file, which can take a significant amount of time.
|
Pros |
|
|
Cons |
|
Using an ASR Backup
Another backup option is to perform a Windows ASR (Automated System Restore) backup of the license server and store the backup file on a separate local partition from the Windows installation. An ASR is a function of Windows Backup in Windows Server 2003 and creates a complete backup of the system.
An ASR can be restored easily by booting the original server with the Windows installation media and selecting <F2> during the boot process to initiate an ASR recovery. Although the process takes a significant amount of time, it’s a fairly hands-off process once started. An ASR restore will result in a complete restoration of the server to the point in which it was backed up.
The major down-side to using an ASR is that the entire image must be taken each time as there is no differential/incremental mechanism available. Furthermore, although the process is automated, the restoration of an ASR takes a long time; it performs a complete Windows reinstallation, followed by the ASR data restore. For more information on ASR functionality, see Microsoft’s web site.
|
Pros |
|
|
Cons |
|
Go Virtual
Consider leveraging virtualization technology. Virtual machines are encapsulated in a set of files that comprise the entire VM image. Restoring a virtual machine is as simple as restoring a set of files. The low-resource overhead of license server makes them perfect virtualization candidates. Furthermore, the nature of most virtualization platforms breaks the operating system dependency on the underlying hardware, so you no longer need to restore to the same physical system. The virtual machine becomes portable and can be moved form one virtualization host to another. This portability also simplifies disaster recovery plans; the virtual machine can be backed up regularly and restored to a disaster recovery site.
Backup and recovery of virtual machines can be accomplished by any number of products and technologies, many of which can create a complete encapsulated image of the VM while it is running and without the need of 3rd party open-file agents. Furthermore, some virtual machine backup technologies support incremental/differential backups which can significantly reduce backup times.
|
Pros |
|
|
Cons |
|
If your organization has not yet make the plunge into virtualization, there are other alternatives to simplify the process of license server recovery while making it more flexible.
Bring Autonomy to Physical Servers
Software vendors have developed backup and restoration mechanisms that can take complete images of physical servers while the server is operational. They have also developed features that allow you to restore that image to dissimilar hardware from a bare-metal boot. This functionality may be available from your backup software vendor, such as Symantec NetBackup or CA ARCserve, or it may require the addition of products like Acronis TrueImage, Symantec LiveState or Platespin PowerConvert. Using product from these and similar vendors allows you to take complete images of your license servers, including incremental images, and rapidly restore them to the same or dissimilar hardware, whether physical or virtual, while also simplifying disaster recovery processes.
|
Pros |
|
|
Cons |
|
What if You Don’t Have a Backup?
It is inevitable that someone will need to know what to do when they need to recover a license server when no backup is available. The general steps are outlined below:
- Install Windows on the server then add the Terminal Server Licensing component from Add/Remove Components.
- Contact the Microsoft Clearinghouse by phone to activate the server and have them reissue your CALs. Since CALs cannot be recovered once activated on a license server, a Clearinghouse representative must manually reissue them to your license server.
To find the appropriate number for the Clearinghouse, select to activate your server by phone, and then choose your region from the list; the phone number will be listed. All phone numbers can also be found on the license server in the registry:
HKLM\Software\Microsoft\TermServLicensing\LrWiz\CSNumbers - Once the license server is activated, be sure it can be discovered. See my articles on License Server Discovery for details.
License Server Placement
I wanted to finish up this article with a note on license server placement. License servers typically do not consume a significant amount of resources, so there is little need for a dedicated system. Consider leveraging virtualization for your license servers. As stated previously, virtualization offers many benefits such as underlying hardware autonomy and simplified DR, not to mention the fact that it’s one less server to power, manage, and maintain.
If virtualization isn’t an option, another perfectly acceptable practice is installing the license service on an existing production server in your infrastructure, such as a domain controller or other infrastructure server. This placement may be ideal as these servers are typically backed up regularly and license service administration does not require frequent access to the server’s console. In addition, if you read my articles on License Server Discovery, you will note that Domain-based license servers will only be reliably discovered when residing on a domain controller.
As stated at the beginning of this article, license server redundancy is really only as good as your backup and recovery processes since there is always the possibility that a failed license server could leave your organization with no available CALs. Always have well a executed and documented backup and restoration process to avoid any potential outage due to license server unavailability.
If you would like to read the first part of this article series please go to Terminal Services License Server High-Availability and Recovery (Part 1).
