0% found this document useful (0 votes)

23 views394 pages

Propalm Admin Guide

This document is the Administrator Guide for Propalms Terminal Services Edition, detailing how to use the Management Console and troubleshoot issues. It provides an overview of the software's features, installation processes, and user management. The guide is intended for system administrators and includes information on licensing and compliance with copyright laws.

Uploaded by

jill.shilo

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

23 views394 pages

Propalm Admin Guide

Uploaded by

jill.shilo

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 394

Last Updated: 1 March 2013

Version 7.0

Page 1
©1999-2013 Propalms Ltd. All rights reserved.
The information contained in this document represents the current view of Propalms Ltd. on the issues
discussed as of the date of publication. Because Propalms Ltd. must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Propalms Ltd., and Propalms
Ltd. cannot guarantee the accuracy of any information presented after the date of publication.
This white paper is for informational purposes only. PROPALMS LTD. MAKES NO WARRANTIES,
EXPRESS OR IMPLIED, IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright, no part of this document may be reproduced, stored in or introduced into a
retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying,
recording or otherwise) or for any purpose, without the express written permission of Propalms Ltd.
Propalms Terminal Services Edition and Propalms Terminal Services Edition License Policy Manager
are trademarks or registered trademarks of Propalms Ltd. Microsoft and Windows are registered
trademarks of Microsoft Corporation. All other company, product and brand names are trademarks of
their respective owners.

Contact
Propalms Ltd.
The Catalyst,
Baird Lane,
York,
North Yorkshire,
YO10 5GA, U.K.
Technical Support
For technical queries, write to [email protected] or call +44 (0)1904 428760
General Enquiries
For general enquiries, write to [email protected].

Page 2
Propalms Terminal Services Edition
Administrator Guide

Abstract

This book explains how to get started with the

Management Console. It explains the concepts and
provides help for using the Management Console. It
also provides steps for troubleshooting. Further, it
provides help on using the Propalms Terminal
Services Edition Resource Kit. Additionally, this
guide provides information on installing the
Propalms Terminal Services Edition WBT add-on for
Windows CE-based Wyse terminals.
Contents

ABOUT THIS BOOK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

What’s in this book?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Intended audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Using this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Book conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Related resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Send us your comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Printing This Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

INTRODUCTION TO PROPALMS TERMINAL SERVICES EDITION . . . . . . . . . 4

What’s in this chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
What is Propalms Terminal Services Edition? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
What are the benefits for system administrators? . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Propalms Terminal Services Edition fits into your existing environment . . . . . . . . . 4
Propalms Terminal Services Edition facilitates session management . . . . . . . . . . . 5
Propalms Terminal Services Edition is simple to install and configure . . . . . . . . . . 5
Propalms Terminal Services Edition provides trouble-free object management. . . . 5
Propalms Terminal Services Edition enhances security . . . . . . . . . . . . . . . . . . . . . . 6
Propalms Terminal Services Edition facilitates operational-, capacity-, and strategic
planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Propalms Terminal Services Edition facilitates license management. . . . . . . . . . . . 6
What is server-based computing?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
What is application publishing? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

GETTING STARTED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
What’s in this chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Understanding the features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Application Server management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
System administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Application management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
User management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Metering, reporting, and logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
End-user experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Understanding feature considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Application Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Using a Windows Server 2003. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Using Windows Server 2008 / 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Propalms Terminal Services Edition Administrator Guide--1 March 2013 i

Contents

Using Windows Server 2012 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

What's New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

CONCEPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
What’s in this chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Secure product key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Types of product keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Activation mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Domain objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Active Directory synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Retrieving list of groups and OUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Retrieving application list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Connection settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Connection settings templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Delegated administrators in Propalms Terminal Services Edition . . . . . . . . . . . . 53
Delegated administrator tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Creating delegated administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Delegated administrators with multiple Admin roles . . . . . . . . . . . . . . . . . . . . . . . 55
Prerequisites and restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Client Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Printers and Client Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Managing Client Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Use case analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Deployment scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Single Port Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Traffic through Single Port Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Why choose port 443? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
SSL handshake. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Implementation details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Configuring a Relay Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Managing Certificate for SPR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Relay switch for Launch Pad. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Single Port Relay in DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
DMZ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
SPR in DMZ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Propalms Terminal Services Edition Administrator Guide--1 March 2013 ii

Contents

Traffic Through DMZ Single Port Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

DMZ Relay switch for Launch Pad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Installing the Single Port Relay (SPR) Server Role on a DMZ Server – Prerequisites76
Single Port Relay Server With DMZ Relay Server Role in the DMZ . . . . . . . . . . . 76
Single Port Relay Server with Cascaded Relays . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Implementation Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Relay Configuration and DMZ Relay Configuration . . . . . . . . . . . . . . . . . . . . . . . 81
DMZ Relay Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Cascaded Relay Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
DMZ SPR Resource Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Changing Identity of DMZ Server Components . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Displaying DMZ Server Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Changing DMZ Server Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Ticketing Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Proxy Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Customize application icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Application Grouping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Internet Client Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Manage Lockdown Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
View Lockdown Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Add Lockdown Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Update Lockdown Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Remove Lockdown Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Printer Driver Management Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
IFS and Printer Data Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Bandwidth Throttling Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Automated Administrator Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Change Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Connection Setting Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Java Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Native Windows Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Native Macintosh Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Deploying Propalms Terminal Services Edition roles. . . . . . . . . . . . . . . . . . . . . . 116
Role requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Server Identification in Propalms Terminal Services Edition . . . . . . . . . . . . . . . . 117
Web Server role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Load Balancer role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Relay Server role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Application Server role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Propalms Terminal Services Edition Administrator Guide--1 March 2013 iii

Contents

Local server install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Administrators and users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Local server install and domain users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Publishing a Windows Desktop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Steps for publishing a Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Security implications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Application Grouping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Update Icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
File associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Associating file extensions with applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
File associations and the user’s computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Interaction with other features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Security implications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Overriding file associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Launch Pad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Launch Pad features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Setting up the Launch Pad. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Client upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Forcing a download. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Pushing a client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Client on a computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
What is the Propalms Client? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Installing the Propalms Client and shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Configuring shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Propalms Terminal Services Edition printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
How Propalms Terminal Services Edition Unidriver printing works . . . . . . . . . . 142
UniDriver printing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Linking to printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Jobs framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
File handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Drive letter confusion on the client side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Security concern . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
System heartbeats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Heartbeat variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Propalms Terminal Services Edition Administrator Guide--1 March 2013 iv

Contents

Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Active session management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Session shadowing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Session disconnect and reconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Session log off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Achieving database redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Adding backup Database Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Uses of the Database redundancy feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Synchronization of the Backup Database Server . . . . . . . . . . . . . . . . . . . . . . . . . 158
Seamless windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Design principles and practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Features and security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
File logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Configuration settings for log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Rollover of log file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Propalms Terminal Services Edition — Basic Configurations . . . . . . . . . . . . . . 164
Single server configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Multi-server configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Advanced-server configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
HyperPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
HyperPrint client side print option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Web Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
TSE Web, TSE SPR and TSE DMZ-SPR redundancy using auto failover
feature in Propalms client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Client failover to other WEB server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Client failover to other SPR,DMZ-SPR server . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Configurable fall-back Web server for DMZ-SPR . . . . . . . . . . . . . . . . . . . . . . . . 172
Browser less access to applications using Propalms client . . . . . . . . . . . . . . . . . . 173
Linux Client Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
New Features In Propalms TSE 7.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
How To Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Building Custom Rdesktop-1.6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Mac Client Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
OverView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Native Client on Apple Macintosh. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Mac Client Installation Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Propalms Terminal Services Edition Administrator Guide--1 March 2013 v

Contents

USING THE CONSOLE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

What’s in this chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Management Console overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Management Console tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Common operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
What is application publishing? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Management Console Home tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Summary page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Getting Started page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Log On page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Download page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Product Keys page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
About page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Management Console Manage tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Manage summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Manage applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Add application to Propalms Terminal Services Edition. . . . . . . . . . . . . . . . . . . . 196
Add Common applications to Propalms Terminal Services Edition . . . . . . . . . . . 200
Add Multiple applications to Propalms Terminal Services Edition . . . . . . . . . . . 204
Update application properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Remove applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Update file associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Update icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Add applications to servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Remove applications from servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Add applications to groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Remove applications from groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Add applications to OUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Remove applications from OUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Add applications to users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Remove applications from users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Remove Folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Manage servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Add a server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Update server profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Change server status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Diagnose server condition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Remove a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Add roles to a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Remove roles from a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Add applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Propalms Terminal Services Edition Administrator Guide--1 March 2013 vi

Contents

Remove applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Add Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Remove Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Printer Driver Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Virtual IP management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Update content redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Native RDP to Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Manage content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Add content to Propalms TSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Update content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Remove content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Add content to groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Remove content from groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Add content to OUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Remove content from OUs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Add content to users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Remove content from users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Manage groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Add a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Remove a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Synchronize a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Add applications to a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Remove applications from a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Add Folder to assign applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Remove Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Update Lockdown Policy for group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Manage OUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Add an OU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Remove an OU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Synchronize an OU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Add applications to an OU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Remove applications from an OU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Update Lockdown Policy for group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Manage users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Add a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Remove a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Add applications to a user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Remove applications from a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Add Folder to assign applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Remove Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Manage domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Propalms Terminal Services Edition Administrator Guide--1 March 2013 vii

Contents

Add a domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Remove a domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Synchronize a domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Manage Client Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Add Client Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Update Client Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Update filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Remove Client Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Add applications to a Client Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Remove applications from a Client Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Add printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Set default printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Remove printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Add clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Remove clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Manage connection settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Add setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Update setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Remove setting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Select default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Manage Admin Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Add role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Remove role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Update role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Update delegated admin group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Add delegated admin users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Remove delegated admin users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Add groups to be controlled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Remove groups to be controlled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Add OUs to be controlled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Remove OUs to be controlled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Manage Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Automated Administrator Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Add Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Remove Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Update Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Update Schedule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Add Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Remove Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Manage Network Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Propalms Terminal Services Edition Administrator Guide--1 March 2013 viii

Contents

Add Network Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Remove Network Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Management Console Monitor tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Overview page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Load Balancer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Database Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Relay Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
DMZ Relay Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Job Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Management Console Reports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Overview page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Sessions report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Printer Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Applications report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Users report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Clients report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Servers report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Audit Log report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Product Key report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Management Console Options tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Overview page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
User options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Administrator options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Load Balancer options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Database Servers options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Relay Servers options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
DMZ Relay Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Cascaded Relay Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
TS Gateway options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
System options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Lockdown Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
TSE Notifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

TROUBLESHOOTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
What’s in this chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Troubleshooting Propalms Terminal Services Edition . . . . . . . . . . . . . . . . . . . . . 285
Application-specific issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Office XP application remains running after closing it . . . . . . . . . . . . . . . . . . . . 286
User-specific issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Add user fails. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Propalms Terminal Services Edition Administrator Guide--1 March 2013 ix

Contents

User logon fails with “null” error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Logon fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
SSL enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Internet Explorer on Windows 95 client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Propalms Terminal Services Edition version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Locating the version number for the Propalms Terminal Services Edition software289
Locating the server-side Propalms Connection Manager version . . . . . . . . . . . . 290
Active directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Application list refresh based on group membership . . . . . . . . . . . . . . . . . . . . . . 291
Client download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Considering administrative rights for the client computer . . . . . . . . . . . . . . . . . . 291
Understanding the contents of the client computer’s download . . . . . . . . . . . . . . 291
Understanding the size of Client components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Understanding why a user cannot log on to the Propalms Terminal Services Edition Launch
Pad. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Corrupt installation detected error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Client problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Application Server’s screen saver appears on the client computer. . . . . . . . . . . . 293
Client OS support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Application launch hangs at Connecting to Application Server message. . . . . . . 294
Support for dial-up connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Launch Pad Favorites page is not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Painting issue with Microsoft’s Office Assistant . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Application launch fails with Server Not Available error . . . . . . . . . . . . . . . . . . . 296
Copy and paste large files or bitmaps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Desktop Windows commands and seamless windows mode . . . . . . . . . . . . . . . . . 297
Removing user name and domain from Wyse terminals . . . . . . . . . . . . . . . . . . . . 298
Non-existent printer issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Second application launch from CE device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Specifying a command parameter for an application . . . . . . . . . . . . . . . . . . . . . . 299
Disconnecting a user versus logging off a user. . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Configuring published addresses for use with private/public networks . . . . . . . . 300
Running Propalms Terminal Services Edition with an ISA server . . . . . . . . . . . . 301
Cannot locate application executable when launching an application. . . . . . . . . 302
Installing Propalms Terminal Services Edition on a domain controller . . . . . . . . 302
After installing the Application Server role, the server “blue screens” . . . . . . . . 303
Time-outs when using the Management Console . . . . . . . . . . . . . . . . . . . . . . . . . 303
Cannot add groups from other domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Changing the User Profiles storage location on an Application Server . . . . . . . . 305
Configuring SSL for the Management Console and Launch Pad sites . . . . . . . . . 306

Propalms Terminal Services Edition Administrator Guide--1 March 2013 x

Contents

Supporting multiple domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Settings Test failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Reconnecting a session after a client loses its network connection . . . . . . . . . . . 307
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Cannot upgrade Propalms Terminal Services Edition . . . . . . . . . . . . . . . . . . . . . 308
“Join Team” installation fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Explaining load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
All application sessions are being sent to one server . . . . . . . . . . . . . . . . . . . . . . 309
Explaining load limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Launching spawned applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Domain-specific issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Add Active Directory domain running on Windows Server 2003 from a different
forest fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing the ports on which Propalms Terminal Services Edition runs . . . . . . . 311
Identifying ports that must be opened on the client side for Propalms Terminal Services
Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Configuring Propalms Terminal Services Edition for use with a firewall . . . . . . 312
Identify the ports that must be opened on the server side . . . . . . . . . . . . . . . . . . . 313
Product keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
IFSPort.dll fails to register during the install . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Finding your Product keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Managing your Product Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Expiry dates and product keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Unable to add product key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Local file saving and printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Enabling/Disabling local file saving and printing . . . . . . . . . . . . . . . . . . . . . . . . 316
Using local file saving. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
A user cannot save to a local drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Printer Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Adding new driver files to existing directories . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Seamless windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Changing the client screen resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Server problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Terminal Server license error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
The icon for the application is incorrect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Primary Database Server is down. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Propalms Terminal Services Edition Administrator Guide--1 March 2013 xi

Contents

Add server fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

Server shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Installs on remote servers fail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Diagnose Server error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Incorrect Application Server Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
“Object Expected” Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Dashboard page does not work on Windows 2012 . . . . . . . . . . . . . . . . . . . . . . . . 322
Server roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Problems adding the Application Server role . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Propalms Terminal Services Edition Server roles . . . . . . . . . . . . . . . . . . . . . . . . . 323
Shadowing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
A single session can only be shadowed once. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Shadowing privileges and permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Notifying end users of session shadowing bids . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Using a WTS Client for shadowing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Explaining the timing of shortcut creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
File associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
File associations do not work as expected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
IFS error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Launch Failed error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Load Balancing Failed error. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Correct icons not displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
SQL server connection problem after an upgrade . . . . . . . . . . . . . . . . . . . . . . . . 329
Windows Terminal Services settings and seamless windows . . . . . . . . . . . . . . . . 330
A WTS session cannot launch application in an NT 4 environment . . . . . . . . . . . 330
Windows Terminal Services session with seamless windows . . . . . . . . . . . . . . . . 330
Launch Pad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Slow logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
IE setting for SharePoint server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Security settings error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Work around for print drivers listed as bad drivers in the Propalms TSE system333
Some important tips for a stable Propalms TSE DMZ-SPR role installation . . 335
Creating static print driver mapping through the PDM utility . . . . . . . . . . . . . . 337
Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

INSTALLING WBT ADD-ON FOR WYSE CE 2.12 OR WYSE CE .NET WITH

RAPPORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
What’s in this chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

Propalms Terminal Services Edition Administrator Guide--1 March 2013 xii

Contents

Using Rapport to push the Propalms Terminal Services Edition TSE add-on . . . 341

INSTALLING PROPALMS TERMINAL SERVICES EDITION TSE CLIENT ON

EMBEDDED TERMINALS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
What’s in this chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Known problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Write Filter Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Problems loading the Propalms Terminal Services Edition TSE Client software. 347
Shortcuts not created . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

INSTALLING WBT ADD-ON FOR WINDOWS CE .NET-BASED WYSE TERMINALS

349
What’s in this chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Installing Propalms Terminal Services Edition TSE WBT add-on for Wyse/WinCE .NET349

PROPALMS TERMINAL SERVICES EDITION RESOURCE KIT . . . . . . . . . . 360

What’s in this chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Propalms Terminal Services Edition Resource Kit. . . . . . . . . . . . . . . . . . . . . . . . 360
Installing the Propalms RK. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Understanding the Propalms RK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Exploring the Propalms RK. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Specifying options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Printing information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Checking administrator rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Stopping a command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Using the Propalms RK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Generating a transformed client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Synchronizing domain information with Task Scheduler . . . . . . . . . . . . . . . . . . . 364
Altering the Propalms Terminal Services Edition Identity account . . . . . . . . . . . 365
Adjusting the ports used by the Propalms Terminal Services Edition web sites . . 365
Migrating to a new Propalms Terminal Services Edition Database server . . . . . 365
Reporting a support incident. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Writing advance command lines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Specifying multiple commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Looping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Passing information between commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Branching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

Propalms Terminal Services Edition Administrator Guide--1 March 2013 xiii

Contents

Working with other tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

Putting it all together. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

ABOUT US. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

What’s in this chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
About Propalms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
About Propalms Terminal Services Edition from Propalms . . . . . . . . . . . . . . . . 370
Other sources of information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
PROPALMS TERMINAL SERVICES EDITION CLIENTS. . . . . . . . . . . . . . . . 371
What’s in this appendix? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Propalms Terminal Services Edition Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
ABBREVIATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
What’s in this appendix? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
COM+ COMPONENTS AND PROPALMS TERMINAL SERVICES EDITION SERVICES
375
What’s in this appendix? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
COM+ Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Propalms Terminal Services Edition Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Propalms Terminal Services Edition Administrator Guide--1 March 2013 xiv

About This Book
What’s in this book?

About This Book

What’s in this book?

This book explains how to get started with the Management Console. It explains the concepts and
provides help for using the Management Console. It also provides steps for troubleshooting.
Further, it provides help on using the Propalms Terminal Services Edition Resource Kit.
Additionally, this guide provides information on installing the Propalms Terminal Services Edition
WBT add-on for Windows CE-based Wyse terminals.

Intended audience
This guide is for system and database administrators, and other persons who are responsible for
deploying and administering Propalms Terminal Services Edition.
This guide assumes you are familiar with the following:
• Microsoft Windows Server 2003 Operating System
• Microsoft Windows Server 2008 / 2008 R2 (Longhorn) Operating System
• Microsoft Windows Server 2012 Operating System
• Microsoft SQL Server 7, SQL Server 2005 or SQL Express
• Basic Web Server administrative functions

Using this book

This book is organized as follows:
TABLE 1. Contents and description
Chapter/Appendix Brief Description
"Introduction to Propalms This chapter presents an overview of Propalms Terminal Services
Terminal Services Edition" Edition from Propalms. It explains Propalms Terminal Services Edition
and the benefits that you can derive from using Propalms Terminal
Services Edition.
"Getting Started" This chapter lists Propalms Terminal Services Edition features and
helps you get started with the product. At a high level, this section
identifies features, explains when to use them, how they work, and
what you need to consider as you use them.
"Concepts" This chapter explains the terms and concepts you should be familiar
with to be able to use Propalms Terminal Services Edition applications
effectively. This is the section that can answer questions such as how
does Propalms Terminal Services Edition do this and why does
Propalms Terminal Services Edition do that.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 1

About This Book
Using this book

TABLE 1. Contents and description

Chapter/Appendix Brief Description
"Using the Console" This chapter provides step-by-step procedures for using the
Management Console to administer the Propalms Terminal Services
Edition system.
" Troubleshooting" This chapter presents information about situations you may encounter
and it also explains how to work with any related issues.
"Propalms Terminal Services This chapter provides information about the Propalms Terminal
Edition Resource Kit" Services Edition Resource Kit and using the RK commands.
"About Us" This chapter provides information about Propalms and Propalms
Terminal Services Edition.
"Propalms Terminal Services This appendix provides information on Propalms Clients. It tabulates
Edition Clients" the Propalms Terminal Services Edition features along with their
availability for various client operating systems.
"Abbreviations" This appendix lists some common relevant abbreviations.
"COM+ Components and This appendix lists the Propalms Terminal Services Edition Services
Propalms Terminal Services and the COM+ Components.
Edition Services"

Book conventions
Book conventions used throughout this book are as follows:
TABLE 2. Book Conventions in this Book
This… Indicates...
Abbreviated menu Menu commands in text may be abbreviated rather than
command full. For example, the text may ask you to click
Download, and the screen may show a Download
Now button.
Successive menu Successive menu choices may appear with a greater than
choices sign (>) between the items that you will select
consecutively.
Bold text This shows the names of menu items, dialog boxes,
dialog box elements, and commands.
Courier text Code examples appear in courier text. It may represent
text you type or data you read.
<variable name> Variables that you must place in a text may appear
between a greater-than and a lesser-than sign. When you
type the command, replace this string with your own
information. For example, for C:\Document and
Settings\<your name>\Start Menu, John Smith might type
something like C:\Document and
Settings\JohnSmith\Start Menu.
Text in italics Reference to other documents.

