Activating Windows 2003 Terminal server license on end user system

Many of us face challenges while we activate the terminal servers licenses from the remote system. Recently I faced the same issue and I followed the below steps and the problem was resolved.

  1. The Terminal Services Licensing Server must be configured properly and it must be up and running fine on the same network environment. For example, we will consider this server Frank2k3 ( as a Terminal services licensing server and this server is reachable to the End user system.
  2. If the Terminal Services Licensing Server is present in a different network then we have to enable the required communication ports between two environments. For example if we have the Licensing server present in the network 192.168.150.X and the End user system present in the network 10.50.10.X then we need to enable the following ports from the End user network (10.150.10.X) to the 192.168.150.X network: TCP-135, TCP-139, TCP-445, TCP 5000-5100**.

     (The ports range of 5000-5100 can be modified to any other range of at least 100 ports and it should be above the port 1024.  I used 5000-5100).

  3. We need to add below entries in the registry (use regedit.exe tool and update the registry). Create the Key in the name of Internet under KEY_LOCAL_MACHINE\Software\Microsoft\Rpc

      Under the Internet key, add the below three values
      ”Ports” (MULTI_SZ)
      ”PortsInternetAvailable” (REG_SZ)
      ”UseInternetPorts” (REG_SZ)

  4. After update of the above entry in the End user system the new registry key appears as follows:
      Ports: REG_MULTI_SZ: 5000-5100
      PortsInternetAvailable: REG_SZ: Y
      UseInternetPorts: REG_SZ: Y
  5. Restart End user system. All applications that use RPC dynamic port allocation use ports 5000 through 5100, inclusive. In most environments, a minimum of 100 ports should be opened, because several system services rely on these RPC ports to communicate with each other.
  6. On the End user system, open up Terminal Services Configuration.  Click on Server Settings --> License server discovery mode and fill in the IP address of the Terminal Server Licensing Server (  Clicking on the Check Names button should tell you if it is working or not.  Finally click on Server Settings –> Licensing and select Per Device or Per User, to match whatever types of licenses are installed on the licensing server.  We used the Per Device license.  Everything will work now.  If any problem occurs, then check the Licensing server and it will show up in the System event log with event ID 1010.
  7. The end user system (10.50.10.X) will need to be rebooted after these changes.

The below screen shots show the registry changes:



Avoiding performance issues with Linked Clone VMware View Desktop through fully deployed (thick) desktop

              Optimal design of a VMware View environment must take several factors into consideration. One of the most important factor is the Storage design. When proper storage design planning is not done, it invariably leads to performance issues in the environment. The most prominent example would be having linked clones in an environment in multiple SATA drives with very little cache space. There is a solution for avoiding such performance issues and that is to have fully deployed (thick disk) desktop. Having fully deployed desktops means spreading the I/O over many spindles instead of crowding all requests to one spindle.

This can be done in two methods:

  • Cloning the Desktop VM
  • Storage VMotion the Desktop VM

Cloning the Desktop VM


  1. From VCenter, right click on desktop VM. Select ‘Clone’

  2. Keeping continuing with the wizard till the point of selecting what to do with the disk

  3. Now select ‘Same Format as Source’

These steps can be done when the desktop is on or off (hot or cold). In a nutshell, the linked clone is read (the latest snapshot of vmdk file that includes all changes down to base disk) and  stand-alone disks are created which are independent of the linked clone storage structure. Thus the file created from the cloning is the thick vmdk file which can now be used as base.

The advantage with this method is that one can verify that the cloning is complete before removing the linked clone VM in the View Manager. The new one can be manually added after verification.

Storage VMotion the Desktop VM


  1. From VCenter, right click on Desktop VM. Select ‘Migrate’

  2. Select ‘Change Datastore’

  3. Follow the next steps and select ‘Same Format as Source’ in disk section

The VMs are converted just in the same way as the first method with the only benefit that this can be done without any downtime for the desktop.

This method also has the disadvantage of having no verification mechanism and the necessity of free space to be available on another datastore.