NOTE
Notes contain additional useful information. Pay special attention to information
highlighted this way.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 2

About This Book
Using this book

Related resources
The following books make up the complete Propalms Terminal Services Edition documentation.
• Propalms Terminal Services Edition Installation Guide
• Propalms Terminal Services Edition Administrator Guide
• Propalms Terminal Services Edition User Guide

Send us your comments

Send us your comments on the Propalms Terminal Services Edition™ Administrator Guide,
version 7.0.
Propalms Ltd. welcomes your comments and suggestions on the quality and usefulness of this
publication. Your feedback is an important part of the information used for updating documentation.
Please send us your input regarding any of the following:
• Did you find any errors?
• Is the information clear?
• Do you need more information? If so, where should it be?
• Are the examples correct? Do you want more examples?
• What features of this manual did you like?
If you find any errors or have any other suggestions to improve the quality of this publication,
please indicate the chapter, section, and page number (if available).
You can submit comments to us in the following ways:
• Email [email protected]
• FAX:
+44 (0)1904 428760
Attn: Technical Publications
• Mail:
Technical Publications
Propalms Ltd.
The Catalyst,
Baird Lane,
York,
North Yorkshire,
YO10 5GA, U.K.
If you would like a reply, please include your name, address, and telephone number.

Printing This Book

This guide is optimized for printing on Letter page size (8.5 inches by 11 inches). If you would like
to print on any other page size, select the Fit to page check box in the Print window before you
print this guide.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 3

Introduction to Propalms Terminal Services Edition
What’s in this chapter?

Introduction to Propalms Terminal Services

Edition

What’s in this chapter?

This chapter presents an overview of Propalms Terminal Services Edition™ from Propalms®. It
explains Propalms Terminal Services Edition and the benefits that you can derive from using
Propalms Terminal Services Edition.

What is Propalms Terminal Services Edition?

Propalms Terminal Services Edition is an application-delivery management program that works
within the network-centric, server-based computing paradigm.
It is a server- and web-based computing solution that offers application provisioning and
environment configuration from one familiar, easy-to-use Management Console.
With Propalms Terminal Services Edition you can use your application delivery resources more
efficiently to achieve high-performance, cost-effective application delivery that is easy to deploy
and manage.
Propalms Terminal Services Edition provides a cost-effective, intelligent, application-management
solution for reducing the cost of deploying and maintaining application software.
What is a Propalms Terminal Services Edition team?
A Propalms Terminal Services Edition team is a group of Propalms Terminal Services Edition
servers working together to provide a highly scalable and distributed Propalms Terminal Services
Edition environment.
To create a Propalms Terminal Services Edition team, you need to install the Propalms Terminal
Services Edition Server software on the Web Server. After this, you can bring other servers into the
Propalms Terminal Services Edition team. All configuration information related to the servers in a
Propalms Terminal Services Edition team is stored in a single database, which is also a part of the
Propalms Terminal Services Edition team.

What are the benefits for system administrators?

This section explains the ways in which a system administrator benefits by using Propalms
Terminal Services Edition.

Propalms Terminal Services Edition fits into your existing environment

Propalms Terminal Services Edition integrates into your existing enterprise environment by
supporting the following:
• Microsoft’s Active Directory or Microsoft’s NT 4.0 Windows based domains

Propalms Terminal Services Edition Administrator Guide--1 March 2013 4

Introduction to Propalms Terminal Services Edition
What are the benefits for system administrators?

• Netscape or Internet Explorer Web browsers

• Microsoft IIS Web servers
• Microsoft SQL Server 7, Microsoft SQL Server 2005 or SQL Express databases
• Windows Terminal Server for Microsoft Windows Server 2003, Microsoft Windows Server
2008 / 2008 R2, Microsoft Windows Server 2012

Propalms Terminal Services Edition facilitates session management

Propalms Terminal Services Edition provides powerful tools to help your system administrators
manage active sessions.
Using Propalms Terminal Services Edition, a system administrator can do the following:
• View real-time dynamic data about active sessions
• Set thresholds to automatically permit, deny, or time-out a session
• Shadow, disconnect, log off, or send messages to one or more sessions
• Utilize and control load balancing on server teams
• Manage the number of sessions spawned for an application
• Manage file associations for applications
• Create delegated administrators to administer the system
• Create client groups based on specified criteria and assign applications, printers, and
connection settings to the client groups

Propalms Terminal Services Edition is simple to install and configure

Propalms Terminal Services Edition resides in a complex environment; however, we have made
Propalms Terminal Services Edition easy to setup and configure.
After completing the installation, a Propalms Terminal Services Edition administrator can quickly
and easily configure the Propalms Terminal Services Edition system using the Web-based
Management Console. The Management Console allows administrators to manage applications,
domains, groups, OUs, client groups, servers, users, and other aspects of the Propalms Terminal
Services Edition system.

Propalms Terminal Services Edition provides trouble-free object management

With Propalms Terminal Services Edition, object management is simple and powerful. Propalms
Terminal Services Edition offers sophisticated administrative tools to provision, configure, monitor,
and report on objects, their attributes, behaviors, and relationships.
To accomplish this, Propalms Terminal Services Edition works with your existing domain structure
so that you can use only those objects within the Propalms Terminal Services Edition system that
are valid within the existing corporate domain.
Adding a domain object from the existing domain to Propalms Terminal Services Edition is simple.
Propalms Terminal Services Edition provides a wizard that displays a list of existing domain
objects. A Propalms Terminal Services Edition administrator selects the object to use in the
Propalms Terminal Services Edition application delivery environment by selecting the check box
beside the object.
Maintaining domain objects in Propalms Terminal Services Edition is simple. Propalms Terminal
Services Edition provides simple controls to synchronize the objects. Therefore, as the corporate
domain administrator updates information, Propalms Terminal Services Edition can reflect the
relevant information to your Propalms Terminal Services Edition environment.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 5

Introduction to Propalms Terminal Services Edition
What is server-based computing?

Propalms Terminal Services Edition enhances security

Propalms Terminal Services Edition uses many features that enhance security. To help your
system administrators keep your environment safe, Propalms Terminal Services Edition offers
different levels and types of encryption, password and ID management, various types of launch
and connection controls, and different types of compression.

Propalms Terminal Services Edition facilitates operational-, capacity-, and

strategic planning
Propalms Terminal Services Edition provides information about your application delivery resources
(CPU and memory) and their consumption. This information helps Propalms Terminal Services
Edition administrators make informed decisions about the current and future allocation of
resources.
Propalms Terminal Services Edition provides object- and session-level metrics to help Propalms
Terminal Services Edition administrators answer questions such as who is using which resources
when. Using these metrics, the Propalms Terminal Services Edition administrators can evaluate
the sufficiency of the configured resources. For example, they can see the most frequently used
applications, see the peak number of concurrent sessions, and determine if you have too many or
too few application licenses.
Propalms Terminal Services Edition provides the data that you require to understand application
usage trends. You can develop resource utilization targets, monitor application use, reallocate
application delivery resources, and recognize when additional resources are required. In short, the
Propalms Terminal Services Edition administrator obtains the data that is required to justify current
resource allocation or reallocation, or to support planned resource acquisitions.

Propalms Terminal Services Edition facilitates license management

Propalms Terminal Services Edition provides tools to control the number of concurrent sessions.
Propalms Terminal Services Edition helps you meet your corporation’s obligation to offer validly
licensed applications sessions. Propalms Terminal Services Edition does this by monitoring the
active application sessions against the concurrent third-party application licenses. In this way,
Propalms Terminal Services Edition ensures that your corporation can comply with its third-party
application contracts.

What is server-based computing?

In a server–based computing model, application processing happens on centralized servers. The
application runs from the server, but displays on the client computers. This gives less powerful
client computers access to resource-intensive applications without having to upgrade the client
hardware.
Administrators can install applications and upgrade existing applications without having to touch all
the desktops.
Server-based computing provides businesses ways to reduce PC expenses while enhancing
security and resource availability.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 6

Introduction to Propalms Terminal Services Edition
What is application publishing?

What is application publishing?

Application publishing permits you to control application access to users, groups, and
organizational units.
Once you have added an application into the system, you can provision this application to your
users. Using Propalms Terminal Services Edition, you can provision applications to Domain
Groups, Domain Organizational Units, and Domain Users.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 7

Getting Started
What’s in this chapter?

Getting Started

What’s in this chapter?

This chapter lists Propalms Terminal Services Edition features and helps you get started with the
product. At a high level, this section identifies features, explains when to use them, how they work,
and what you need to consider as you use them.

Overview
Propalms Terminal Services Edition™ from Propalms® enables system administrators to manage
users, Application Servers, and centrally hosted Windows applications in a way that is simple,
intelligent, and cost effective.
This section provides a list of features provided by Propalms Terminal Services Edition. This list
aggregates features by business function.

Understanding the features

Developed by a team that includes experienced system administrators and data center managers,
our products are designed with your needs in mind. Propalms Terminal Services Edition is
designed to be intuitive and focused on the critical features required to gain the greatest
efficiencies. Key features of Propalms Terminal Services Edition follow.

Application Server management

• Resource-based application-level load balancing
• One-click scalabilityTM of Propalms Terminal Services Edition components to any server “on-
the-fly”
• Built-in redundancy of Propalms Terminal Services Edition components for multiple servers
• Real-time monitoring and management of server health from the console
• Full featured Terminal Services Web interface

System administration
• Central management of servers, applications, and users using Web-based Management
Console
• Delegated administration
• High-performance UniDriver to eliminate printer driver conflict
• Self diagnostics of system functionality and user errors
• Command line tool for system maintenance

Propalms Terminal Services Edition Administrator Guide--1 March 2013 8

Getting Started
Understanding the features

Application management
• One-click application publishing to users, groups, and organizational units (OUs)
• Support for multiple applications per RDP connection
• Intelligent file association
• Location-based application launch settings (for example, printer mapping)
• License management of third party applications

User management
• Central user authentication and access
• Propalms Client Policy EngineTM
• Dynamic, user-specific application shortcuts
• MSI based-seamless client deployment
• Auto download and version control of Microsoft RDP client

Metering, reporting, and logging

• Metering and reporting of application usage by user, client computers, and servers
• Peak concurrent usage by system and applications
• Exportable reports (for example, Microsoft Excel)
• Application usage metering and license management from published desktop
• Comprehensive audit trails and logs

Security
• Encryption of all sensitive information
• Propalms Terminal Services Edition Relay Server for easy firewall traversal via a single,
configurable port
• Secure Terminal Server access
• Terminal Server lock-down to prevent uncontrolled sessions
• Location-based security policies (for example, shortcuts)
• Support for RSA SecureID authentication

End-user experience
• Seamless windows - applications operate seamlessly without Terminal Server frame
• Applications access via desktop shortcuts, Windows Start menu, documents with file
associations, or browser-based via the Propalms Terminal Services Edition Launch Pad
• Local and network file saving
• Local, server, and network printing with client default printer support
• Automatic log-on and pass-through authentication
• Click-n-Go™ (one-click disconnect of active applications)
• Multiple IFS connections from a single client

Propalms Terminal Services Edition Administrator Guide--1 March 2013 9

Getting Started
Understanding feature considerations

Understanding feature considerations

This section highlights limitations that may affect your use of some Propalms Terminal Services
Edition features.
You need to consider this when you are planning the distribution of applications across application
delivery servers or distributing Propalms Terminal Services Edition roles to servers.

Application Servers
In Propalms Terminal Services Edition v7.0, the Application Server role, like all other roles, can be
configured on Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition
and Windows Server 2008 / 2008 R2, Windows Server 2012.

Configuration overview
Before you begin, ensure that Propalms Terminal Services Edition has been installed only for 2003
Server.
Propalms Terminal Services Edition supports three servers: Windows Server 2012, Windows
Server 2008/2008 R2 and Windows Server 2003.

NOTE
TSE pre-requisites needs to be installed on Windows Server 2003 before installing
Propalms TSE 7.0.

Using a Windows Server 2003

If you are using Windows Server 2003, you need to have the following installed:
• IIS 6, if the server will be a Web Server
• MDAC 2.8 or above
• Terminal Services configured in Application Server Mode if the server will be an Application
Server
If you are using Windows Server 2003, you need to do the following before you install Propalms
Terminal Services Edition.
• Install some Windows components
• Configure administrative settings for the server
• Start some services
The sections that follow discuss these in detail.
Installing the required Windows components
You need to add the Internet Information Services (IIS) along with support for Active Server Pages
(ASP) if the server is to function as a Web Server. You need to add the WMI Windows Installer
Provider on any additional servers, if you want to add servers to your team from the Console. In
addition, you need to add the Terminal Server if the server is to function as an Application Server
to allow the users to access the server.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 10

Getting Started
Configuration overview

NOTE
The Windows operating system CD should be present in the CD-ROM when you add
these Windows components.

1. Select Start>Control Panel>Add or Remove Programs.

2. In the Add or Remove Programs dialog box, click Add/Remove Windows Components.
The Windows Components wizard is launched.
To add support for ASP on the computer you will be using as the Web Server:
1. In the Windows Components panel of the Windows Components wizard, select the
Application Server check box and click Details.
2. In the Application Server window, select the Internet Information Services (IIS) check
box and click Details.
3. In the Internet Information Services window, select the World Wide Web Service check
box and click Details.
4. In the World Wide Web Service window, select the Active Server Pages check box and
click OK three times to return to the Windows Components wizard.
To add support for the installer used to install Propalms Terminal Services Edition on any additional
servers through the Console:
1. In the Windows Components panel of the Windows Components wizard, select the
Management and Monitoring Tools check box, and click Details.
2. In the Management and Monitoring Tools window, select the WMI Windows Installer
Provider check box and click OK to return to the Windows Components wizard.
To install the Terminal Server on the computer you will be using as an Application Server:
1. In the Windows Components panel of the Windows Components wizard, select the
Terminal Server check box, and click Next to install it. Follow the instructions in the
wizard.
2. Select the Relaxed Security option.
3. Click Finish to complete the installation of the Terminal Server and close the Windows
Components wizard.
4. Close the Add or Remove Programs window.
Configuring administrative settings
You need to configure the security settings for the COM+ component to allow distributed
transactions over the network on the Database Server, verify that the group that you want to set as
the Propalms Terminal Services Edition Administrator group during the installation is in the
Administrators group on the server now.
1. Select Start > Settings > Control Panel > Administrative Tools.
2. The Administrative Tools window opens.
To configure the COM+ component on the computer you will be using as the Database Server:
1. In the Administrative Tools window, double-click Component Services.
2. In the Component Services window, expand Component Services>Computers in the
left pane to display the configured computers.
3. Right-click My Computer and select Properties from the shortcut menu.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 11

Getting Started
Configuration overview

4. Click the MSDTC tab and click Security Configuration.

NOTE

You may need to wait for a few seconds as the MSDTC tab may take some time to
appear.

5. Select the Network DTC Access check box and verify that the Network Administration,
Network Client Access, and the Network Transactions check boxes are selected.
6. Click OK twice to save your settings.
To verify the existence of the Propalms Terminal Services Edition administrator group in the
Administrators group on a server:
1. In the Administrative Tools window, double-click Computer Management.
2. Expand Local Users and Groups in the left pane, and select Groups.
3. Double-click Administrators in the left pane to open the Administrators Properties
dialog box.
4. Verify that the group you want to specify as the Propalms Terminal Services Edition
administrators group during Propalms Terminal Services Edition installation is in the
Members list and click OK.
Starting the required services
You need to start the Theme and Windows Audio services on the Application Servers — if the
applications are likely to use these services — before you install Propalms Terminal Services
Edition.
1. In the Administrative Tools window, double-click Services.
2. In the right pane of the Services window, double-click Themes to open the Themes
Properties dialog box.
3. Select Automatic from the Start-up type list and click Apply.
4. Click Start to start the service.
5. Click OK.
6. In the right pane of the Services window, double-click Windows Audio to open the
Windows Audio Properties dialog box.
7. Repeat Steps 3 to 5.
8. Close the Services window, and then close the Administrative Tools window.

Using Windows Server 2008 / 2008

R2
If you are using Windows Server 2008 / 2008 R2, you need to have the following installed:
• IIS 7, if the server will be a Web Server
• Terminal Services configured in Application Server Mode if the server will be an Application
Server
• Application Server with COM+ Network Access
• Start some services

Propalms Terminal Services Edition Administrator Guide--1 March 2013 12

Getting Started
Configuration overview

The sections that follow discuss these in detail.

Installing the required Windows roles, services and features
You need to add the Internet Information Services (IIS) along with support for Active Server
Pages (ASP), ASP.NET and IIS 6 Metabase Compatibility if the server is to function as a Web
Server. In addition, you need to add the Terminal Server if the server is to function as an
Application Server to allow the users to access the server.
1. Start Server Manager and click on Add Roles.
2. Add Role wizard box appears. Skip that box and click Next.
3. Select Server Roles i.e. Application Server, Terminal Services and Web Server (IIS).
4. The Terminal Services screens will commence and an introduction box which provides
information pertaining to Terminal Services will appear. Click Next.
5. Select Terminal Server and Click Next.
6. The box for Authentication Method for Terminal Server appears. Select the second option
and click Next.
7. Select your preference for the Licensing Mode and Click Next.
8. Select user groups whom you want give access to TS by clicking on the Add button.
9. A box that provides information related to the Application Server appears. Click Next.
10. Select COM+ Network Access and Click Next.
11. A box that provides information about Web Server (IIS) will then appear. Click Next.
12. Select ASP.NET.
13. After selecting ASP.NET a box will appear which will prompt you to Add the required role
services. Click on Add required role services.
14. After the selection of ASP.NET select ASP and IIS 6 Metabase Compatibility and click
Next.
15. A box appears which asks for a confirmation of the installation selections. Click on Install.
16. The “Installation Progress” box will be displayed
17. At the end of the installation, the installation results box will appear. Click on the close
button. Your machine will be restarted.
Configuring administrative settings
You need to configure the security settings for the COM+ component to allow distributed
transactions over the network on the Database Server. Verify that the group that you want to set as
the Propalms Terminal Services Edition Administrator group during the installation is in the
Administrators group on the server now.
1. Select Start>Settings>Control Panel>Administrative Tools.
2. The Administrative Tools window opens.
To configure the COM+ component you will be using as the Database Server:
1. In the Administrative Tools window, double-click Component Services.
2. In the Component Services window, expand Component Services>Computers >
Distributed Transaction Coordinator in the left pane to display the configured local DTC
computers.
3. Right-click Local DTC, and select Properties from the shortcut menu.
4. Click on Security in the box that appears..

Propalms Terminal Services Edition Administrator Guide--1 March 2013 13

Getting Started
Configuration overview

5. Select the Network DTC Access check box and verify that the Client and
Administration, Transaction Manager Communication and the Network Transactions
check boxes are selected and Click on Apply.
To verify the existence of the Propalms Terminal Services Edition administrator group in the
Administrators group on the server:
1. In the Administrative Tools window, double-click Computer Management.
2. Expand Local Users and Groups in the left pane, and select Groups.
3. Double-click Administrators in the left pane to open the Administrators Properties
dialog box.
4. Verify that the group you want to specify as the Propalms Terminal Services Edition
Administrators group during Propalms Terminal Services Edition installation is in the
Members list and click OK.
Starting the required services
You need to start the Theme and Windows Audio services on the Application Servers — if the
applications are likely to use these services — before you install Propalms Terminal Services
Edition.
1. In the Administrative Tools window, double-click Services.
2. In the right pane of the Services window, double-click Themes to open the Themes
Properties dialog box.
3. Select Automatic from the Start-up type list and click Apply.
4. Click Start to start the service.
5. Click OK.
6. In the right pane of the Services window, double-click Windows Audio to open the
Windows Audio Properties dialog box.
7. Repeat Steps 3 to 5.
8. Close the Services window, and then close the Administrative Tools window.