Tips for strong password in server hardening

The need for a highly secure Strong Password is felt more these days due to increased hacking and phishing. With Microsoft integrating windows logon to many online transactions, the need is further more important.

The password policy setting is one of the most important steps in server hardening procedure. This is usually done in 99% of the environments. But if in any environment it was overlooked, there are methods how one can enforce the strong password policy there.

The steps to enable password security policy in Windows 2003 Domain server is presented in this post:

Step#1: Start—> Program –> Administrative Tools –> Domain Security Policy


Step#2: From the Domain Security Policy Window, enable the “Password must meet complexity requirements” under Password policy in Account Policies


Once these steps are done, the password policy will be enforced when the users do a password reset.


Microsoft has some suggestion on how to make your password strong. I find the following tips useful:

  1. The length of password is very important – make it at least 14 characters or more.
  2. Make your password strong with special characters (symbol) in it.
  3. Mix upper and lower case letters to increase complexity.
  4. Remember to use the entire keyboard instead of using common words.
  5. Increase the length by using numbers between the letters.
  6. More complex the better – add punctuation at the beginning.

You might also want to refer to the Microsoft Documentation for detailed examples and Password checker tool

Restoring corrupted windows OS files without affecting the existing configuration files

Many a times we have the difficulty of having to restore some corrupted OS files. But this is always scary as there is a high chance of the other existing configuration files getting corrupted as well.

Well, in one of my tight situations I found that Microsoft was a life saver yet again! Microsoft provides a command line tool System File Checker “SFC” which can be used to recover the corrupted windows operating system files.

Since the discovery of this tool, I have used SFC in many production windows server environment successfully and the problem got fixed every time!

When you are not really sure that all the OS files are good and you doubt that system files have been somehow corrupted, do use SFC. This tool will validate the digital signatures of all the Windows system files and if there are any incorrect files, they are restored.

During the recovery process if possible it will use the on-disk cache files. But in some cases, this tool may request the original installation CD. This is because; the SFC tool will replace a damaged file from CD if it is not available in the on-disk cache.

So before start the system files recovery process using the SFC utility tool we should have original OS CD.

To run the System File Checker utility

  • Step1: Go to Start menu and select Run
  • Step2: Enter the command SFC /Scannow - Press enter button

This command will take few minutes to trigger the System Scan process. If any of the system files are replaced by the SFC, a reboot is required. This will not affect any previous configuration settings.

Check this Microsoft link for Microsoft documentation on SFC

Solving technical issues for large memory support in Windows 2003 server

Recently I faced issues when I setup the IBM HS20 blade server. I had installed 8 GB physical memory on the blade and I installed the window 2003 32 bit Enterprise operating system. After the OS installation I verified the physical memory availability by using the “systeminfo” command and found that the operating system showed only 4GB RAM present on the server. I was wondering what had happened to the other 4 GB!!

This is because of the hardware limitation. In any 32-bit Operating System, one only has access to 4GB of address space by default. The 32-bit Operating System can actually handle 4GB of memory. Using the /PAE switch allows the OS to handle memory above its maximum range as long as the application can handle it.

Any OS can only handle whatever resources are shown to it by the hardware BIOS.  If the hardware does not support a large enough addressing range, then it won’t report anything above that.  If the hardware supporting 36-bit PAE Intel Extensions or the AMD equivalent is used with an OS that supports PAE, we can enable both and see the entire RAM.

The procedure that I followed to enable the PAE switch in windows 2003 operating system is as below:


Open the My Computer Window from the OS and select the menu Tools from the top of the menu bar


Under the Tools menu select the menu “Folder Options” and select the sub menu “View”



Inside the View menu select the option “Show hidden files and folders” and uncheck the option “Hide protected operating system files (recommended)”


Select the Apply button and press OK button to close this window


Open the primary boot partition (default boot partition is C: Drive). Now we can see the hidden file “boot.ini”.



Open the boot.ini file in notepad and update the /PAE switch on the file. The below screen shot shows the correct format after enter the /PAE switch. Once update the switch we need to save the file and close the file.



Go to My Computer menu on the Desktop and select properties of the My Computer. Now we can see the 8 GB RAM available in the system.


How to change the Service console IP in VMware ESX 4 Server?

Changing the IP for the Service Console must be done from the physical console or through a remote console session (ILO or DRAC). If you make changes through a network connection such as SSH, network connectivity to the Service Console disconnects because the Service Console's network interface changes.

  1. Run the following command to set the IP address:
    root@frank root# esxcfg-vswif -i -n vswif0
    : In this example, v swif0 is the Service Console adapter that is the interface to which you are applying the IP address change.)
  2. Open the /etc/hosts file with a text editor and modify it so that it reflects the correct IP address and hostname.
  3. To change the default gateway address and the hostname, edit the /etc/sysconfig/network file and change the GATEWAY and HOSTNAME parameters to the proper values.
  4. For the changes to take place, reboot the host or restart the network service with the command:
    root@frank root# service network restart

Note: This command breaks any current network connections to the Service Console.

How to Change the hostname, domain, DNS servers, and default gateway in VMware vSphere or Infrastructure (VI) Client?

  1. Highlight the ESX host and click the Configuration tab.
  2. Click DNS and Routing.
  3. Click Properties.
  4. To change the hostname, domain, and DNS servers, click the DNS Configuration tab and enter the appropriate values.
    (Note: Disable VMware High Availability if you do not want virtual machines to failover during the hostname IP change.)
  5. To change the default gateway, click the Routing tab and enter the appropriate value.
  6. Update the etc/opt/vmware/vpxa/vpxa.cfg file to reflect the new settings.
  7. Reboot the ESX host for the changes to take place.

How to configure the forest level trust relationship in Windows 2003 Server?

A forest level trust relationship will allows two entire forests to share resources and allows selected users to access select resources.

  1. Open Active Directory Domains And Trusts from Administrative Tools.
  2. In the console tree pane, select and right-click the domain node for the forest root for which you want to create a trust.
  3. Select Properties.
  4. Select the Trusts tab in the Properties dialog box.
  5. Click New Trust and click Next (skip the Welcome screen).
  6. On the Trust Name page, enter the DNS name of the target domain for your trust (for our example, it is and click Next.
  7. Select Forest Trust on the Trust Type page and click Next.    (If the Forest Trust option is missing, you may have omitted one of the prerequisites. In that case, double-check the DNS Forwarders tab and the forest functional level of all the domains in both forests.)
  8. Choose a direction for the trust relationship: Two-Way, One-Way Incoming, or One-Way Outgoing.
      • Two-Way: All users in both forests will be able to access all resources in both forests.
      • One-Way Incoming: All users in this forest will be able to access all resources in the other forest but not vice versa.
      • One-Way Outgoing: All users in the target forest will be able to access all resources in this forest but not vice versa
      • After you have chosen, click Next.
  9. Resource access is still governed by permissions in the domain where the resource exists. The trust direction provides access to all resources where permissions allow access. Select the sides of the trust relationship: This Domain Only or Both This Domain and the Target Domain.
      • This Domain Only: Creates the trust relationship in this domain only; an administrator on the other end will have to complete the other trust.
      • Both This Domain and the Target Domain: Requires sufficient access in the remote domain and will allow you to complete the trust setup.
  10. Select the appropriate path, depending on the choices you made in the previous two steps.
      • If you chose Two-Way or One-Way Outgoing in step 8 and This Domain Only in step 9, you will need to select a trust authentication level. Domain-Wide Authentication will authenticate all users in the remote forest for all resources in the local forest. Choosing Selective Authentication will allow you to specify which users in the remote domain have access to local resources. Click Next. Enter a password for the trust and click Next.
      • If you chose One-Way Incoming in step 8 and This Domain Only in step 9, enter the password for the trust in the Trust Password and Confirm Password boxes. Click Next.
      • If you selected both domains (this domain and the selected domain) in step 9, a username and password box will appear to allow you to enter the username and password of an administrator account in the target forest. Click Next.
  11. On the next screen, verify all of your selections. When you click Next, the wizard creates the trust. Verify the settings of the new trust.
  12. Confirm the outgoing trust. Select Yes if you created both sides of the trust; select No if you did not.
  13. Click Finish in the Creating the Trust wizard.