Using Windows Server 2012

If you are using Windows Server 2012, you need to have the following installed:
• IIS 8, if the server will be a Web Server
• Remote Desktop Services configured in Application Server Mode if the server will be an
Application Server
• Application Server with COM+ Network Access
• Start some services
The sections that follow discuss these in detail.
Installing the required Windows roles, services and features
You need to add the Internet Information Services (IIS) along with support for Active Server
Pages (ASP), ASP.NET and IIS 6 Metabase Compatibility if the server is to function as a Web
Server. In addition, you need to add the Terminal Server if the server is to function as an
Application Server to allow the users to access the server.
1. Start Server Manager Select Dashboard and, click on Add Roles.
2. Before you begin page will appeared, skip that page and click Next.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 14

Getting Started
Configuration overview

3. The server selection page will appear, click Next.

4. On Server Roles page Select Application Server, Remote Desktop Services and Web
Server Role. The Add Roles and Features Wizard will bring up, Click Add Features and
Procceed further.

5. On the Features page select check box .Net Framework and Features, also choose .Net
Framework 3.5 (Includes .Net 2.0 and 3.0).
6. When application server page appears click Next.
7. On Role Services page Make select COM+ Network access. Select all check box under
Distributed Trasactions i.e. WS-Atomic Transaction, Incomming Network Transaction and
Outgoing Network Transactions.
8. Select your preference for the Licensing Mode and Click Next.
9. Click Next when Remote Desktop Services page appears and Roles service page
will be shown. Click Next.
10. Select check box in front of Remote Desktop Session Host.
11. Click Add Feature for box appeared for Remote Desktop Session Host.
12. Now Web Server Role (IIS) page will be show, click next to add Role Services.
13. You will see some check box already selected. On the same page, Expand Application
Devlopment check box in tree and select .Net Extensibility 3.5, ASP and ASP.NET 3.5.
Click Add Feature for every box you'll see while enabling these options..
14. If you expand Management Tools option, you will see IIS 6 Management Compatibility
option enable both 'IIS 6 Management Compatibility' option in subtree.
15. Click Next, You can specify extra source for installation, specify the path and Click
on Install.
16. You will installation progress on screen.When the installation is completed, If you have
selected 'Restart if required' then server will be rebooted or else, you have to manually
restart server.
17. At the end of the installation, the installation results box will appear. Click on the close
button. Your machine will be restarted.
Configuring administrative settings
You need to configure the security settings for the COM+ component to allow distributed
transactions over the network on the Database Server. Verify that the group that you want to set as
the Propalms Terminal Services Edition Administrator group during the installation is in the
Administrators group on the server now.
1. Start > Administrative Tools click on Component Services.
2. On RHS go to Local DTC which you will find under Component Services > Computers > My
Computers > Distributed Transaction Coordinator.
3. Right Click on Local DTC select Properties and go to Security tab.
4. Under Security Setting enable Network DTC Access. Also confirm Allow Remote Clients,
Allow Remote Administration, Allow Inbound, Allow Outbound and Enable XA Transactions
these check boxes are enabled or selected.
5. On the same tab select 'No Authentication Required' radio button.
6. Click Apply when setting are done. After applying these setting MSDTC will be restarted.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 15

Getting Started
What's New

To verify the existence of the Propalms Terminal Services Edition administrator group in the
Administrators group on the server:
1. In the Administrative Tools window, double-click Computer Management.
2. Expand Local Users and Groups in the left pane, and select Groups.
3. Double-click Administrators in the left pane to open the Administrators Properties
dialog box.
4. Verify that the group you want to specify as the Propalms Terminal Services Edition
Administrators group during Propalms Terminal Services Edition installation is in the
Members list and click OK.
Starting the required services
You need to start the Theme and Windows Audio services on the Application Servers — if the
applications are likely to use these services — before you install Propalms Terminal Services
Edition.
1. In the Administrative Tools window, double-click Services.
2. In the right pane of the Services window, double-click Themes to open the Themes
Properties dialog box.
3. Select Automatic from the Start-up type list and click Apply.
4. Click Start to start the service and Click OK..
5. In the right pane of the Services window, double-click Windows Audio to open the
Windows Audio Properties dialog box.

What's New
The section lists the new features supported by Propalms Terminal Services Edition v6.5.

Windows 2008 Server Support

Propalms TSE now supports the latest Windows 2008 / 2008 R2Server.
New User Interface
The new Propalms User Interface is eye catching, developed on the latest Web 2.0 platform.

New Load Balancer ranking scheme - % Utilization based

Currently Propalms Load Balancer computes a rank for each online App server based on
the available resources (by default only CPU and memory.) The new LB design will not
assign a rank to each server merely based on the available resources it has; it will assign
rank based on the % utilization of resources available on it. Therefore at any time the % of
available resources utilized on each server, will be the same. This scheme should be used
when App servers are of different Memory and CPU specs. It will help in even distribution
of sessions across servers.
Web Role Redundancy using auto failover feature in Propalms client
Ability to set a redundant Web server that will automatically be contacted by a client in the
event of the primary web server being unavailable.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 16

Getting Started
What's New

Browser less access to applications using Propalms client

Configurable Launchpad address and application launch from System Tray. A user may
configure Propalms Launchpad settings and retrieve and launch applications without
having to go the Launchpad Web page. User can also set the primary and secondary web
server to use, based on site location.
Publish multiple applications simultaneously
Allow publishing multiple applications simultaneously with identical settings. Up to 6
applications can be configured at a time and published to users saving Administrative
effort.
Publish Common Applications with single click
Predefined single click publishing of common applications such as Microsoft Office,
Windows Explorer, Control Panel Applets etc… An editable xml file on the Web server is
read to populate the Common application list. This file can be re-used at multiple TSE
locations to quickly add common set of applications.
Allow Single instance of App per User
Administrator can limit user to only allow launch of single instance of published
Application.
Disallow simultaneous logon from multiple clients with same user name
Prevent simultaneous logins from multiple client devices with same user name.
Set maximum TSE Session limit on TSE App servers to prevent session overload
TSE Admin can set a maximum limit of TSE sessions supported for each TSE App server.
Once the maximum session limit is reached, Load Balancing will direct app launch to the
other available servers.
Enable Disable HyperPrint Printer for users from Connection setting
TSE Admin can prevent user access to HyperPrint printer in user session by enabling /
disabling this option in Connection setting.
Force HyperPrint Printer as default printer for users from Connection settings
TSE Admin can force the Propalms HyperPrint printer as the default printer for TSE user
session.
Ability to Save, Save & Print or just Print, HyperPrint PDF files on TSE App server
Useful for thin client printing, print to file option, or saving a copy of printed document.
The pdf files are saved in Users profile My Documents\App Data\PdfFiles folder.
Support for more PDF readers with HyperPrint
Alternative Pdf readers such as Foxit, nitroPDF are supported along with Acrobat Reader.
HyperPrint client side print options
-Print directly to default printer on client
-Ability to select and set the pdf reader software to use with HyperPrint

Propalms Terminal Services Edition Administrator Guide--1 March 2013 17

Getting Started
What's New

-Ability to choose and save HyperPrint pdf files on client machine, for offline printing.
Return Internal or External IP to connect
Force client to connect on Internal or External IP address of App server through
Connection settings.
Hide App server IP address during App launch
This feature shows Application name in connection box instead of IP address of
connecting server.
TSE Client Upgrade, forced or optional when a newer client version is available
This option allows administrator to update the Console with a new client version and have
client’s auto-upgrade when they connect. User is alerted via System tray icon and
notification on Launchpad or administrator force upgrade.
Removal of User Lockdown when is removed for TSE APP server
Clean-up of User profile lockdown after has been disabled for the App server. The clean-
up can be enabled /disabled from Connection settings.
Monitor – Connection page enhancement
Additional field shows the idle time for Active /Disconnected session state.
Direct RDP to server from Console-Manage-Server page
Admins can connect to TSE servers via RDP from Console -Server page.
Logoff option added on Launchpad and Console Web page
Launchpad: When the user or administrator performs this action then the web session and
any applications open will be logged off.
Console: When the administrator logs off, all of the web session data will be deleted and
there will be no cached logons.
Added support for .pdf in Content Redirection
With this enabled, Pdf files in TSE sessions will be opened using local client PDF reader.
New Windows Explorer and TS policies in Propalms
New Windows Explorer and TS Policies have been added to existing Propalms Policy
templates.
Use of better quality images for Application Desktop and Start Menu shortcuts
Sharper and better quality images will be extracted for creating application shortcuts for
desktop and Start Menu.
New Console UI, Color scheme and Style
There is a new look and feel to the Console and Launchpad portal for better readability
and ease of access.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 18

Getting Started
What's New

Easy navigation between Console Dashboard and Console Summary page

Hyperlink button is available to switch between the graphical and statistical representation
of TSE system info.
TSE Admin can set the Console Home Page
TSE admin can set the home page for the Console site on Logon. Can be set to Dashboard,
Summary, Server, Connection or LoadBalancer page.
TSE Console-Home –About page will show the Hotfix version
Admin can enter the hot fix version applied to Propalms Web server in Console –Admin
page. This will be shown in the Home-About page.
Smaller and larger values available for Disconnected, Session time out and Console page
refresh rate
In connection settings, for Idle and Disconnect session timeout more values are made
available for refined control. Similarly for the Console page refresh rate.
New TSE Clients
New TSE client packages will be available for Windows, Mac OS and Linux. Any
enhanced RDP (rdesktop) features available at time of development will be included.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 19

Getting Started
What's New

What's New in Propalms TSE v7.0

The section lists the new features supported by Propalms Terminal Services Edition v7.0.

Enhanced TSE installation package with Auto Pre-requisite

install
TSE installation scheme has been improved to make TSE installation on Windows 2008, 2008 R2
and 2012 a smooth and easy install. The new installation scheme will auto install the required
Windows components for TSE like IIS, ASP, ASP.NET, COM+ , DTC and RDS as part of the TSE
installation routine. This will make installing and configuring a TSE server a hassle free install.
Administrators won’t have to worry about getting the required Windows pre-requisites installed
before starting the TSE installation. The pre-requisite auto install will also work for all subsequent
servers added in TSE team, either using the Join Team option or the ADD Server option from TSE
Management Console. In short, administrators can take a freshly installed Windows server and run
the v7 TSE installer to make it a fully functional TSE WEB with Windows IIS, TSE APP with RDS
and TSE Load Balancer server with a single installation.
Note: It is highly recommended that the Server being installed should have internet connectivity.
During install of Windows components like IIS, ASP and ASP.NET, Windows tries to run some
version checks and update checks with the Microsoft download portal. In the event that internet
connectivity is not available, the pre-requisite install may take longer time to complete.
• Installer will check and prompt for the required pre-requisites to be installed
DTC and Network COM+ installation

Propalms Terminal Services Edition Administrator Guide--1 March 2013 20

Getting Started
What's New

• IIS, ASP, ASP.NET will be installed during the TSE WEB Role installation.

• If not installed Remote Desktop Service Session Host Role will be installed with
default settings.

• New install dialog that shows progress of the Windows component being installed
and TSE Roles.
The problem with Interactive dialog showing up during TSE v 6.5 install, has been
resolved.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 21

Getting Started
What's New

Installation screens showing the install progress for Windows component IIS ;

*// Note that ASP.NET install may take a long time to complete on Windows 2012 depending
on the internet connection. NET framework 3.5 is not included in Windows install resources and
hence is downloaded from MS site during install time.

Note that .NET 2/3.5 install on Windows 2012 downloads files from the MS download site. This
may take some time based on the internet connection. If for some reason the .NET install fails, the
TSE Dashboard page in TSE Console may not function. This can be easily fixed by manually
installing .NET 2/3.5 on the server. To resolve this, install the .Net framework manually on the
Windows2012 server through Server Manager‐ Add Roles‐ Features option.
You may need to specify the source path for the .Net framework install files, available on the 2012
server install media in the \Sources\Sxs folder. Once .Net 2.0 is installed, run the
RegNetConsole script available in the Console directory of TSE WEB server
\Inetpub\wwwroot\Console folder. Run the script from an Admin Command prompt and then do a
‘iisreset’ .This will register the required .NET version with the TSE Console Web directory in IIS.
If not installed Windows RDS Session host role will be installed,

Propalms Terminal Services Edition Administrator Guide--1 March 2013 22

Getting Started
What's New

Server 2012 and Windows 8 support

TSE v7 Server is fully compatible and functional on Windows Server 2012. All TSE
features are supported on Win 2012.
AD 2012 is supported and also SQL 2012 running on Windows 2012. TSE v7 installation
supports auto install of Windows pre-requisites (IIS, RDS, COM, DTC,.NET)
on Windows 2012, making it easier to build TSE v7- 2012 server and add it to an
existing team of 2008, 2008 R2 and 2003 servers for evaluation and migration purpose.
Windows 8 as a client OS is supported for TSE v7 client and all client side features
are supported.
IE10 browser which is default on Windows 8 is supported as well for TSEv7 Launchpad
and Console portal.

Revamped TSE Console portals

TSE Management Console have been given a makeover with new color scheme, clearer
and bigger fonts, giving it a contemporary look and feel.
The Action item menus on the LHS of the pages have been made collapsible to better
utilize the screen area.
Mouse over to expand the Action Menu,

Action menu in expanded mode. Menu will auto collapse once the mouse is outside the
Action Menu region.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 23

Getting Started
What's New

Application Server Host Drive

When publishing applications on TSE for load balancing, it is required that the application install
directory and path be the same on all the TSE App servers for it to work.
There is a common problem of publishing x32 applications on TSE x32 and x64 App servers,
where the install path for x32 apps on x64 server is ..\program files(x86)\.. whereas on x32 server
it is ..\Program Files\.. .
In TSE v7, publishing the same app on x32 and x64 is possible without worrying about %program
files(x86)% directory for x64 servers. The application is loaded from the correct program files
directory based on the server being x32 or x64.
In some instances, Applications are installed on different drives or the default system drive letter is
different. To accommodate such scenarios,
TSE Admin can use the new Application Host Drive option in v7.
There are 3 options available:
a) Default: It launches the app from the exact path specified in the Application
path field
b) System Drive: Here TSE during actual app launch will retrieve the default system
drive of the target app server and accordingly change the application launch path.
c) Find Run time: Here TSE scans all local drives of App server for the application
path and once found, launches the application.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 24

Getting Started
What's New

TSE Connection settings re-organized and User

Choice Added
In TSE v7, Connection settings template have been re-organized for better management
and usability. Connection parameters pertaining to different aspects of TSE and RDP have been
grouped together.
Also connection parameters that are of specific interest to end users are grouped
together as client settings.
These settings are now also configurable by TSE users through the TSE Desktop Client
or TSE Launchpad Client settings page. In TSE Connection Settings, there is a new option “User
Choice” added in drop down for settings that can be set by a TSE end user/client.
TSE admin should keep the required setting to “User Choice” if the TSE admin wants
the client choice for the specific setting to take effect. This is particularly helpful for printer and local
drive redirection as keeping them ON always forces re-direction of client side resources even
if the user does not intend to use them for the particular session.
This will save server resources, faster app launch time and avoid potential problems with printer
and drive redirection.
Note: When launching apps from non-Windows TSE client (Linux,Mac others) or previous
version of TSE Windows client (PCM v5,v6,v6.5),
Parameters set as User choice in TSE v7 Console- Connection Settings, will be treated
as Enabled.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 25

Getting Started
What's New

TSE Seamless application launch integration with

RDP Seamless
MS introduced support for Seamless via RemoteApp in Windows 2008 server and has made
some significant performance improvements with it in 2008 R2 & Server 2012.

In TSE v7, TSE Seamless leverages the native seamless available on Windows 2008 & above to
give better performance and usability of applications in seamless mode. It utilizes native RDP
enhancements like RemoteFx and True MultiMonitor support.
By default this new enhancement is enabled in TSE Seamless feature. If needed, TSE Admin can
switch to native TSE Seamless feature by disabling theRDP Seamless option in TSE Connection
Settings.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 26

Getting Started
What's New

Enhanced TSE Console – Monitor – LoadBalancer

page
The TSE Monitor Load-Balancer page has been enhanced for better viewing and displays
additional information pertaining to LoadBalancing.
- Shows the Current active Master Load-Balancer in TSE team
- Shows the TSE Load-Balancing scheme in use
- Shows the total TSE Session count on each TSE App.

Connection Type info on Monitor – Connections

page
Monitor Connections page shows if the connection if over SPR, DMZ SPR or TSE App
server. Session Type:-
TSE - Direct App launch on App server.
SPR - App launch over TSE SPR server.
DMZ-SPR - App launch over TSE DMZ-SPR server.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 27

Getting Started
What's New

Server Lockdown Policy AD Group

/ OU assignment
Link Lockdown policies to Groups, using the Update lockdown Policy, Action menu on the
Manage-Groups page in TSE Console.

Clicking on the TSE Groups in TSE Console – Manage- Groups page now shows the applications,
printers and lockdown policies assigned to the specific Group.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 28

Getting Started
What's New

TSE Notification feature

TSE v7.0 introduces TSE Notification feature that allows TSE Administrators to enable
Email Notification Alerts based on certain TSE System Events.
An email notification will be sent to the specified Email accounts, notifying the
occurrence of certain TSE System Events.
TSE Notifications can be enabled and configured in TSE Management Console, under
Options – TSE Notifications page.
Notifications are part of the TSE WEB server configuration. If there are more than
one TSE WEB server in the team, only one TSE WEB server is responsible for sending
TSE notifications. In the event of a Web server going down, another TSE WEB server
takes up the Notifications job. If there is only one TSE WEB configured in the team,
notifications will not be sent if the only TSE WEB server goes offline. TSE checks
for its system/components status every 5 minute. In case a TSE system or component
state changes and reverts back to its original state between the 5 minute intervals,
it can go undetected by the TSE Notification System. This is likely when TSE Services
are restarted which usually only takes less than a minute. Verify the entered smtp
settings by clicking the ‘Test SMTP Settings’ button.

Update SMTP Settings:

It can be used to configure the SMTP account for sending e-mail notifications. By
default a TSEnotification account is configured.
Only the MailTo field is left blank. Please specify the required e-mail accounts
that should get the email notifications.
More than one e-mail ID's can be added seperated by semi-colons.

NOTE
If using TSE SMTP settings, do not try to enter any password for SMTP Server
Password field ,leave it blank. We recommend configuring your own SMTP settings as
using the default TSENotifcation Gmail SMTP may get blocked or need additional
authorization by Google when used from different geographical locations.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 29

Getting Started
What's New

Update Notification Events

Enable the desired Events for which notifications should be generated .
Notifications e-mail are only sent once per event. However, if there is a new event
that comes up,
an e-mail for previous events whose status has still not changed will be re-sent
or combined with the latest one.
Example: TSE server A goes offline generating a notification e-mail for server A.
Say 5 minutes later Server B goes offline while Server A is still offline. A new
notification e-mail will be sent combining the alerts for Server A and B being offline.

Notification Events:
Product License key nears Expiry:
This event is raised when a TSE product Evaluation license is due for expiry or
TSE product Base Key license has not been Activated.
For TSE evaluation license, notification alerts are sent daily when 5 or less than
5 days remain for license expiry .
For TSE Base Key activation, notification alerts are sent daily when 10 or less
than 10 days remain before the Base Key activation limit expires.
TSE Role for Server goes down:
This event is raised when any TSE Role (App, Web,LB, SPR or DMZ-SPR) goes down or
Red in the TSE Console – Manage- Servers page.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 30

Getting Started
What's New

Sample mail:

TSE Server goes offline:

Event is raised if a TSE Server running status goes offline in TSE Management Console.
This is common when a TSE server is rebooted or TSE Services being restarted.

Active license count over 90 percent:

This event gets raised when the Available User license count falls to 10 % of the
Total User License Available.
This alert is helpful in situation where TSE system is running to full capacity of
its user licenses and may need some TSE User license addition.

Database communication failure:

This event is raised when an online TSE Server in the team fails to connect with
the SQL server hosting the Propalms Database.

TSE Scheduled task failure:

This event is raised when one of the in-built scheduled TSE Tasks (Domain Synch,
Backup DB Synch, Reboot Server) fails to complete.
Job completion failure:
This event is raised when a TSE Job like, Adding application, Server, removing or
Adding Apps fails.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 31

Getting Started
What's New

App Server reaches Max Session Limit:

This event raised when a TSE App server reaches the Max Session limit set for it
by TSE Administrator.
Server goes False on Monitor LoadBalancer Page ( to be added before final release)
Notification is raised when a TSE App server goes FALSE on the Monitor- LoadBalancer
Page.

Reset SMTP Settings:

Use the Reset SMTP Settings option in case you need to revert to the default TSE SMTP
settings.
Do not enter the SMTP Password, leave it blank.

Import Export TSE Team configuration

TSE v7.0 has the provision to export its TSE Team Objects and Settings (Applications,
Settings, Groups/OUs, Lockdown ) in a XML format.
This XML can then be used to import to either create or restore a TSE team with the
same Objects and Settings.This XML can then be used to import to either create or restore a TSE
team with the same Objects and Settings.
This will help in easy duplication of Application list, Connection Settings, Lockdown
settings and Group/OU across multiple TSE teams.
Group/OUs are tied to the Active directory. Hence they should only be imported if
the TSE team belongs to the same AD as the original TSE team.
Note, only custom created Connection Settings and LockDown Policies in TSE are exported.
In-built connection settings like LAN, Windows Desktop are not exported.
Same is for Lockdown policies.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 32

Getting Started
What's New

The option to export and import team configuration is made available under the TSE
Console- Options – Administrator, Actions menu.
Click on Export Team Configuration to start exporting TSE configuration,

Export Team Configuration

Click on Export Team Configuration to start exporting TSE configuration,

Select the items you wish to export and hit the ‘Export’ button. Once Export is completed
a status page with the Export action report will be shown. The exported items are saved in a single
XML file with the name “TSETeamConfig.xml”.This file is created and saved in the TSE Depot
directory of TSE WEB server of which TSE Console site it being run.
(\Inetpub\wwwroot\Depot\TseTeamConfig.xml).
Repeating the export action at a later time will overwrite the contents of the same
XML file.
TSE Admin can choose to export one or more items later to have the most recent list
of TSE objects and settings saved.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 33

Getting Started
What's New

Import Team Configuration

Click on the Import Team Configuration action item to start importing TSE object
in existing TSE team.
Note that before starting the Import operation, the TSEteamConfig.xml from which
items need to be imported should be present in the Depot directory of TSE WEB server of which
TSE Console site is being run. (\Inetpub\wwwroot\Depot\TseTeamConfig.xml).
Select the items to import from xml and hit Import,

On Successful import of items,

Propalms Terminal Services Edition Administrator Guide--1 March 2013 34

Getting Started
What's New

When importing Application items, only application configuration information is imported.

Icons for the imported application don’t get imported. The application icons will have to be re-
created using the Update icon option in TSE Console – Manage- Applications page.
Note that once the tseconfig.xml has been used to import items to a specific team,
trying to re-import from the same config file to the same tse team will fail. This is by design to
prevent duplication of items with same name and ID.
This is done by setting a re-use tag “<nm-updated>1</nm-updated>” in the TSEteamConfig.xml
file after it has been successful used to import items. In case there is a need to re-import items
when the previously imported items, application list and settings have been deleted in the TSE
team, Open the TseTeamConfig.xml in any text editor application and set the following tag lines
“<nm-updated>1</nm-updated>” value from ‘1’ to ‘0’.Once the tag values are set to Zero , the
objects in the xml file can be re-imported.

Manage Network Printers

In TSE v7.0 , TSE admin can create a list of Network printers that are available
on the network where TSE is installed and assign these network printers to AD groups, Us and
client groups in TSE. This eliminates the headache for admins to create custom login scripts that
map network print queues to a user’s terminal server profile at logon.
Network printers can be assigned based on AD Group and OU membership and also client
groups based on IP address, hostname and other criteria’s.
Wherever possible, it is t recommended to have all printing done through Network
printers mapped directly to users TSE App session running on TSE App server. It eliminates re-
direction of client side printers on server, saving server resources, print driver management efforts
and network bandwidth as all print jobs go directly to the network print queue instead of TSE client
machine.
In TSE Console – Manage, a new option Network Printers is available.
From here network printers can be added, removed and assigned to Groups,OUs and Client
Groups that already exist in TSE.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 35

Getting Started
What's New

NOTE
In Add network printers, only printers that are shared on the network and have the
necessary permissions to access it our discoverable by the TSE Add Network printer’s
page. Once Added, use the Add Group, OU, Client group action item to assign these
printers to specific Groups,OUs and Client groups.If the end user launching TSE Apps
, belongs to more than one AD Group or OU, network printers from all Group/OU
membership for the user will be created in TSE session.

Remove Network Printers :

Select the desired printers to be Removed and click Next.

NOTE
Network Printers can be Removed assing to Client Group or Group/ OU.Once
Network Printer is removed, they won't be created in respective Group,OU or Client
Group

Propalms Terminal Services Edition Administrator Guide--1 March 2013 36

Getting Started
What's New

Customize the logo , baner text and footer images of

TSE portals and Desktop Client
With v7, Propalms logo, Banner text and footer images for TSE Launchpad and Console Portals
can be changed.
This allows some level of customization and re-branding of TSE portal and the new TSE Desktop
client.
“Customize TSE” Option is available in TSE Console- Options- System, Action Menu.

Browse to upload the required images, for Console, Launchpad and Home –About page in TSE
Console.

NOTE
The upload of new images requires that the IUSR account under which IIS
Anonymous authentication works should have write access to the TSE Console,
Launchpad and Depot directory. We recommend removing the write access once the
required images have been uploaded successfully.If there are more than one TSE
WEB server, upload the custom images on each TSE WEB server by running the TSE
WEB Console from that respective server.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 37

Getting Started
What's New

after successfully update,console will be shown as follows:

New User Settings in Console-Options-User page

Auto Refresh Client – The Auto Refresh client setting in TSE client will work only if TSE Admin
enables this setting in TSE Console – User settings. If set to disable (default), client side Auto
refresh setting will have no effect.
AD Single Sign On - TSE Admin can enable or disable the client side AD Single Sign On feature
by this setting.

Client Upgrade Notification - This will hide client upgrade notifications to end user when a newer
client is available for download. This setting can be used when TSE Admin does not want end user
to be notified of a client upgrade available.

What’s new in v7 – Home page with Hyperlinks

A new page “What’s new in v7” is added in TSE Console – Home section. This page highlights
and provides direct hyperlink to the new features and changes in TSE v7.
This will help existing TSE customers to quickly identify the areas in TSE Console where these
features are available and configure them too.

Support for MS TS Gateway server

TSE published applications can be launched over MS TS Gateway server. TS Gateway server
information can be configured in TSE Console – Options- TS Gateway page and TS Gateway
feature should be enabled in the relevant TSE Connection Settings for the application.
TS Gateway works for TSE Launch and also the Native launch (clientless).

Propalms Terminal Services Edition Administrator Guide--1 March 2013 38

Concepts
What’s in this chapter?

Concepts

What’s in this chapter?

This chapter explains the terms and concepts you should be familiar with to be able to use
Propalms Terminal Services Edition applications effectively. This is the section that can answer
questions such as how does Propalms Terminal Services Edition do this and why does Propalms
Terminal Services Edition do that.

Concepts
This chapter explains the following concepts:
"Secure product key"
"Domain objects"
"Active Directory synchronization"
"Connection settings"
"Delegated administrators in Propalms Terminal Services Edition"
"Client Groups"
"Single Port Relay"
"Ticketing Authority"
"Proxy Support"
"Customize application icon"
"Application Grouping"
"Internet Client Detection"
"Server Lockdown"
"Manage Lockdown Policies"
"Printer Driver Management Utility"
"IFS and Printer Data Compression"
"Bandwidth Throttling Management"
"Automated Administrator Tasks"
"Change Password"
"Connection Setting Monitoring"
"Java Client"

Propalms Terminal Services Edition Administrator Guide--1 March 2013 39

Concepts
Secure product key

"Native Windows Client Connections"

"Native Macintosh Client Connections"
"Deploying Propalms Terminal Services Edition roles"
"Local server install"
"Publishing a Windows Desktop"
"Load balancing"
"Application Grouping"
"Update Icon"
"File associations"
"Launch Pad"
"Client upgrade"
"Shortcuts"
"Printing"
"Jobs framework"
"File handling"
"System heartbeats"
"Diagnostics"
"Reporting"
"Active session management"
"Achieving database redundancy"
"Seamless windows"
"Security"
"File logging"
"Propalms Terminal Services Edition — Basic Configurations"
"HyperPrint"
"Web Redundancy"
"Configurable fall-back Web server for DMZ-SPR"
"Browser less access to applications using Propalms client."
"Linux Client Support"
"Mac Client Support"

Secure product key

Propalms Terminal Services Edition uses secure product keys to prevent the keys required to use
the product from being passed around to other people. Propalms Terminal Services Edition uses
four types of keys.

Types of product keys

Propalms Terminal Services Edition can be installed with either an evaluation key or a base key.
An evaluation key expires 30 days after installation. A Base Key needs to be added to the system

Propalms Terminal Services Edition Administrator Guide--1 March 2013 40

Concepts
Secure product key

to be able to use it. The base key expires 60 days after installation. The system has to be activated
with an activation key. An upgrade key can be added any time to increase the number of Propalms
Terminal Services Edition licenses.
This section describes the four different types of product keys.
Base key
If you installed your product with a base key, you will not be able to delete the base key. You can
only increase the numbers of licenses by using an upgrade key. An upgrade key will upgrade the
number of licenses available to your Propalms Terminal Services Edition solution.
The base key expires in 60 days. Once a base key is entered, administrators will have to generate
an activation request that is a combination of the base key in the system and some installation
specific data. The administrators should send this activation request to Propalms.
Activation key
A key generated by Propalms using the activation request sent by a Propalms Terminal Services
Edition administrator. An administrator can use an activation key only on the Propalms Terminal
Services Edition installation where its corresponding activation request was generated.

NOTE
Propalms keeps track of all the base keys activated. If somebody attempts to reuse the
same base key on a different installation, the activation key request is rejected by
Propalms. Further, a combination of base of key and activation key cannot be reused,
because the activation key is ‘tied’ to the Propalms Terminal Services Edition installation
on which it was generated.

Upgrade Key
You can purchase an upgrade key when you are ready to upgrade the number of licenses
available to your Propalms Terminal Services Edition solution permanently. You can purchase an
upgrade key for as few as five additional licenses. Upgrade keys are tied to the base key in the
system, and upgrade keys from one system cannot be used on another system. You can delete
the upgrade keys that exist in the system.
Evaluation key
An evaluation key commonly expires in 30 days. The number of licenses granted for the evaluation
key depends upon the situation. You can increase of the number of licenses in the evaluation
system by using an Evaluation upgrade key.

NOTE
It takes a few minutes for a product key that is added to the Propalms Terminal Services
Edition System to take effect.

Activation mechanism
An evaluation key expires 30 days after the system install, and a base key expires 60 days after
the system install. After the administrator adds the base key to the system, an Activate System
link is available in the left pane. Once the system is activated, the Activate System link is no
longer displayed on the Console. Administrators need to activate the base key in the system. Once
the base key has been activated, the system is fully functional and the base key does not expire.
Any additional upgrade keys in the system do not need activation.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 41

Concepts
Domain objects

NOTE
The administrator can generate an activation request only if the system is using a base
key. If the system is using an evaluation key, the Activate System link is not available on
the console.

Steps for activation

Following are the steps an administrator should follow to activate the system after installing
Propalms Terminal Services Edition with a base key.
1. The administrator launches the console and goes to the Home>Product Keys>Activate
System page to generate an activation request string.
2. The administrator emails this activation request to Propalms support at the email ID
[email protected].
3. Propalms support generates an activation key using the activation request string. For more
information, refer to "Activate System".
4. The activation key is emailed to the administrator.
5. The administrator adds this new activation key from the console. For more information,
refer to "Add Key".
6. The system is fully functional.
Failure to activate
If the administrator fails to activate the base key, the Propalms Terminal Services Edition team will
stop accepting new application launches after 60 days from the date that this base key was
entered into the system.

Licensing
Propalms Terminal Services Edition v7.0 offers Concurrent User Licensing.
Concurrent User Licensing
If the Propalms Terminal Services Edition administrator installs a base key with concurrent user
license for, say 5 users, any five users can launch, logon to Propalms Terminal Services Edition,
and launch applications concurrently. If a sixth user tries to launch an application, Propalms
Terminal Services Edition does not license a session until one of the earlier 5 users exits all
sessions. Hence, 5-user concurrent licensing means that not more than 5 users can have active/
disconnected sessions concurrently.

Domain objects
Domain objects include items such as servers, groups, organizational units (OUs), and users.
Propalms Terminal Services Edition must use a domain object, because all the authentication and
user-group membership information is stored at the domain level by Windows. With Propalms
Terminal Services Edition v7.0, it is also possible to do a local server install where the local server
may or may not be a part of a domain. For more information, refer to "Local server install".
Propalms Terminal Services Edition snaps on to the existing domain of an enterprise to gain this
access. It then retrieves user, group, rights, and authentication information. Propalms Terminal
Services Edition operates with the two most common domains, the Windows NT Domain and the
newer Active Directory.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 42

Concepts
Active Directory synchronization

The ability of Propalms Terminal Services Edition to snap on to an existing domain is important
because this eliminates the need for Propalms Terminal Services Edition to recreate a second user
directory. It also allows Propalms Terminal Services Edition to leverage the time administrators
dedicate to designing, implementing, and managing the network’s domain controllers.
Propalms Terminal Services Edition design optimizations
Propalms Terminal Services Edition implements the following design precautions when interfacing
with this critical enterprise resource:
• It implements read-only rights to the domain.
• It does not write to the Active Directory.
• It limits the number of times it reads from the Active Directory to minimize the load placed on
the domain controller.
Once an administrator understands the importance of non-invasive interaction with the existing
domain, the administrator can easily appreciate other nuances of the Propalms Terminal Services
Edition design.
Domain objects in Propalms Terminal Services Edition
In Propalms Terminal Services Edition Domains, Groups, OUs, and Users are domain objects. An
administrator can add domain objects to Propalms Terminal Services Edition from the existing
domains, and the administrator can synchronize the Propalms Terminal Services Edition domain
objects with the existing domain objects periodically.

Active Directory synchronization

Whenever a user logs on to the Propalms Terminal Services Edition team, Propalms Terminal
Services Edition performs a synchronization involving the steps that follow.

Retrieving list of groups and OUs

At each user logon, Propalms Terminal Services Edition retrieves a list of all groups and OUs to
which the user belongs.
Group retrieval process happens for the following:
• AD domains
• NT4 domains
• Local Server

NOTE
An OU is an Active Directory specific feature and works only in case of an AD domain.

Group memberships are retrieved recursively and nesting of groups in Active Directory is
considered.
For example, consider a user John who belongs to a global group called Company, and in turn,
Company belongs to a local group called Engineering. Propalms Terminal Services Edition
retrieves the following groups for John:
• Company
• Engineering

Propalms Terminal Services Edition Administrator Guide--1 March 2013 43

Concepts
Active Directory synchronization

Similarly, if a user belongs to an OU, the complete OU hierarchy is retrieved. The following figure
explains this concept.

FIGURE 1. User and OU Hierarchy

If a user belongs to the Organizational Unit DevOU, DevOU belongs to EngineeringOU, which in
turn belongs to CompanyOU, the logon process retrieves the following OUs:
• DevOU
• EngineeringOU
• Company OU

NOTE
If a user is added to a group in a different domain, the correct membership is retrieved only
after replication of the relevant domains takes place.

Prerequisites
For Active Directory synchronization to take place, the user account selected as the Propalms
Terminal Services Edition Identity account should have sufficient permissions to access
information from the Active Directory.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 44

Concepts
Active Directory synchronization

To ensure this, the administrator needs to know the permission options chosen when the Active
Directory was installed.

FIGURE 2. Active Directory Installation Permission Options

An administrator can choose from one of the following permissions options while installing Active
Directory:
• Permissions compatible with pre-Windows 2000 servers
• Permissions compatible only with Windows 2000 servers
If the administrator installed the active directory with the Permissions compatible with pre-
Windows 2000 servers option, no extra steps are required.
If the administrator installed the active directory with the Permissions compatible only with
Windows 2000 servers option, then the system administrator should do one of the following to
enable Active Directory synchronization:
• Identify the user account selected as the Propalms Terminal Services Edition Identity
account during the Propalms Terminal Services Edition install, and add this account to the
"Pre-Win2K compatible access group", “Account Operators”, or “Administrators” group in
the Active Directory.

NOTE

The system administrator needs to do this for all the domains in the Propalms
Terminal Services Edition system.

While membership in the last two groups,” Account Operators” and “Administrators”, gives
unrestricted access to the user and group accounts in the domain, membership in the “Pre-
Win2K compatible access group” provides a more secure option. By default, all users and
groups in domain have 'Read' permission granted to the “Pre-Win2k compatible access
group”. This makes sure that the members of this group can only read information from the
domain and cannot modify anything.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 45

Concepts
Active Directory synchronization

• Give 'Read' permissions to the Propalms Terminal Services Edition Identity account on all
users and groups in the domain. For more information, refer to "Giving read permissions to
Propalms Terminal Services Edition Identity account"

NOTE
After making this change, the administrator may have to restart Propalms Terminal
Services Edition services and components on the Web Server for the change to take
effect.

Giving read permissions to Propalms Terminal Services Edition Identity account

The administrator should give Read permissions to the Propalms Terminal Services Edition
Identity account on all the users who will logon to Propalms Terminal Services Edition. To do this:
1. Run the AD Users and Computers snap-in.
2. Select View>Advanced Features.
3. Right-click a user and select Properties from the shortcut menu.
4. Click the Security tab.
5. Add the Propalms Terminal Services Edition Identity account.
6. Select the Propalms Terminal Services Edition Identity account from the Name list, and
then from the Allow column in the Permissions list, select the Read check box.
7. Click Advanced, select the Propalms Terminal Services Edition Identity account from the
Permission Entries list, and click View/Edit.
8. Click the Properties tab, and then from the Allow column in the Permissions list, select
the Read Group Membership check box permission to the Propalms Terminal Services
Edition Identity account.
9. Click OK thrice to save your settings.
10. Repeat Steps 2 to 9 for all users those in all domains who are likely to use the Propalms
Terminal Services Edition system.
Alternatively, you can assign the required permissions to an OU and the set the permissions to
cascade to all members of the OU. To do this:
1. From the tree in the left-pane, right-click an OU where all user accounts reside and select
Properties from the shortcut menu.
2. Click the Security tab.
3. Add the Propalms Terminal Services Edition Identity account.
4. Select the Propalms Terminal Services Edition Identity account from the Name list, and
then select the Read check box from the Allow column in the Permissions list.
5. Click Advanced, select the Propalms Terminal Services Edition Identity account from the
Permission Entries list, and click View/Edit.
6. From the Apply onto list, select This object and all child objects.
7. Click OK thrice to save your settings.

Retrieving application list

After retrieving a complete list of groups and OUs, Propalms Terminal Services Edition checks the
database to see if the Propalms Terminal Services Edition administrators have assigned any

Propalms Terminal Services Edition Administrator Guide--1 March 2013 46

Concepts
Connection settings

application directly to the users, or indirectly to the users by assigning the applications to groups
and OUs. The user gets the assigned applications and the membership information is stored in the
database.
This process ensures that the user logging on to Propalms Terminal Services Edition always gets a
correct set of applications based on the user’s current group and OU memberships.

NOTE
The system does not reflect any change to a user's membership 'during' the user's
session. The user has to log off and log on again to make the membership changes known
to Propalms Terminal Services Edition. Alternatively, the user can click the Refresh
Application List link on the Favorites page in Launch Pad.

If a user has not logged on to Propalms Terminal Services Edition for some time and the user’s
group or OU membership has changed, Propalms Terminal Services Edition does not reflect this in
the Console.
However, there is an option for a Propalms Terminal Services Edition administrator to synchronize
group and OU information from the Console and to update application assignment. For more
information on this option, refer to "Synchronize a domain".