The new trust will appear on the Trusts tab in the Properties dialog box for the domain.

VM Snapshot in VMware ESX Server – Points to consider

VM Snapshots are not backups. They are just a change log of the original virtual disk. These cannot be considered as backup. There are a number of different reasons that one might use a snapshot for. One of the most used reasons would be for a software upgrade as using a snapshot allows an easy rollback to the machine state prior to the upgrade. If you have some other reasons leave a comment.

  • The maximum supported amount in a chain is 32. However, VMware recommends only using 2-3 snapshots in a chain.
  • No single snapshot can be used for more than 24-72 hours.
    • This prevents snapshots from growing so large. This is because large snapshots cause issues when deleting/committing them to the original virtual machine disks. So the best method is to take the snapshot, make the necessary changes to the virtual machine, and delete/commit the snapshot as soon as proper working state of the virtual machine is verified.
    • Be especially careful and decisive with snapshot use on high-transaction virtual machines (such as email and database servers). These snapshots tend to grow in size very quickly, filling datastore space. Commit snapshots on these virtual machines as soon as you have verified the proper working state of the process you are testing.
  • If using a third party product that takes advantage of snapshots (such as virtual machine backup software), regularly monitor systems configured for backups to ensure that no snapshots remain active for extensive periods of time.
    • Snapshots should only be present for the duration of the backup process.
    • Snapshots taken by third party software (called via API) usually may not show up in the vCenter Snapshot Manager. Routinely check for snapshots via the command-line.
  • Lot of snapshots in a chain or large sized snapshots cause decrease in the virtual machine and host performance.

Extending Primary partition hard disk size of virtual machine in VMware ESX4.0

In this post I am going to illustrate how to extend hard disk on test VM (referred to as Increase_Space_VM) with a 10gig C: drive to a 25gig C: drive.
Increase_Space_VM == VM on which we want to increase disk space
Spare_VM == VM which is not in production usage and can be powered-on/powered-off at will
  1. Make complete backup, then shutdown Increase_Space_VM.
  2. Open ssh session to ESX host containing the Increase_Space_VM.  Change directory to /vmfs/volumes/<specific-LUN-holding-VMdisk-files>/<Increase_Space_VM>/
  3. Run command:  vmkfstools –X 25G Increase_Space_VM.vmdk
    -X specifies to extend the disk.  25G is the new *complete* size.  In my example, I started with a 10gig C: drive and I wanted to make it 25gig (25G).  
  4. Power off Spare_VM.  Edit settings on Spare_VM, adding Increase_Space_VM.vmdk as a second hard disk
  5. Power on Spare_VM.  Once booted into Windows, open a command prompt
  6. Once at the command prompt, run disk partition tool DISKPART. (see screenshot at end).
    Note, Disk 1 is shown at 25 GB, with 15GB free.  This is Increase_Space_VM’s C: drive, mounted as E: on Spare_VM.  10GB is in use, and can now be extended to 25GB total.  In the screenshot, you’ll see the syntax for selecting the proper disk, proper volume, and then typing extend.  Quit out of DISKPART and power-off Spare_VM
  7. Once Spare_VM is powered-off, Edit the settings to remove the 2nd hard-drive.
  8. Power on Increase_Space_VM.  Once booted up, C: will now be the full 25GB instead of 10GB.
Extending primary partition hard disk space in VMware ESX4.0


Welcome to my blog on Windows and Virtualization. I am working in a Data Center with real time experience on Windows and Virtualization domain. I have MCSE, MCTS, MCITP and VMWare VCP certifications. I face several challenges in my everyday job and find many tips and tricks that come in hand to resolve those challenges. In this blog, I am going to share those tips and tricks that have come handy to me during tight situations. Hoping that these tips would be helpful to all the Virtualization domain techs out there!! So, keep watching for tips here!