Connection settings
What does this do?
One of the primary operations of Propalms Terminal Services Edition is making RDP connections
between client and server computers. Connection settings objects set the parameters of these
connections. The Propalms Terminal Services Edition connection settings object is similar to the
Remote Desktop files that the Windows RDP client creates to save connection settings, except the
Propalms Terminal Services Edition settings are stored in the Propalms Terminal Services Edition
database instead of the client file system. Administrators can create connection settings to
accommodate the needs of different network connections, users, or applications. Since Propalms
Terminal Services Edition keeps connection settings objects in its database, connection settings
are a management tool rather than an administrator’s burden.
How does this work?
Propalms Terminal Services Edition divides the parameters of the connection settings into two
sections:
• Those that govern the RDP connections
• Those that govern the Propalms Terminal Services Edition features
The RDP section contains settings that are familiar to any administrator of terminal services.
These include display resolution and performance parameters. The Propalms Terminal Services
Edition features section contains parameters that alter the way Propalms Terminal Services Edition
enhances RDP. These enhancements include local resource sharing, load balancing, single port
relay, and idle and disconnected timers. The Propalms Terminal Services Edition features section
also includes Windows 2003 specific settings.
Administrators can create and manage settings from the Management Console’s
Manage>Connection Settings tab. From this tab, administrators can create a new connection
setting based on predefined templates. Propalms Terminal Services Edition has templates for low,
medium, and high bandwidth connections. Additionally, Propalms Terminal Services Edition has
templates to run the Windows shell application, to run applications in full screen mode, for shared
terminals, to run messenger applications, and to limit idle time in applications. This tab also allows
settings to be altered, removed, and marked as the system default setting.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 47

Concepts
Connection settings

Administrators can assign a connection setting to an individual application to override the system’s
default setting. This feature allows administrators to accommodate the special needs of a specific
application. For example, administrators may want a few applications to have a different idle time-
out setting. When applications are assigned a special connection setting, they are launched in
their own connection.
Initially, users connect with the setting that administrators mark as the default setting. If a user
needs to override the default connection setting for a particular client, the user can choose the
setting from the Option page of the Launch Pad. The chosen setting is remembered on the client
computer. In this way, administrators can tailor the connections used on a particular computer to
the network performance of the computer.
Thus, the administrator can assign existing Connection Settings to Client Groups and also to
applications. In addition, a user can select Connection Settings from the Launch Pad.
Unspecified Connection Settings
The administrator can now leave Connection Settings unspecified at two levels:
• Select the "Unspecified" option for one or more values in a set of Connection Settings
• Select the "Unspecified" option instead of a set of Connection Settings for an application or
Client Group
While adding or modifying Connection Settings, the administrator can now give “Unspecified” as
the value for a Connection Setting to leave it unspecified. For example, for creating Connection
Settings to apply to high security applications the administrator may specify Connection Setting
values for Propalms Terminal Services Edition Drive Sharing, etc. and may not really care for
things such as seamless windows, color depth etc. The administrator can create Connection
Settings for secure applications and specify only the relevant Connection Setting values. The
values for the other settings will be left as unspecified.
In addition, the administrator can now give “Unspecified” as the value for Connection Settings for
an application or Client Group to avoid specifying Connection Settings at the Application level or
the Client Group level.
Effective Connection Settings
The effective Connection Settings that are returned to the users can be a combination of the Client
Group Connection Settings, Application Connection Settings, User Connection Settings, and
Default Connection Settings. The precedence order for each Connection Setting individually is
Client Group, Application, User. If none of these values is specified, the Connection Setting
specified in the Connection Settings set as Default Connection Settings is used.

NOTE
The Connection Settings set as Default Connection Settings cannot have any unspecified
values.

The following table explains this concept of effective Connection Settings for some settings when a
user launches an application from a computer that is a part of a Client Group. The effective
Connection Setting is shaded.
TABLE 1. Example of effective Connection Settings
Connection Setting Client Group Application User Effective
Name Connection Connection Connection Connection
Setting Setting Setting Setting
Screen Size 800x600 1024x768 640x480 800x600
Launch Full Screen Unspecified On Off On

Propalms Terminal Services Edition Administrator Guide--1 March 2013 48

Concepts
Connection settings

TABLE 1. Example of effective Connection Settings

Connection Setting Client Group Application User Effective
Name Connection Connection Connection Connection
Setting Setting Setting Setting
Seamless Windows Unspecified Unspecified Always Always
Enable Single Port Relay Off On Unspecified Off
Logoff Idle Connections Unspecified Unspecified Unspecified Default

Suppose a user uses two Connection Settings - low bandwidth and high bandwidth (say,
depending on whether he is working from home or from office). In addition, the administrator has
set some properties for secure applications. It is now possible to run this secure application in low
bandwidth and high bandwidth settings by leaving these specific Connection Setting values as
unspecified for Client Group and applications Connection Settings. The effective Connection
Setting value is then taken from the User Connection Settings.

NOTE
The administrator should not publish a desktop with connection settings that allow multiple
launches in one session as logging off a published desktop closes all the application
launches in the session.

Special Cases in Connection Settings

Certain applications such as “Shadow” and “Remote Windows Desktop” are considered as special
applications. In case of special applications, the Connection Settings precedence is different; the
Connection Settings assigned to that application are the effective Connection Settings. However, if
any of the Connection Setting values is unspecified in the Connection Settings for this application,
then the value for this Connection Setting is picked up from the following Connection Settings in
the precedence order: Client Group > User > Default Connection Settings.

Connection settings templates

Propalms Terminal Services Edition provides a variety of connection templates that a user can
choose from while adding connection settings. For a complete list of property definitions, see the
following table on default values of connection settings.
TABLE 2. Default values of Connection Settings in templates*
Defa Bandwidth Secu Kiosks/ Applica Idle Mess Wind LAN
ult rity Shared tion time- enger ows Setti
Terminals Server out apps deskt ngs
types op

Low Medi High Secu Inter Exter Windo

um re nal nal ws 2003
apps and
2008
Display
Screen Size Default Defau 800 x Unsp Unsp Unsp Unsp Unsp Unsp Unsp Unsp Unsp Defau
lt 600 lt
Launch Full Screen Off Off Off Off Unsp Unsp Unsp Off Unsp Unsp On Off

Propalms Terminal Services Edition Administrator Guide--1 March 2013 49

Concepts
Connection settings

TABLE 2. Default values of Connection Settings in templates*

Defa Bandwidth Secu Kiosks/ Applica Idle Mess Wind LAN
ult rity Shared tion time- enger ows Setti
Terminals Server out apps deskt ngs
types op

Low Medi High Secu Inter Exter Windo

um re nal nal ws 2003
apps and
2008
Connection Bar in Show Show Show Show Show Show Show Show Show Show Show Show
Full Screen

Color Depth 16 bit 8 bit 16 bit 24 bit Unsp Unsp Unsp 24 bit Unsp Unsp Unsp 8 bit

Experience
Bitmap Caching On On On On Off Unsp Unsp On Unsp Unsp Unsp On
Enable On On On On On Unsp Unsp On Unsp Unsp On On
Compression
Reconnect if On On On On On On On On On On On On
connection is
dropped
Enable Virtual On On On On On On On On On On On On
Client DLLs
Enable Serial Ports Off Off Off Off Off Off Off Unsp Off Off Off Off
Enable Sound Off Off Off Off Off Off Off Unsp Off Off Off Off
Desktop Off Off Off Off Off Off Off Unsp Off Off Off Off
Background
Show Contents of Off Off Off Off Off Off Off Unsp Off Off Off Off
Window While
Dragging
Smooth Scroll On Off Off Off Off Off Off Unsp Off Off Off Off
Menu and Window On On On On On On On Unsp On On On On
Animation
Themes On On On On On On On Unsp On On On On
Enable Redirect Off Off Off Off Off Off Off Unsp Off Off Off Off
SmartCard
Propalms Terminal Services Edition Features
Seamless Windows Exce Exce Exce Exce Exce Exce Exce Except Exce Exce Exce Exce
pt pt pt pt pt pt pt during pt pt pt pt
durin durin durin durin durin durin durin logon durin durin durin durin
g g g g g g g g g g g
logon logon logon logon logon logon logon logon logon logon logon

System Tray Disab Disab Disab Disab Disab Disab Disab Disable Disab Disab Disab Disab
Seamless le le le le le le le le le le le
Launch in Existing If If If If If If If If If If If If
Connections availa availa availa availa availa availa availa availabl availa availa availa availa
ble ble ble ble ble ble ble e ble ble ble ble

Propalms Terminal Services Edition Administrator Guide--1 March 2013 50

Concepts
Connection settings

TABLE 2. Default values of Connection Settings in templates*

Defa Bandwidth Secu Kiosks/ Applica Idle Mess Wind LAN
ult rity Shared tion time- enger ows Setti
Terminals Server out apps deskt ngs
types op

Low Medi High Secu Inter Exter Windo

um re nal nal ws 2003
apps and
2008
Reconnect On On On On On On On On On On On On
Enable Single Port On On On On On On On Off On On On On
Relay
Enable DMZ Single Off Off Off Off Off Off Off Off Off Off Off Off
Port Relay
Logoff Never Never Never Never Never Never Never Never Never Never Never Never
Disconnected
Connections
Logoff Idle Never Never Never Never Never Never Never Never Never Never Never Never
Connections
Install Printers On On On On On On On On On On On On
Asynchronously
TSE File Saving On On On On On On On On On On On On
and Printing
Encryption
Enable Proxy On On On On On On On On On On On On
Server for RDP
Traffic
Printer Naming Defau Defau Defau Defau Defau Defau Defau Default Defau Defau Defau Defau
Scheme ( for lt TSE lt TSE lt TSE lt TSE lt TSE lt TSE lt TSE TSE lt TSE lt TSE lt TSE lt TSE
Propalms TSE Sche Sche Sche Sche Sche Sche Sche Scheme Sche Sche Sche Sche
Printing only) me me me me me me me (Printer me me me me
(Print (Print (Print (Print (Print (Print (Print Name_I (Print (Print (Print (Print
er er er er er er er FS er er er er
Name Name Name Name Name Name Name Token) Name Name Name Name
_IFS _IFS _IFS _IFS _IFS _IFS _IFS _IFS _IFS _IFS _IFS
Toke Toke Toke Toke Toke Toke Toke Toke Toke Toke Toke
n) n) n) n) n) n) n) n) n) n) n)
Monitor spanning Off Off Off Off Off Off Off Off Off Off Off Off
Session Recording Off Off Off Off Off Off Off Off Off Off Off Off
Virtual IP Off Off Off Off Off Off Off Off Off Off Off Off
Server IP to Publi Publi Publi Publi Publi Publi Publi Publishe Publi Publi Publi Publi
connect shed shed shed shed shed shed shed d IP shed shed shed shed
IP IP IP IP IP IP IP IP IP IP IP
On App launch Serve Serve Serve Serve Serve Serve Serve Server Serve Serve Serve Serve
show client r IP r IP r IP r IP r IP r IP r IP IP r IP r IP r IP r IP
Allow lockdown Off Off Off Off Off Off Off Off Off Off Off Off
policy cleanup on
new session startup
Client File System Sharing

Propalms Terminal Services Edition Administrator Guide--1 March 2013 51

Concepts
Connection settings

TABLE 2. Default values of Connection Settings in templates*

Defa Bandwidth Secu Kiosks/ Applica Idle Mess Wind LAN
ult rity Shared tion time- enger ows Setti
Terminals Server out apps deskt ngs
types op

Low Medi High Secu Inter Exter Windo

um re nal nal ws 2003
apps and
2008
Enable Client File On On On On On On On On On On On On
System Sharing
Compression Off Off Off Off Off Off Off Off Off Off Off Off
Enable Drive Sharing
Removable Drive On On On On On On On On On On On On
Fixed Drive On On On On On On On On On On On On
Network Drive On On On On On On On On On On On On
CDROM Drive On On On On On On On On On On On On
Client Printer Sharing
Windows 2003 PTSE PTSE PTSE PTSE PTSE PTSE PTSE PTSE PTSE PTSE PTSE PTSE
Windows 2008 / PTSE PTSE PTSE PTSE PTSE PTSE PTSE PTSE PTSE PTSE PTSE PTSE
2008 R2
Unidriver (for PTSE If If If If If If If If vendor If If If If
printing only) vend vend vend vend vend vend vend driver vend vend vend vend
or or or or or or or not or or or or
driver driver driver driver driver driver driver availabl driver driver driver driver
not not not not not not not e not not not not
availa availa availa availa availa availa availa availa availa availa availa
ble ble ble ble ble ble ble ble ble ble ble
Limiting Bandwidth Unlim Unlim Unlim Unlim Unlim Unlim Unlim Unlimite Unlim Unlim Unlim Unlim
(for Propalms TSE ited ited ited ited ited ited ited d ited ited ited ited
printing only)
Compression (for Off Off Off Off Off Off Off Off Off Off Off Off
Propalms TSE
printing only)
Allow printer On On On On On On On On On On On On
properties to be
remoted
Select printers to All All All All All All All All All All All All
remote to server printe printe printe printe printe printe printe printers printe printe printe printe
rs rs rs rs rs rs rs rs rs rs rs
Propalms HyperPrint Setting
Propalms On On On On On On On On On On On On
HyperPrint
Set HyperPrint as Off Off Off Off Off Off Off Off Off Off Off Off
default printer in
Session
Save HyperPrint Print Print Print Print Print Print Print Print Print Print Print Print
pdf files on Server Only Only Only Only Only Only Only Only Only Only Only Only

Propalms Terminal Services Edition Administrator Guide--1 March 2013 52

Concepts
Delegated administrators in Propalms Terminal Services Edition

TABLE 2. Default values of Connection Settings in templates*

Defa Bandwidth Secu Kiosks/ Applica Idle Mess Wind LAN
ult rity Shared tion time- enger ows Setti
Terminals Server out apps deskt ngs
types op

Low Medi High Secu Inter Exter Windo

um re nal nal ws 2003
apps and
2008
Windows 2008 Specific
Multiple Monitor Off Off Off Off Off Off Off Off Off Off Off Off
Support (for 2K8
R2 and above)
Enable RemoteFX Off Off Off Off Off Off Off Off Off Off Off Off
(for 2K8 R2 and
above)
Font Smoothing On On On On On On On On On On On On
Desktop Off Off Off Off Off Off Off Off Off Off Off Off
Composition
Enable TS Off Off Off Off Off Off Off Off Off Off Off Off
Gateway Server

* - Unspecified is tabulated as Unsp

PTSE stands for Propalms Terminal Services Edition

Delegated administrators in Propalms Terminal Services

Edition
Propalms Terminal Services Edition allows the administrator to create delegated administrators
that have restricted administration rights on the Propalms Terminal Services Edition system. The
administrator can create Admin roles and add one delegated group or a set of delegated users to
these roles. Further, the administrator can assign specific tasks to each role. The administrator can
specify the groups and OUs controlled by each role. Each member of the group, or an individual
user, to whom the administrator has delegated an Admin role, becomes a delegated administrator,
and can perform the assigned tasks on the controlled groups and OUs added to the role.
The advantage of this feature is that the administrator can delegate tasks to users or groups
without giving full control of the Console. Moreover, the administrator can restrict the groups that
the delegated administrator manages.

Delegated administrator tasks

The administrator can assign one or both of the following tasks to each Admin role:
Monitoring
When an administrator assigns the Monitoring task to an Admin role, all the delegated
administrators that are delegated this role can monitor sessions. They can monitor the sessions of
all the users that either are members of the groups, or belong to the OUs the administrator has
assigned to them as controlled groups. The delegated administrators can:
• View sessions of these users

Propalms Terminal Services Edition Administrator Guide--1 March 2013 53

Concepts
Delegated administrators in Propalms Terminal Services Edition

• Shadow sessions provided they have the appropriate right on the Application Servers
• Send messages
• Disconnect sessions
• Log off sessions
• Monitor Load Balancer, Database Connections, Relay Servers, and Jobs. These are read-
only pages; no action is supported on these pages.

NOTE
The Summary page displays the total number of licenses currently consumed and not the
number of licenses consumed by only the users that the delegated administrator can
monitor.

Application provisioning
When an administrator assigns the Application Provisioning task to an Admin role, all the
delegated administrators that are delegated the role can provision existing applications to the
users that belong to the groups or the OUs the administrator has assigned to them as controlled
groups. The delegated administrators can:
• Assign applications to controlled users, groups, and OUs
• Revoke the assignment of applications to controlled users, groups, and OUs

Creating delegated administrators

FIGURE 3. Steps to Add Admin Role

Following are the steps to create delegated administrators:
1. Add a role to the Propalms Terminal Services Edition team and identify it with a unique
name. Assign one or more of the following tasks to the role:
• Monitoring
• Application Provisioning
2. Delegate the role to delegated administrators. The administrator can delegate the role to:
• One group, where all members of the group become delegated administrators with this
role
• Multiple users

Propalms Terminal Services Edition Administrator Guide--1 March 2013 54

Concepts
Delegated administrators in Propalms Terminal Services Edition

3. Assign controlled users the delegated administrators will control. The administrator can
add:
• Multiple OUs
• Multiple groups
For more information, refer to "Add role".

Delegated administrators with multiple Admin roles

If an administrator assigns multiple roles with different tasks to a delegated administrator, and each
of these roles has its own set of controlled groups and OUs, the delegated administrator can
perform all those tasks that the administrator assigns to each role. However, the delegated
administrator can perform each task assigned to an Admin role only on the controlled groups and
OUs of each corresponding role.

NOTE
If an administrator is also made a delegated administrator, there is no effect on the
administrator’s rights. The administrator is not restricted to the delegated administrator’s
tasks, but can perform all the tasks on the system.

Consider the scenario in the following table.

TABLE 3. Delegated administrator scenario with multiple admin roles
Role Marketing Admin Sales Admin First Admin

Tasks Monitoring Application Monitoring and

Provisioning Application
Provisioning
Delegated administrators Mary John John
Robert Mary
Controlled Groups and OUs Marketing OU Sales OU Net OU
Jill Jill

In such a scenario, the three delegated administrators can execute the following tasks when they
logon to the Console:
TABLE 4. Delegated administrator with resulting rights
Delegated Tasks: Groups and OUs
Administrator
John Monitoring: Net OU
Application Provisioning: Sales OU, Net OU, Jill
Mary Monitoring: Marketing OU, Jill
Application Provisioning: Sales OU, Jill
Robert Monitoring: Marketing OU, Jill

Prerequisites and restrictions

Application provisioning
Delegated administrators cannot add new applications to the system. They can only provision
existing applications.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 55

Concepts
Client Groups

Shadowing
Delegated administrators must have the appropriate rights on the application servers.
Task assignment
If an administrator changes the rights of a delegated administrator while the delegated
administrator has the console open, the delegated administrator still continues to have access to
the same pages as before the administrator changed the rights, until the Console is closed.
However, the delegated administrator is unable to perform any of the tasks that have been
removed.
Consider the case when a delegated administrator with Application Provisioning role logs on to the
Console, and the administrator removes the delegated administrator from the role. The delegated
administrator will still see the Manage tab in the console but will not be able to provision
applications. If the delegated administrator selects any application and clicks the Add Group link,
he will not see any groups to add to the application.
When the delegated administrator logs on the next time, the changed settings become effective
and the Console displays the appropriate tabs based on the current Admin role membership. In the
example mentioned earlier, the Manage tab will not be displayed.

Client Groups
A Client Group is a group of client computers. Propalms Terminal Services Edition allows you to
group client computers based on criteria you specify from the Console. Propalms Terminal
Services Edition Administrators can create a Client Group that will have client computers as
members. A Propalms Terminal Services Edition 7.0 installation always creates a Default Client
Group that will have all clients not assigned to any group.
When the client logs on to the Launch Pad or when the Connection Manager starts, the client
sends its computer specific identification data to the server. The server matches the client data
with Client Group filters and places the client in one of the groups. If the client fits into multiple
groups, then the system places it in the default group with a flag indicating the conflict.
This unique feature thus allows the Propalms Terminal Services Edition administrators to
• Assign applications to client computers just as they assign applications to users, groups or
OUs
• Assign printers to the client computers instead of depending on the user printer list
• Make groups of client computers based on some predefined criteria and then assign them
connection settings or decide other client side behavior such as
• Taking care of the security aspect by specifying whether to allow saving of passwords,
allow creation of user short cuts.
• Turning off Propalms Terminal Services Edition file associations.
• Taking care of public terminal users by hiding the Propalms Connection Manager tray
icon. This feature is useful on terminals where the administrator expects users to
launch client applications using shortcuts and does not expect them to delete/refresh
shortcuts, or go to the Launch Pad.

NOTE
This unique feature is an important feature for server based computing world as it gives
administrators more control on client computers.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 56

Concepts
Client Groups

NOTE
NOTE: A user cannot launch application through Client group created desktop or start
menu shortcuts if the specific application is not assigned to the launching user by the
Propalms Administrator.

Terminology
This section describes the terms used in connection with the Client Groups feature.
Client Group
A bucket created by an administrator where clients connecting to Propalms Terminal Services
Edition are stored. The administrator can assign this group of clients some applications and
printers that will be available to the client (user) if it matches the connection settings of the Client
Group.
Sort
Sort refers to the process of finding out the appropriate Client Group for a client at the run-time.
Filter
Criteria defined by the administrator for a Client Group that decides the sorting behavior.
Default Client Group
A group created in Propalms Terminal Services Edition system during install. The system places
the clients not belonging to any Client Group in this group. This group cannot be deleted and
cannot have filters defined on it.
Contention flag
If a client can be placed in more than one group, the system assigns it to Default group with a flag
indicating the conflict. This flag is called the Contention Flag.
Dynamic sorting
If every time a client connects, the system places the client in an appropriate Client Group,
Dynamic Sorting is said to be ON in the system. The system does Dynamic Sorting based on the
current Client Group settings the administrator makes on the Console. The administrator can
select the Sort Client into Client Group on each connect check box on Options>User page in
the Console to turn Dynamic Sorting ON.
If Dynamic Sorting is ON, then sorting occurs each time the client connects to the server, and thus
the Client Group assigned to this client is updated each time the client connects.

NOTE
Dynamic Sorting is OFF by default.

If the administrator does not turn Dynamic Sorting ON, then sorting occurs only when the client
connects to the server for the first time after a client group is assigned to this client. In this case,
the assigned client group for this client changes only if:
• The administrator removes the client from the Client Group using the Manage>Client
Groups>Remove Clients page on the Console.
• The administrator moves this client into another client group using:

Propalms Terminal Services Edition Administrator Guide--1 March 2013 57

Concepts
Client Groups

• Manage>Client Groups>Remove Clients

• Manage>Client Groups>Add Clients
• Manage>Client Groups>Update Filters

NOTE
Uninstalling and reinstalling the Propalms Client from the client computer also forces re-
sorting.

Printers and Client Groups

An administrator can assign printers to Client Groups. When a user launches an application on an
Application Server from a client computer in the Propalms Terminal Services Edition system, the
user has access to the client computer and the Application Server’s printers for printing. However,
if the client computer is sorted to a Client Group, the printers assigned to the Client Group are also
available. In addition, the default Client Group filter overrides the default printer set on the client for
applications launched through Propalms Terminal Services Edition.
The default printer is assigned to an application in the following order of priority:
1. Default printer in the Client Group
2. Default printer on the client
3. Any printer of Client Group
4. Any printer on the client
5. Default printer on the server
Printer enumeration
The Add Printers page in the Add Client Group sequence and the Add Printers sequence
enumerates printers. Using this page the administrator can assign printers to a Client Group.
When the page displays for the first time, it enumerates all the printers in the default domain, the
default domain being the domain to which the Web Server belongs. Using the Domain Name field
the administrator can search for printers in another domain.

NOTE
A trust relationship must exist between the domain to which the Web Server belongs and
the domain being searched for printers.

The Domain Name and Printer Name are case-insensitive. If the administrator initiates a printer
search leaving the Domain Name field blank, the page enumerates the printers in the domain to
which the Web Server belongs.
Additionally, the administrator can use the Name field to search for a particular printer in the
domain specified. In this case, a domain search is initiated for the printer in the domain specified.
Printer Name can also be the full UNC path of the printer, or the first few characters in the Printer
Name.

Managing Client Groups

In order to manage Client Groups the administrator needs to
• Create a Client Group

Propalms Terminal Services Edition Administrator Guide--1 March 2013 58

Concepts
Client Groups

• Assign properties to the Client Group

Create a Client Group
An administrator can create a Client Group in two ways:
• Policy based automatic sorting, based on one or more of the following filters
• IP address of the client computer
• NetBIOS name of the client computer
• Client operating system
• OU of the client in the domain
For example,
IP address is between 192.168.5.10 to 192.168.5.50
OR between 192.168.6.110 to 192.168.6.210
OR client computer NetBIOS name is AB* OR *M
OR OS type is Windows 95 OR Windows 98
OR Client OU is SalesOU
In this case, the system sorts a client computer satisfying even one of the conditions to this
Client Group.
• Manually, by adding individual clients from Default Client Group. The members of the
Default Client Group that are automatically added to the Client Group due to policy based
sorting appear selected on the page.
Assign properties to the Client Group
An administrator can assign the following to each Client Group
• Applications
• Direct settings
• Restrictions on
• Allowing save password
• Allowing user shortcuts creation
• Disabling Propalms Terminal Services Edition file associations
• Hiding Propalms Connection Manager tray icon
• Printers
• Connection settings
For more information, refer to "Add Client Group".
Supported clients
• Windows PC client
• Windows CE client

Use case analysis

New system install
When Propalms Terminal Services Edition is installed:
• The default client group is created as a holder for any client computer that accesses
Propalms Terminal Services Edition.
• There is just one client group ‘Default Client Group’, and it gets all the clients.
• No filters can be set on this default group.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 59

Concepts
Client Groups

• By default, there are no applications assigned, and no printers added to this group.
• By default, there are no Connection Settings assigned to this group so that it does not
override user or application connection settings.
Administrator adds new client group
An administrator adds a new Client Group by following the steps mentioned in "Add Client Group".
Client connects to server
When a client connects to a server:
• Propalms Connection Manager sends computer specific information to the Propalms
Terminal Services Edition server.
• Server decides the Client Group for the client based on the following flow-chart.

Start

Client Connects
to Server

No
Is Dynamic Sorting ON?

Yes
No
Has client connected before?

Iterate through Client

Yes
Groups and match the
client with the Client group
filters Get Client Group
from Server

Yes
Is there more than one matching
Client Group?

Set Contention No
flag

No
Is there one matching Client Group?

Yes

Add client to Add client to

Default Client matching Client
Group Group

Stop

Propalms Terminal Services Edition Administrator Guide--1 March 2013 60

Concepts
Client Groups

1. If the client matches the policy for one Client Group, the client is placed in that Client
Group.

FIGURE 4. New Client is placed in a Client Group

Propalms Terminal Services Edition Administrator Guide--1 March 2013 61

Concepts
Client Groups

2. If the client matches more than one policy, the Contention flag is set and the client is placed
in Default Client Group.

FIGURE 5. New Client is placed in Default Group

The client receives a list of printers assigned to the Client Group.

NOTE
Even if a client has a default printer, for applications launched through Propalms Terminal
Services Edition, the default printer for the Client Group to which the client belongs
becomes the default printer.

The Propalms Connection Manager tray icon is displayed or hidden depending on the settings for
its Client Group. In case the Connection Manager is used to connect to multiple Propalms Terminal
Services Edition teams, the icon is hidden if even one of the teams has a setting to hide it. If
administrator changes the option on the server from “show tray icon” to “hide tray icon” or vice-
versa then the status of icon changes the next time the client computer connects to a Propalms
Terminal Services Edition server.
Client launches an application assigned to Client Group
When a user launches an application on the client computer and the application is assigned to a
Client Group in the Propalms Terminal Services Edition team:
• Authentication dialog box appears
• The application is launched if user authentication is successful.
The precedence for determining the value of EACH setting in the connection settings is:
1. Client Group
2. Application
3. User

Propalms Terminal Services Edition Administrator Guide--1 March 2013 62

Concepts
Client Groups

For a specific connection setting item, if no connection setting is assigned for the Client Object, or
the value for the Connection Setting item is unspecified, the system takes the setting from
Application Connection Settings.
If there is a setting for Application, the system takes it and ignores the setting for the User for this
item. However, if no connection setting is assigned for the Application, or the value for the
Connection Setting item is unspecified, the system takes the setting from User Connection
Settings.
If the setting for the item is not defined in any object, then the system takes it from default
Connection Settings.

NOTE
Default Connection Setting cannot have unspecified values.

Administrator manually moves client between Client Groups

Any manual moves of the clients between Client Groups do not make sense if dynamic sorting is
ON. This is because even if the administrator moves the client to another Client Group it will be re-
sorted when the client connects the next time, based on the policies. Hence, the administrator
must switch the dynamic sorting off before making any manual overrides to the sorting
mechanism.
• A Propalms Terminal Services Edition administrator can view the clients present in one
Client Group at a time.
• The administrator can remove clients from the group. The removed clients move to Default
Client Group.
• The administrator can add clients that have already been sorted to other Client Groups to
this Client Group when Dynamic Sorting is OFF.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 63

Concepts
Client Groups

The diagram that follows illustrates this.

FIGURE 6. Client is moved to another Client Group

NOTE
When the administrator explicitly adds clients to a Client Group, the clients might not
match the selection filters of the group.

Administrator deletes Client Group

Administrator can view all the Client Groups at one place on the Console and may select one or
more groups for deletion.
• The selected Client Groups are removed from the database.
• Clients present in the group move back into Default Client Group.
• For clients computers that were in this client group, the client shortcuts got from this Client
Group are removed whenever the next refresh shortcuts happens.
Administrator updates Client Group
Administrator has the ability to update Client Group properties, add or remove applications, add or
remove printers, set default printer, add or remove clients, and update filters for a Client Group
After the administrator updates the filter, it is possible that clients in the group do not match with
the new filter.
• If Dynamic Sorting is ‘On’, then the next time the client connects to the Propalms Terminal
Services Edition team, its Client Group is updated accordingly.
• If Dynamic Sorting is ‘Off’, then the client stays in the same Client Group until the
administrator moves him out.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 64

Concepts
Client Groups

NOTE
If administrator updates a Client Group and changes its filters, it is possible that clients
already present in the group do not conform to the new filter, but remain in that group if
Dynamic Sorting is ‘Off’. Administrator will have to move these clients to default group for
‘sort’ to take effect.

Deployment scenario
This section explains a typical deployment scenario using the Client Group feature.
Public Terminal
A hospital, where the application users are doctors of the hospital: There are 30 client computers
and 1000 doctors who will be accessing the applications from these computers.
The procedure for setting up shortcuts on a public terminal is as follows:
1. Add a Client Group through the Console. Set the selection criteria such that all client
computers to be used as these public terminals fall under this Client Group. Assign the
applications whose shortcuts we want to create, to this Client Group.
2. Set the Client Group properties appropriately. We recommended that you select the Do
Not Allow Creation of User Shortcuts check box. If users login to Propalms Terminal
Services Edition through Launch Pad on these computers, this setting does not allow their
user application shortcuts to overwrite the Client Group shortcuts either on the Start menu
or the desktop.

NOTE
To disable access to the Launch Pad through the Propalms Connection Manager tray icon,
on the Options>System>Update System Options page, delete the Propalms Terminal
Services Edition Team Name.

3. Select the Do Not Allow Save Password check box and Disable Propalms Terminal
Services Edition File Associations check box.
4. To the relevant Group, assign the applications to needed by the doctors. For example, if the
doctors belong to the Domain Group “GroupDoctors”, then assign the applications to this
group.
5. The Client Group shortcuts need to be created on the client computers, the public terminals
in this case. Use some dummy domain user to which you have not assigned these
applications. The preferred way to create Client Group application shortcuts is to transform
the Propalms Connection Manager msi and push it to the client computer or install the
Propalms Connection Manager as a local administrator.

NOTE
If you use a user who has these applications assigned, then these applications are not
created as client applications.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 65

Concepts
Single Port Relay

Single Port Relay

The Single Port Relay (SPR) feature allows all the RDP and Propalms Terminal Services Edition
traffic, except the Web traffic, to travel over a single port using the SSL protocol. This feature
makes Propalms Terminal Services Edition more firewall friendly, so the administrator has more
flexibility in deploying Propalms Terminal Services Edition. The standard SSL port 443 is generally
open for communication in most server-client environments. Single Port Relay enhances security
by using this SSL port as the SPR port, thus eliminating the need to open any other ports on the
corporate firewalls. This brings down the number of ports that must be open — other than port 80
for Web traffic — to just one.
All traffic from clients is routed to the appropriate Application Server through the Single Port Relay.
The administrator can configure more than one Single Port Relay Server.

Benefits
The use of a Single Port Relay Server provides the following benefits.
Only one open port
The administrator can configure the system to work on a particular port, which is already open on
the firewall. For example, 443 — the well-known SSL port — is open most of the times.
Only one routable IP address
As the Single Port Relay Server relays the traffic between clients and all the Application Servers,
the Application Servers can reside on the internal network. The Application Servers need not have
a routable IP address. Only the Single Port Relay Server needs to have a routable IP address. This
address can be a NAT address, which can also be mapped to an FQDN address.
Enhanced security
The shielding of Application Servers from external world, and the fact that a reduced number of
ports are open on the firewall, makes the system more secure.
SSL handshake
The administrator can further enhance security by enforcing an SSL handshake between external
clients and the Single Port Relay Server before it actually starts relaying the data to the internal
Application Servers.

NOTE
This initial SSL handshake might be mandatory, as some firewalls require a proper SSL
handshake, before they allow any traffic to pass through.

Single Port Relay does the following:

• On the client side, the Single Port Relay multiplexes the RDP and IFS traffic and transmits
that on the same port.
• On the server side, Single Port Relay demultiplexes the traffic and forwards it to the
appropriate Application Server as indicated by the Load Balancer.

Traffic through Single Port Relay

Single Port Relay handles the following:
• Internet File Sharing

Propalms Terminal Services Edition Administrator Guide--1 March 2013 66

Concepts
Single Port Relay

• Printing
• RDP sessions

Why choose port 443?

Port 443 is the preferred port for Relay Servers as:
• 443 is the most commonly open port in corporate firewalls
• SSL handshake is sometimes required by some firewalls to allow traffic on port 443
The Relay Server can be configured to use any other available port. For more information, refer to
"Relay Server role".
If you change the relay port, the existing connections are disconnected. However, the user can
reconnect the disconnected sessions from the Launch Pad Connections page, depending on the
connection settings.

SSL handshake
When enabled, the SSL handshake is done only for the initial session start. After that, the session
is not encapsulated in an SSL session. The SSL handshake is only one-way. That is, only the
server is authenticated by the client. The client is not authenticated by the server. Since each type
of traffic — IFS, printing, RDP — have their individual encryption settings, they are not encrypted
again. The administrator can enable handshake for all the Single Port Relays in the system from
the Options>Relay Servers>Update Options page. For more information, refer to "Relay
Servers options".

Implementation details

FIGURE 7. Single Port Relay in Propalms Terminal Services Edition

The Single Port Relay Server is a Service that runs on Windows Server 2003 or Windows Server
2008, which has routable IP address. This service listens on the specified port and forwards all the

Propalms Terminal Services Edition Administrator Guide--1 March 2013 67

Concepts
Single Port Relay

RDP or IFS traffic to the appropriate port on the Application Server. The Single Port Relay service
listens on a configurable port (443 by default).
All the RDP and IFS data is sent to the Single Port Relay Server instead of the Application Server.
The Single Port Relay forwards the data to the appropriate Application Server.
If the Single Port Relay is configured to use SSL handshake, then every connect first tries to
establish a valid SSL session by completing a proper SSL Handshake. It is possible to configure
different Single Port Relay Servers to use different "Server Authentication Certificate" type
certificates. However, all the Single Port Relay Servers use the same port number. The Propalms
certificate is installed in the "Personal" folder of the computer account and Propalms CA is installed
in the "Trusted Root Certification Authorities" folder of the computer account when the relay server
role is installed on the server. The Propalms Certificate is valid for one year and the Propalms CA
is valid for 20 years. For more information on handling SPR certificate, refer to "Managing
Certificate for SPR".
During uninstall, both the Propalms certificate and the Propalms CA are uninstalled from the
"Personal" and the "Trusted Root Certification Authorities" stores of the computer.

NOTE
Web traffic is not tunneled through the Single Port Relay. It still uses either port 80 or port
443, or any other port depending on the Web Server configuration. Web Server still needs
to be behind the firewall.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 68

Concepts
Single Port Relay

Configuring a Relay Server

The steps for configuring a Relay Server are as follows:
1. Update the Relay Server configuration to set the relay port and enable or disable SSL for
all Relay Servers. By default, port 443 is the relay port and SSL is enabled. The
administrator should make sure that the specified port:
• Is available for use
• Can be successfully bound to
• Can listen successfully
For more information, refer to "Relay Servers options"
2. Add the server to the Propalms Terminal Services Edition system. The administrator should
know the NetBIOS name of the server. For more information, refer to "Add a server".
3. Add role to the server. The administrator can choose the certificate to use for SSL
handshake if the system options have SSL enabled. By default, we install a Propalms
certificate to enable SSL handshake. To replace this certificate by another certificate, first
install the certificate on the server that is to be the Single Port Relay Server, and then
choose the certificate from the Console. The Console displays a list of certificates from the
server’s Personal certificate store. The administrator can specify a particular certificate file
or use the default Propalms provided certificate. For more information, refer to "Add roles to
a server".

NOTE

After the certificate is changed, the administrator should restart the Propalms
Terminal Services Edition Single Port Relay service.

The Single Port Relay Server starts functioning immediately after the administrator successfully
pushes this role on to a server, without any need of further settings or manual configurations. For
more information on deploying the Relay Server role, refer to "Relay Server role".

Managing Certificate for SPR

The administrator can configure the Single Port Relay to use SSL. SPR uses a certificate for SSL
handshake. This section explains the type of certificate, its location, and step-by-step procedures
for setting up SSL handshake.
Certificate Type that SPR requires
Certificates are of various types, some of which are:
• IP Sec
• Client Authentication
• Server Authentication
• Email Protection certificate
• Code Signing certificate
SPR requires "Server Authentication Certificate" type of certificate. The Propalms certificate is
installed in the "Personal" folder of the computer account and Propalms CA is installed in the
"Trusted Root Certification Authorities" folder of the computer account when the relay server role is
installed on the server. The Propalms Certificate is valid for one year and the Propalms CA is valid
for 20 years.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 69

Concepts
Single Port Relay

The administrator may configure the SPR to use any other certificate generated locally on a
Certificate Server or obtained from a vendor such as VeriSign. Each SPR Server can use a
different certificate.
Following are the steps the administrator should follow to generate a certificate on a local
Certificate Server and use it on the SPR server:
1. Create a certificate on the SPR Server
2. Issue a certificate from the Certificate Server
3. Install the certificate on the SPR Server in the Personal store of the Current User
4. Export the CA from the Certificate Server
5. Import the CA to the Computer account on the SPR Server
6. Import the certificate to the computer account on the SPR server
7. Select the certificate for the SPR server from the Console

NOTE
The administrator needs to follow the steps for each SPR Server. However, the
administrator can follow the steps for just one SPR Server and then use the same
certificate for other SPR servers by exporting the certificate and the CA from the SPR
Server on which they are installed, and importing them in the computer account of all the
SPR Servers.

Following are the steps the administrator should follow to use a certificate issued by a certifying
authority:
1. Import the certificate to the computer account on the SPR Server
2. Import the CA to the computer account on the SPR Server

NOTE
The administrator should follow the steps for each SPR Server in the Propalms Terminal
Services Edition system.

Create a certificate on SPR Server

The administrator needs to create a certificate only if a locally generated certificate is to be used in
the Propalms Terminal Services Edition system.
1. Open Internet Explorer and access the Certificate Server using a URL of the following
format
http://<certificateserver name>/certsrv
2. Click the Request a Certificate link, and then click the Advanced Certificate Request
link.
3. Click the Submit a request to this CA link.
4. Enter the required details.
5. Select the Server Authentication Certificate option from the Type of Certificate Needed
list.
6. If the certificate would be exported in PFX format, select the Mark Keys as Exportable
check box.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 70

Concepts
Single Port Relay

7. Click Submit.
8. Click Yes on the message boxes that display to proceed.
9. Note down the Request ID that is displayed after the certificate is created. This is required
when issuing a certificate.
Issue a certificate on the Certificate Server
The administrator needs to issue a certificate on the Certificate Server only if a locally generated
certificate is to be used in the Propalms Terminal Services Edition system.
1. Select Start>Programs>Administrative Tools>Certification Authority to open the
Certification Authority mmc snap-in.
2. Expand the tree on the left hand side pane and select Pending Requests.
3. Select the certificate with the Request ID you noted in Step 8 of "Create a certificate on
SPR Server" in the right hand side pane.
4. Select Action>All Tasks>Issue or right-click the certificate and select All Tasks>Issue
from the shortcut menu.
A message indicating that a certificate has been issued is displayed.
Install a certificate on the SPR Server
The administrator needs to install a certificate on the Certificate Server only if a locally generated
certificate is to be used in the Propalms Terminal Services Edition system.
1. Open Internet Explorer and access the Certificate Server using a URL of the following
format
http://<certificateserver name>/certsrv
2. Click the View the status of a pending Certificate request link.
3. Identify the certificate based upon the Certificate Type (Server Authentication Certificate in
this case), the date and the time and click on the certificate link.
4. Click the Install Certificate link.
5. Click Yes on the message boxes that display to proceed.
The certificate is installed on the SPR Server in the Personal store of the Current User.
Export the Certificate in .PFX Format to a file on the SPR Server
The administrator needs to do this only to use the certificate generated earlier instead of
requesting multiple certificates.
1. Open the Certificates mmc snap-in for Current User.
2. Expand the tree in the left hand pane and select Personal>Certificates. The certificate
that was installed should be listed in the right hand side pane.
3. Right-click the certificate and select All Tasks>Export... from the shortcut menu.
4. In the wizard select the Yes, export private key option. Accept all the other default
options.
5. Enter the password and the name of the file along with the path.
The certificate is exported as .PFX file on your drive.
Export the CA in .CER format on the Certificate Server
The administrator needs to export the CA on the Certificate Server only if a locally generated
certificate is to be used in the Propalms Terminal Services Edition system.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 71

Concepts
Single Port Relay

NOTE
The CA can never be exported in PFX format. It is exported only in PKCS and CER
format.

For SPR we export the CA in .CER format.

1. Open the Certificates mmc snap-in for Current User.
2. Expand the tree in the left hand side pane and select Trusted Root Certification
Authorities>Certificates.
3. Select the required CA from the list of CAs in the right hand side pane.
4. Right-click the certificate and select All Tasks>Export from the shortcut menu.
5. Select the Base 64 format option and proceed.
6. Enter the path and name of the file. Save the file.
Import the CA in Trusted Root Certification Authorities store of the Computer Account on
the SPR Server
The administrator should follow these steps to import a locally generated CA.
1. Open the Certificate mmc snap-in for the local computer.
2. Expand the tree in the right hand side pane and expand Trusted Root Certification
Authorities.
3. Right-click Certificates and select Import... from the shortcut menu.
4. Enter the path of the .CER file and proceed to import it.

NOTE
The administrator can also drag and drop the CA from the Current User store to the Local
Computer store.

Import the certificate in the Personal Store of the Computer Account

The administrator should follow these steps to import a locally generated certificate or a certificate
obtained from a certifying authority.
1. Open the Certificate mmc snap-in for the local computer.
2. Expand the tree in the right hand pane and expand Personal.
3. Right-click Certificates and select Import... from the shortcut menu.
4. Enter the path of the .PFX file.
5. Enter the password and proceed to import the certificate.

NOTE
The administrator can also drag and drop the certificate from the Current User store to the
Local Computer store.

Select a Server Certificate for SPR Server from Management Console

To use the newly created certificate for the SPR role:

Propalms Terminal Services Edition Administrator Guide--1 March 2013 72

Concepts
Single Port Relay

1. From the Management Console, select Manage>Servers.

2. Select the server with the SPR role and click Update Server.
3. Select the imported certificate from the Server Certificate list.
4. Click Update.
Propalms Terminal Services Edition will now start to use this certificate. Test the launches via the
SPR prior to deploying.

Monitoring
The administrator can monitor the current load on each Relay Server. The administrator can view
the information by:
• Relay Servers
• Clients

NOTE
The relay speed and the connection speed in BPS are calculated by taking into
consideration the number of bytes for last 60 seconds.

For more information, refer to "Relay Server"

Consider the following symbolic configuration:

FIGURE 8. Client IP Addresses and Relay Server

In this case, the Client IP Address column displays A and the Relay Peer IP Address field displays
B.

Diagnostics
The administrator can run the following diagnostics tests on the Single Port Relay Server:
• Check if port is available and if the Single Port Relay Server was able to grab it.
• Check if the Single Port Relay Server was able to load the certificate correctly.

Relay switch for Launch Pad

A user can override all settings and force the URL to get all sessions via the Single Port Relay. For
example, consider a roaming user, maybe a sales guy, trying to connect to the corporate
applications. The user is sure that the location the user is connecting from has a locked-down

Propalms Terminal Services Edition Administrator Guide--1 March 2013 73

Concepts
Single Port Relay in DMZ

firewall (required ports are closed). The user uses the URL switch to get all sessions via the Single
Port Relay, irrespective of what other policies may say. To do this, a user adds relay=1 in the query
string and the query string must begin with a question mark (?).
In this case, the URL will be http://<Propalms Terminal Services Edition Web Server Name>/
Launch Pad/?relay=1.

Single Port Relay in DMZ

Propalms Terminal Services Edition Terminal Services Edition (TSE) v7.0 provide an additional
role, the DMZ SPR role, which allows the administrator to place the Single Port Relay in the DMZ
and introduce an additional layer of security between the internal network and the external network
by functioning as a secure gateway for the clients. The system administrator needs to expose only
one routable address, that of the SPR in the DMZ.

DMZ
The DMZ, short for ‘DeMilitarized Zone’, is a computer or a small sub-network that is placed
between a trusted internal network, such as a corporate private LAN, and an untrusted external
network, such as the public Internet.
A DMZ is the physical zone behind an Internet facing firewall and in front of a second level firewall
that protects the internal systems and data. In a typical Internet application scenario, the DMZ is
the physical virtual local area network (VLAN) on which the Web servers are deployed. It is also
known as a 'Perimeter network'. Packet filtering often separates more trusted networks from the
DMZ networks at the perimeter. Packet filtering may also separate the Internet from the DMZ. The
military metaphor comes from the idea that you let un-trusted users onto the DMZ networks, but
they can't "bring guns." For example, packet filtering might allow HTTP fro m the Internet to reach
the DMZ but prohibit telnet, ftp, SMTP and other protocols that might easily allow an attack on your
trusted networks to be launched.

SPR in DMZ
The Single Port Relay Server in the DMZ (henceforth referred to as DMZ SPR) in TSE v7.0 is the
only exposed server with a routable address. All the other SPR Servers, Web Servers, Application
Servers, and Load Balancers lie in the internal secure network (henceforth referred to as the
Secure Network).
The RelayServerEngine service runs on the DMZ SPR. This service is like the Propalms Terminal
Services Edition Engine service that runs on the TSE servers in the Secure Network. The
RelayServerEngine, however, does not make DCOM calls into the Secure Network, as the ports to
run DCOM are usually not open in the inner firewall. Instead, the RelayServerEngine relies on the
DMZRelayServerAssistant component that runs on the Web Server. The RelayServerEngine
communicates with the RelayServerAssistant using HTTP.
SPR in the DMZ functions like SPR in the internal network, with the following exceptions that are
applicable to the DMZ SPR:
• Diagnostics are not performed on the DMZ SPR.
• The DMZ Relay Server role has to be installed manually on the server and cannot
• be pushed from the Console.
• The DMZ Relay Server role has to be uninstalled manually and can only be
• removed from the TSE database from the Console.
• The monitored status of the DMZ SPR is read from the TSE database, and is updated by the
DMZ SPR every two minutes.
• The DMZ SPR has to contact to either another SPR or the Application Servers.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 74

Concepts
Single Port Relay in DMZ

• Web traffic can be routed through the DMZ SPR or through a separate Web Server.
Benefits
The use of a Single Port Relay (SPR) Server provides the following benefits:

Only One Open Port. The administrator can configure the system to work on a particular port, which is
already open on the firewall. For example, 443 — the well-known SSL port — is open most of the
times.

Only One Routable IP Address. As the Single Port Relay Server relays the traffic between clients and all the
Application Servers, the Application Servers can reside on the internal network. The Application
Servers need not have a routable IP address. Only the Single Port Relay Server needs to have a
routable IP address. This address can be a NAT address, which can also be mapped to a FQDN
address. There is no need to expose the Web Server. The DMZ SPR is also capable of routing the
HTTP traffic. Users outside the Secure Network can access the TSE Launchpad via the DMZ SPR
using <DMZ IP>/Launchpad, and administrators on the move can also monitor the system from the
Web-based TSE Management Console using <dm zip>/console.

Enhanced Security. The shielding of Application Servers from the external world, and the fact that a
reduced number of ports are open on the firewalls, makes the system more secure. The number of
ports open on the inside firewall can also be reduced by putting SPRs in a ‘cascade’. The DMZ
SPR also puts additional check on the authenticity of application launches by checking for tickets
(see also‘‘Ticketing Authority’’). The ticket is issued to the client by the Load Balancer when it
servers the launch request. This ticket is checked by the DMZ SPR when the client actually
launches the application. The DMZ SPR acts as a HTTP pass-thru. Before passing the HTTP data
to the Secure Network, the SPR will authenticate it. This protects the web server in the Secure
Network from malicious attacks.

SSL Encryption. In Propalms Terminal Services Edition TSE v7.0 the SPR performed only a SSL
handshake with the client, the RDP and IFS data flow was not SSL encrypted. In TSE v7.0 security
is enhanced by encrypting the whole data stream.
• Any communication from the SPR to the Secure Network will need to go through a firewall
friendly port (http 80 or 443). This typically excludes the RDP & IFS ports, as for
performance reasons it will be desirable to open these ports in the innermost firewall.
However, in the case where administrators desire completely secured communication even
through the innermost firewall, one more optional cascaded SPR can be placed in the
Secure Network.

Traffic Through DMZ Single Port Relay

The DMZ Single Port Relay (DMZ SPR) handles the following types of data:
• HTTP Traffic
• Internet File Sharing
• Printing
• RDP Sessions

DMZ Relay switch for Launch Pad

A user can override all settings and force the URL to get all sessions via the DMZ Single Port
Relay. For example, consider a roaming user, maybe a sales guy, trying to connect to the
corporate applications. The user is sure that the location the user is connecting from has a locked-
down firewall (required ports are closed). The user uses the URL switch to get all sessions via the

Propalms Terminal Services Edition Administrator Guide--1 March 2013 75

Concepts
Single Port Relay in DMZ

DMZ Single Port Relay, irrespective of what other policies may say. To do this, a user adds
dmzrelay=1 in the query string and the query string must begin with a question mark (?).
In this case, the URL will be http OR https://<Dmz_Server_name_or_IP>/launchpad/?dmzrelay=1

Installing the Single Port Relay (SPR) Server Role on a DMZ Server –
Prerequisites
Before the administrator installs the SPR role on server in the DMZ, the administrator should have:
• At least a single- machine (‘unibox’) installation of Propalms Terminal Services Edition TSE
that consists of a Propalms Terminal Services Edition TSE installation with Web Server,
Application Server and Load Balancer roles on a single server in the Secure Network.
• If SPRs are being cascaded, that is, if the SPR in the DMZ connects to the internal network
via an SPR in the Secure Network, the SPR role should be installed on a server in the
internal network before installing the SPR role on a DMZ server.
SPR in DMZ Installables
To install the SPR role on a server in the DMZ, the administrator can do one of the following:
• Run Propalms-TSE-DMZ.msi from the CD drive of the server in the DMZ or from a network
share that can be accessed from the server in the DMZ.
• Click the appropriate link on the Home > Download page of the Console to download and
run the appropriate msi from the Depot folder on the Web Server.
SPR in DMZ Installation Information
Additionally, the administrator needs to have knowledge of the following information as the
installation program prompts for it:
• The IP address of the Web Server OR
• The IP address of the cascaded SPR Server in the Secure Network if SPRs are being
cascaded.
• The port of the web server or of the cascaded SPR.
• Status of this server (secured or not).
• The user name and password of the account under which the DMZ SPR Services run. It is
recommended that this be the low privileged user account. This user need not have any
access to the Propalms Terminal Services Edition Servers in the Secure Network.

Single Port Relay Server With DMZ Relay Server Role in the DMZ
The following diagram is a symbolic representation of the protocols and ports used by the
Propalms Terminal Services Edition TSE components when it has the DMZ Relay Server role
installed on it.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 76

Concepts
Single Port Relay in DMZ

FIGURE 9. Single Port Relay Server in the DMZ

This setup allows the administrator to only open the secure port 443 for communication with
external clients and port 80 for web traffic. The Web Server is also placed in the Secure Network
and all RDP, IFS and web traffic is routed through the DMZ SPR. The advantage here is that the
secure ports need to be opened on only one server on the external firewall. Hence, only the DMZ
Server has to have a routable address.

Single Port Relay Server with Cascaded Relays

The configuration shown in Figure 9 has the disadvantage that port 3389 and port 4660 have to
remain open on the internal firewall for RDP and IFS traffic. The administrator can avoid this by
configuring another SPR in the Secure Network. The DMZ SPR is cascaded with the SPR in the
internal network. In this case, only the secure ports need to be open on the internal firewall.
Additionally, the administrator can configure whether to route either or both web traffic and RDP/
IFS traffic through the cascaded SPR from the Options>Relay Servers page.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 77

Concepts
Single Port Relay in DMZ

FIGURE 10. Cascaded SPR with Single Port Relay in the DMZ and in the Secure Network

Implementation Details
The Single Port Relay Server is a Service that runs on Windows Server 2003, which has a routable
IP address. This service listens on the specified port and forwards all the RDP or IFS traffic to the
appropriate port on the Application Server. The Single Port Relay service listens on a configurable
port (443 by default).
The DMZ SPR uses the DMZRelayAssistant on the Web Server in the Secure Network to update
its status in the TSE database.
Users coming from outside can access the Launchpad using <dmzip>\launchpad. The DMZ SPR
acts as a HTTP pass-thru shielding the internal web servers from the un-secured network.
All RDP and IFS data are also sent to the Single Port Relay Server instead of the Application
Server. The Single Port Relay forwards the data to the appropriate Application Server.
In this scenario the administrator needs to open HTTP/S (80/443), RDP (2287) and IFS (4660) in
the inside firewall (F2).
If the Single Port Relay is configured to use SSL handshake, then every connection first tries to
establish a valid SSL session by completing a proper SSL handshake. It is possible to configure
several Single Port Relay Servers to use different types of "Server Authentication Certificates".
However, all the Single Port Relay Servers use the same port number. The Propalms certificate is
installed in the "Personal" folder of the computer account and the Propalms Certification Authority
(CA) is installed in the "Trusted Root Certification Authorities" folder of the computer account when
the relay server role is installed on the server. The Propalms Certificate is valid for one year and
the Propalms CA is valid for 20 years.
During uninstall, both the Propalms certificate and the Propalms CA are uninstalled from the
"Personal" and the "Trusted Root Certification Authorities" stores of the computer.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 78

Concepts
Single Port Relay in DMZ

Monitor DMZ Relay Servers

You can access this page in the TSE Management Console to view the load on the DMZ Relay
Server (DMZ SPR) in the Propalms Terminal Services Edition TSE team. This is an optional role,
so you may see no information (if you have no DMZ Relay Server installed).

NOTE
You can change your DMZ SPR settings from the Options>Relay Server page.

You can view the current load in the following ways:

"View By Server"
"View By Client"
View By Server
This is the default view. It displays the following information:

Relay Server. Displays the name of the DMZ Relay Server.

Number of Connections. Reflects the number of total connections made through this port.

Number of Web Server Connections. Reflects the number of HTTP connections made through this port.

Number of Application Server Connections. Reflects the number of RDP/IFS connections made through
this port.

Relay Speed (BPS). Reflects total throughput from all clients to the Applic ation Servers through the DMZ
SPR. The throughput speed has an inverse relation to the Number of Connections value. The
value appears as bytes per second (BPS).

Available Memory (MB). Shows the difference between the total memory and the memory in use by active
processes.

Available CPU Cycles (MHz). Shows the difference between the total CPU capacity and the capacity in use
by active processes.
View By Client
This is an alternate view. It displays the following information:

Client Name. Shows the NetBIOS name of the client computer.

Client IP Address. Shows the IP address of the client computer.

Source Address. Shows the NAT IP address. If there is no NAT, this displays the client IP address.

Relay Server. Shows the name of the DMZ Relay Server.

Connection Speed. Reflects throughput from each client to the Application Server. The throughput speed
has an inverse relation to the Number of Connections value. The value appears as bytes per
second (BPS).

Propalms Terminal Services Edition Administrator Guide--1 March 2013 79

Concepts
Single Port Relay in DMZ

Tasks
This page shows the information of tasks which have been run. The information is shown in tabular
format with the following columns.

Task Name. This shows the name of the task.

Action Name. This shows the name of the action.

Server Name. This shows the name of the server on which the task is running.

Time Started. This displays the time at which the task was started.

Time Completed. This displays the time at which the task was completed.

Task Status. This displays the current status of the task.

Action Result. This displays the result of the action.

Update Server Profile
To update the properties of any servers, go to Manage Server in the Management Console and
select the DMZ SPR server (which must already have been added previously by installing the role
on that server). Use the Update Server action to update the properties of a DMZ SPR server.
Server Information

Server name*. The server name is used to identify the server. In case of the DMZ SPR this name is not
used in any way to communicate with the DMZ SPR like with some other Propalms Terminal
Services Edition TSE roles.

Description. This provides free-form text that identifies the server or clarifies other information.

Published Address. When you specify a server IP address or fully qualified domain name (FQDN) in this
field, a client will use this address to connect to this server. If you do not specify an address in this
field, Propalms Terminal Services Edition TSE routes the client connections to the Internal IP
Address.
In the case of the DMZ SPR, make sure to specify an address that is available to a client because
a server may have several IP addresses and some of these addresses may be unavailable for
client connections. If not specified otherwise, the internal IP address is used as External, but it will
fail in case of the DMZ SPR.

NOTE
In the case of the DMZ SPR, make sure to specify an address that is available to a client
because a server may have several IP addresses and some of these addresses may be
unavailable for client connections. If not specified otherwise, the internal IP address is
used as External, but it will fail in case of DMZ SPR.

Traffic On Published Address is Forwarded to this Address. In certain network configurations Application
Servers do not have an actual public IP Address, but certain rules can be set on Routers /
Firewalls such that traffic on a particular published address is routed to a certain internal address.
In such cases if nothing is specified in this Field, then the DMZ SPR will try to bind to the address
specified in the public IP Address field. This will fail because that machine does not actually have
any such IP Address. So System Administrator must specify an internal IP Address in this field
through which the DMZ SPR should communicate with the internal network. This field may contain

Propalms Terminal Services Edition Administrator Guide--1 March 2013 80

Concepts
Single Port Relay in DMZ

the same address as specified in the internal address field, or if there are more network interfaces
then the Administrator can choose a specific internal address.

The address specified in this field must exist on this particular machine, in other words the address
specified in this field must be one of the IP Addresses displayed when you execute ‘ipconfig /all’
command on this particular machine.

Disable Best Internal Address Discovery. By default, Propalms Terminal Services Edition TSE will discover
the best address to use for its internal communication. If you wish to specify a particular address,
clear this check box to disable the discovery mechanism and enter an Internal IP Address or DNS
name in the Internal Address to use field.

NOTE
Check this setting, if HTTP access to the DMZ SPR fails, or if application launches fail
even though everything looks ok on the firewall. The DMZ SPR might be using the wrong
internal IP interface to connect to the Secure Network. Specify the correct internal IP, and
thne clear this check box.

Internal Address to Use. Members (servers) of the Propalms Terminal Services Edition TSE Team use this
address to communicate with each other. Enter the internal IP address, NetBIOS name, or FQDN
name in this field. If you do not specify an Internal Address, TSE will use the address that best
communicates with your Web Server IP / Cascaded SPR IP that you specified while installing the
DMZ SPR role.

Relay Configuration and DMZ Relay Configuration

This can be changed from the Options->Relay Servers.

NOTE
For security reasons, servers in the Secure Network don’t talk back to the DMZ SPR.
However, the DMZ SPR reads the configuration changes every 2 minutes, which means it
takes atleast 2 minutes or more for DMZ SPR configuration vlaues to take effect.

DMZ Relay Configuration

Relay Port. This setting allows you to assign the relay port for a SPR server. In general, you might want to
use port 443 (SSL) if you have no specific objection to using it as it is generally open for
communication in most server-client environments. However, if you cannot use or don’t want to
use port 443, this port assignment is configurable.

NOTE
If you change the relay port, the existing connections are disconnected. However, the user
can reconnect the disconnected sessions from the LaunchPad Connections page,
depending on the connection settings.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 81

Concepts
Single Port Relay in DMZ

Enable SSL. The SSL protocol generally begins with a handshake phase that negotiates an encryption
algorithm, checks the keys (public and private), and authenticates the server to the client. This also
enables the encryption of data that flows to the SPR from its client.

Cascaded Relay Configuration

Enable Cascaded Relay. Select this to enable cascaded relay configuration. You must select this, and either
or both of the following check boxes to enable routing:

Enable HTTP Routing. Select this setting if you have enabled cascaded relay and want to route all the web
traffic through the cascaded SPR. If this box is not checked, the inside SPR won’t be used to route
HTTP traffic. The administrator needs to open the Web Server’s IP/Port on the inside firewall.
The Web Server IP/Port is given to the DMZ SPR (as DMZRelayAssistant). This configuration can
be changed using the resource kit (RK) that is available for Propalms Terminal Services Edition
TSE.

Enable RDP/IFS Routing. Select this setting if you have enabled cascaded relay and want to route the RDP
and IFS traffic through the cascaded SPR. If this box is not checked, the inside SPR won’t be used
to route RDP/IFS traffic. The administrator needs to open all Application Server IP and RDP/IFS
ports on the inside firewall.

DMZ SPR Resource Kit

To install the Propalms Terminal Services Edition TSE Resource Kit on a DMZ SPR server in the
DMZ, the administratorcan do the following:
Run Propalms-TSE-RK.msi from the CD drive of the server in the DMZ or from a network share
that can be accessed from the server in the DMZ.

Changing Identity of DMZ Server Components

Changes the identity under which DMZ components and services are running. Identity is the
security context that these components use while running. This command will generate
appropriate progress messages as well as error messages.
Logging: Event log entries will get generated indicating failure or success of the operation.
Type in following command on the Propalms RK prompt
c:\ Propalms-rk dmzidentity /action:set /domain:xxx /user:xxx /password:xxx
If the operation is successful you will get a proper message or else an error will be shown.

Displaying DMZ Server Certificate

Displays the current server certificate that is being used by the DMZ server. This command can be
used just for verification by the admin before changing the certificate.
Type in following command on the Propalms RK prompt.
c:\Propalms-rk dmzcertificate
Existing certificate name will get displayed on the prompt.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 82

Concepts
Ticketing Authority

Changing DMZ Server Certificate

Changes the certificate used by the DMZ server. If the certificate name contains a space, delimit it
with quotation marks; otherwise it will generate appropriate error messages.
Logging: Event log entries will get generated indicating failure or success of the operation.
Type in following command on the Propalms RK prompt
dmzcertificate /action:set /certificatename:xxxxx
This command will change the certificate that is being used by the DMZ server.
Known Issues
On the DMZ SPR the application log gets full with the event logs from PerfLib saying “Access to
performance data was denied to ‘DMZUser’ “. Admin might get the “Event log full” messages and
need to set the event log to Overwrite Events as needed.

Ticketing Authority
Overview
The Ticketing Authority (TA) feature in Propalms Terminal Services Edition TSE v7.0 serves the
purpose of providing an additional security check in deployments that involve a DMZ. It will be
responsible for issuing session tickets to an already authorized Propalms Terminal Services
Edition TSE user. This ticket will be validated at the DMZ when the user tries to launch an
application. Any user presenting an invalid ticket will be rejected in the DMZ. The TA feature is
enabled by default whenever the DMZ SPR is in use. Ticketing can not be turned off when the
DMZ SPR is enabled.
What and How is the Ticketing Authority Protecting Aganist
Without a Ticketing Authority (TA), it is conceivable for a client to launch a ‘man in the middle’
attack, bypassing TSE and directly launching an (un-provisioned) application on an application
server. It would be conceivable for an attacker to retrieve the IP address of the application server
and to launch directly from the application server bypassing TSE. With the TA feature in TSE v7.0
such unauthorized accesses can be prevented. When an application launch request comes in,
TSE will issue a session ticket only after a successful authenticity check and other checks such as
application validation. Thus the administrator can be assured that the user who is requesting
access to an application server, is really an authorized user.
Implementation Details
By default, the Ticketing Authority (TA) installs as a COM+ component on all web servers in the
Secure Network. The sequence of events is as follows (see figure 11 ):
When a client wants to launch an application, it comes to the TSE Load-Balancer Assistant (LBA)
first.
After handling the user authentication, application validation and after receiving a suitable
application server from the Load-Balancer (LB), the LBA contacts the TA.
The TA then generates a session ticket for the served request. The session ticket reaches the
client as part of the LB response. The LB response will not contain the IP address of the
application server and thus there will be no way for a user to get access to the application server
directly.
The client then presents this ticket to the DMZ SPR at launch time as part of the SPR handshake.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 83

Concepts
Proxy Support

The DMZ SPR retrieves this ticket and presents it to the TA.
The TA checks the validity of the ticket (time stamp check). If an invalid ticket is presented an
event will be logged.
If the ticket is valid, the TA returns the IP address and port of the application server to the DMZ
SPR and then removes the ticket from the database. A valid ticket will let the connection in,
otherwise an error message will be created during the SSL handshake and the connection will be
dropped.

FIGURE 11. Ticketing Authority

Proxy Support
In Propalms Terminal Services Edition 7.0 users can make launches through proxy server.
Currently HTTPS proxy and SOCKS-4 proxy are supported.
SOCKS Proxy
SOCKS is Protocol for Proxy Servers and Clients. It's not tied up to any particular application layer
protocol like HTTP, FTP, RDP. SOCKS Proxy Server can be used to forward data of any
application protocol, provided that the client software is Proxy Aware.
Internet Explorer is an example of Proxy Aware HTTP client. IE can support a HTTP proxy or
SOCK4 Proxy Server.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 84

Concepts
Customize application icon

Actual Client that talks the RDP Protocol was not proxy aware up till now. It was a fundamental
requirement that the NMTSACHost.exe should be able to directly open a socket with the Single
Port Relay, DMZ Single Port Relay or the Application Server. This is possible;
1. If the client machine is in the same network as that of the Single Port Relay, DMZ Single Port
Relay or Application Server. (LAN scenario)
2. If there is NAT through which client machine can access Single Port Relay, DMZ Single Port
Relay or Application Server. (Usual corporate network setup)
3. If the client machine has a public IP address. (dial-up / broad band scenario, user accessing
TSE Site from outside the office)
In Propalms Terminal Services Edition v7.0 client machines can communicate to remote TSE
Installation, without requiring a public IP address or a NAT setup. They can access the remote TSE
Installation through a SOCKS Proxy.
Scope
SOCKS has two major version and a minor variant. SOCKS4 and SOCKS5 and minor variant
called SOCKS4a. SOCKS 4a is an extension to the SOCKS4 and is basically used when the client
machine can not resolve the destination address from a given a domain name. SOCKS 5 is the
latest and supports client authentication.
Propalms Terminal Services Edition v7.0 will support only SOCKS 4. SOCKS 5 and SOCKS 4a is
not supported. Given that it only supports SOCKS 4, client machines must have capability to
resolve the Single Port Relay, DMZ Single Port Relay or Application Server’s domain name to the
destination IP Address, in case Application Server name or Single Port Relay are accessed using
domain name instead of IP Address.
This SOCKS Proxy Support will be available only when Relaying is enabled. ( works with both
Single Port Relay and DMZ Single Port Relay)
The Propalms Client picks up the SOCKS Proxy setting in Internet Explorer Connection Settings
automatically. In case the SOCKS Proxy server is not running or the SOCKS Config is incorrect,
Proplams Connection Manager puts a up an appropriate error message.
When Netscape is used as a client side browser, and even if the Netscape is properly configured
for SOCKS Proxy, one must also configure the correct SOCKS 4 Proxy address and port in Control
Panel \ Internet Options or in the IE’s Tools \ Internet Options, Connection Settings.
The “Native Launch” feature does not support SOCKS Proxy.
HTTPS Proxy
This feature enables client to launch application from server through HTTPS proxy server even if
the client machine does not have direct IP reach ability with the Application Servers.
If client has configured HTTPS proxy in his browser and Single Port Relay or DMZ Single Port
Relay is enabled then all the RDP and IFS traffic from client to server is routed through the HTTPS
Proxy server.
SOCKS Proxy has higher priority over HTTPS proxy. If both SOCKS and HTTPS Proxies are
configured , SOCKS proxy will be used.

Customize application icon

This feature is about the ability to easily change published application icons in Propalms TSE.
Prior to this release if you wanted to customize the application icon you had to download freeware
programs, extract the “.ico” files from the icon you want, trace the TSE id number to the icon in the
depot folder, copy and paste this info for each of the two size icons and restart the Propalms TSE
monitor service. Another problem was that if the application is updated, the icon will revert back to

Propalms Terminal Services Edition Administrator Guide--1 March 2013 85

Concepts
Application Grouping

the original icon and you had to repeat the process. This release provides the feature to customize
application icon through the Console pages. You need to follow the below instructions to customize
the application icon.
• Administrator first adds an application, at this point the default icon of the application is picked.
• The “Update Icon” action will be added to left hand side actions bar of "Manage->Applications"
tab.
• Only one application is to be selected for application Icon update. Also that application must have
at least one server assigned to it.
• First page of “Update Icon” sequence will be showing all the application servers on which
application is provisioned.
• The next page will allow you to optionally enter path of some customized file in .ico, .dll, or .exe
format. If this field is left blank then icons will be extracted from the application's executable file.
• Next page will show all the icons extracted. The first icon will be the current icon of the
application.
• Administrator will choose one and click the OK button.
• Application Icon will not be extracted during application Update process.

Application Grouping
Application Grouping is provided in Propalms Terminal Services Edition 7.0. It allows to group
several applications together into different folders. This new feature will show only folders (which in
turn belongs to applications) on LaunchPad page, instead of displaying all applications separately.
By clicking on the folder user will be able to see all the applications belonging to that folder.
To group applications under folders go to "Manage Applications->Add Application" page. There are
two options present to provide the folder information.
Create New:
This option is used when admin wants to create a folder and want to add application inside that
folder.
Select From:
This option is used when admin wants to add application inside any one of the existing folders.
From this page admin can create new folder or put the application into existing folder.
If admin does not want to assign the application to folder then “None” option from the drop down
list should be selected.
The admin can also group applications from the "Manage Applications->Update Application" page.

Internet Client Detection

Internet client detection feature allows the administrators to apply different connection settings for
internal clients and external clients which are accessing the Propalms TSE System from outside
network over the internet. Client Groups can be used to filter out such external clients using a new
filter criteria called as Client Public IP range.
To be able to apply different policies to internal and external clients you can create two different
client groups and add filter criteria of Client Public IP Address for the external clients and Client
Private IP Address for the internal clients.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 86

Concepts
Internet Client Detection

Client Private IP Range and Client Public IP range

With Propalms TSE v7.0 the Client IP filter has been categorized into two distinct filter groups.
Client Private IP Range
Client Public IP Range
This categorization has been introduced to facilitate Administrators the option of creating Client
Groups based on Public IP’s for clients connecting over the internet or other networks. So, we now
can filter clients based OS, NetBIOS name, Private IP, Public IP and OU.

With 7.0 we determine two IP’s for the client connecting to the launchpad page.
Client Private address: This is the IP address that is associated on the NIC card of the Client
machine.
Client Public Address: This is the IP from which the final http request comes from the client and
hits the Launchpad page . Public IP will be same as the Private IP if the client is hitting a TSE Web
server in the same LAN . It will be different only if the Client and the TSE Web server are in
different networks. For eg: connecting through internet or over WAN using a secured gateway. So
the public IP will be the IP of the Secured Gateway or IP assigned by the ISP or the internet
gateway IP that one uses when connecting to the internet from an office LAN.
Example:
The TSE Servers are in the 10.10.10.X network.
Client S1 which is in the 192.168.9.X has the IP 192.168.9.107 associated with its NIC card.
When it tries to hit the launchpad in the 10.10.10.x n/w it goes through a secure gateway
10.10.10.100 and hence its public IP is determined as 10.10.10.100.
So all client connecting from the 192.168.9.x n/w will have the same public IP when connecting to
the 10.10.10.x n/w.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 87

Concepts
Internet Client Detection

Client S2 is in the same 10.10.10.x n/w and has IP 10.10.10.2 associated with its NIC card. Hence
its private IP is 10.10.10.2 and as the final http request to launchpad goes from the 10.10.10.2 IP,
its public IP is determined to be the same as the Private IP.
Now, if I were to create a CG called TEST and specify a Public IP filter as follows.

Now the client S1, should fall into this new TEST CG as its public address “10.10.10.100” satisfies
the filter parameters specified in the Public IP range.
Therefore on Connect it will fall into the TEST CG as shown below.

With this new feature the Administrator can filter clients coming from a Public or other networks
and hence limit or provision access to the TSE system, depending on the requirements.
NOTE:
Once a client falls into a specific client group including the default client group it remains in that
client group until it is manually moved by the TSE admin or “Re-sort Client into Client Group on
each connect” is Enabled in Console-Options-User.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 88

Concepts
Server Lockdown

Server Lockdown
By default, when the administrator adds an Application Server to the Propalms Terminal Services
Edition system, the server has no restrictions applied to it. The feature restricts access to the
Application Servers, so that the users can only execute those applications that are provisioned to
them and thus cannot tamper with the Application Server. The feature makes the system less
prone to malicious use, consequently rendering it more stable. This feature is particularly useful if
the administrator intends to provision the Windows desktop from the Application Server. The
administrator can restrict or configure the Windows explorer and some of the standard dialog
boxes, such as the File>Save or File>Open dialog boxes.
Lockdown Policy
A single lockdown setting enables or disables a particular UI element. For example, a setting can
remove the Run submenu from the Windows Explorer’s Start Menu. A set of settings is termed as
a Lockdown Policy. Propalms Terminal Services Edition TSE v7.0 offers 4 predefined system
policies:
1. No restrictions.
2. Low restrictions.
3. Medium restrictions.
4. Highest restrictions.
A Propalms Terminal Services Edition administrator can also create a customized Lockdown
Policy suitable for a specific need from the Options>Lockdown Policies page of the TSE
Management Console by selecting desired settings from a predefined set. This set is actually a
small subset of Microsoft’s Group Policy Settings.
Initially, when a server is added to the Propalms Terminal Services Edition system, it does not have
any Lockdown Policy applied to it, that is a newly added server has a “No Restriction” Lockdown
Policy applied to it. Administrators can assign a Lockdown Policy to an Application Server from the
Manage>Servers>Update Server page of the Console.
The following table describes which settings are applied in the four predefined system lockdown
policies:

Lockdown Policy Setting No Low Medium Highest

Restriction Restriction Restriction Restriction
Disable Windows Explorer’s False True True True
default context menu
Disable registry editing tools False True True True
Disable command prompt False True True True
Remove File Menu from Windows False True True True
Explorer
Remove Run Menu from Start False False True True
Menu
Remove Search button from False False True True
Windows Explorer
Remove Search Menu from Start False False True True
Menu
Disable Context Menu for Taskbar False False True True

Propalms Terminal Services Edition Administrator Guide--1 March 2013 89

Concepts
Server Lockdown

Lockdown Policy Setting No Low Medium Highest

Restriction Restriction Restriction Restriction
Disable changes to Taskbar and False False True True
Start Menu settings
Disable Control Panel False False False True
Hide A, B, C & D drive in My False False True True
Computer
Prevent access to A,B, C & d False False False True
drive in My Computer
Hide the common dialog places False False False True
bar
Disable and remove links to False False False True
Windows update
Disable Task Manager False False False True
Disable Change Password False False False True
Disable Active Desktop False False False True
Disable changing wallpaper False False False True
Remove the Folder options menu False False False True
item from Tools Menu
Prevent user from changing My False False False True
Document path
Remove common program groups False False False True
from Start Menu
Remove Documents menu from False False False True
Start Menu
Remove User’s folder from Start False False False True
Menu
Allow Only Propalms Terminal False False False True
Services Edition Sessions on this
server (Disable Direct RDP
Sessions)
Automatic Reconnection. False False False True
Configure keep-alive connection False False False True
interval.
Do not allow Clipboard False False False True
redirection.
Use Remote Desktop Easy Print False False False True
printer driver first.
Redirect only the default client False False False True
printer.
Enforce removal of remote False False False True
desktop wallpaper.
Remove "Disconnect" option from False False False True
Shut Down dialog.
Remove Windows Security item False False True True
from Start Menu.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 90

Concepts
Server Lockdown

Lockdown Policy Setting No Low Medium Highest

Restriction Restriction Restriction Restriction
Search: Disable Find Files via F3 False False False True
within the browser.
Hide Favorites menu. False False False True
Remove Map Network Drive and False False False True
Disconnect Network Drive.
Remove Security Tab. False False True True
Hides the Manage item on the False False False True
Windows Explorer shortcut menu.
Turn off Windows + X hotkeys. False False True True
Remove pinned programs list False False False True
from Start Menu.
Remove Programs on setting False False False True
menu.
Remove Drag-and-Drop shortcut False False False True
menus on Start Menu.
Add Logoff to Start Menu. False False False True
Remove and prevent access to False False True True
Shut Down command.
Remove access to the shortcut False False False True
menus for the taskbar.
Force classic Start Menu. False False False True
Remove Add Or Remove False False True True
Programs.
Prevent addition of printers. False False True True

Remove Lock Computer. False False False True

Microsoft Group Policy has a very large number of settings. The set in Propalms Terminal Services
Edition TSE is actually a small subset of Microsoft’s Group Policy Settings. The following section
lists all the settings used in Propalms Terminal Services Edition TSE v7.0.
1. Remove Windows Explorer's default context menu: - Removes shortcut menus from the
desktop and Windows Explorer. Shortcut menus appear when you right-click an item. If you
enable this setting, menus do not appear when you right-click the desktop or when you
right-click the items in Windows Explorer. This setting does not prevent users from using
other methods to issue commands available on the shortcut menus.
2. Prevent access to registry editing tools:- Disables the Windows registry editor Regedit.exe.
If this setting is enabled and the user tries to start a registry editor, a message appears
explaining that a setting prevents the action. To prevent users from using other
administrative tools, use the Run only allowed Windows applications setting.
3. Prevent access to the command prompt:- Prevents users from running the interactive
command prompt, Cmd.exe. This setting also determines whether batch files (.cmd and
.bat) can run on the computer. If you enable this setting and the user tries to open a
command window, the system displays a messageexplaining that a setting prevents the
action.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 91

Concepts
Server Lockdown

NOTE
Propalms Terminal Services Edition does not prevent the computer from running batch
files for users that use Terminal Services.

4. Remove File menu from Windows Explorer:- Removes the File menu from My Computer
and Windows Explorer. This setting does not prevent users from using other methods to
perform tasks available on the File menu.
5. Remove Run menu from Start Menu:- Allows you to remove the Run command from the
Start menu, Internet Explorer, and Task Manager. If you enable this setting, the following
changes occur:
1. The Run command is removed from the Start menu.
2. The New Task (Run) command is removed from Task Manager.
3. The user will be blocked from entering the following into the Internet Explorer Address
Bar:
A UNC path: \\<server>\<share> ---Accessing local drives: e.g., C: --- Accessing local
folders: e.g., \temp> Also, users with extended keyboards will no longer be able to display
the Run dialog box by pressing the Application key (the key with the Windows logo) + R. If
you disable or do not configure this setting, users will be able to access the Run command
in the Start menu and in Task Manager and use the Internet Explorer Address Bar.

NOTE
This setting affects the specified interface only. It does not prevent users from using other
methods to run programs. It is a requirement for third-party applications with Windows
2003 or later certification to adhere to this setting. However, it is possible that some older
applications may not follow this requirement.

6. Remove Search button from Windows Explorer:- Removes the Search button from the
Windows Explorer toolbar. This setting removes the Search button from the Standard
Buttons toolbar that appears in Windows Explorer and other programs that use the
Windows Explorer window, such as My Computer and My Network Places. It does not
remove the Search button or affect any search features of Internet browser windows, such
as the Internet Explorer window. This setting does not affect the Search items on the
Windows Explorer context menu or on the Start menu. To remove Search from the Start
menu, use the Remove Search menu from Start menu setting (in User
Configuration\Administrative Templates\Start Menu and Taskbar). To hide all context
menus, use the Remove Windows Explorer's default context menu setting.
7. Remove Search menu from Start Menu:- Removes the Search item from the Start menu,
and disables some Windows Explorer search elements. This setting removes the Search
item from the Start menu and from the context menu that appears when you right-click the
Start menu. Also, the system does not respond when a user presses the Application key
(the key with the Windows logo)+ F. In Windows Explorer, the Search item still appears on
the Standard buttons toolbar, but the system does not respond when the user presses
Ctrl+F. Also, Search does not appear in the context menu when you right-click an icon
representing a drive or a folder. This setting affects the specified user interface elements
only. It does not affect Internet Explorer and does not prevent the user from using other
methods to search. Also, see the Remove Search button from Windows Explorer setting in
User Configuration\Administrative Templates\Windows Components\Windows Explorer.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 92

Concepts
Server Lockdown

NOTE
This setting also prevents the user from using the F3 key.

8. Remove access to the context menus for the taskbar:- Hides the menus that appear when
you right-click the taskbar and items on the taskbar,such as the Start button, the clock, and
the taskbar buttons. This setting does not prevent users from using other methods to issue
the commands that appear on these menus.
9. Prevent changes to Taskbar and Start Menu Settings:- Removes the Taskbar and Start
Menu item from Settings on the Start menu. This setting also prevents the user from
opening the Taskbar Properties dialog box. If the user rightclicks the taskbar and then
clicks Properties, a message appears explaining that a setting prevents the action.
10. Prohibit access to the Control Panel:- Disables all Control Panel programs. This setting
prevents Control.exe, the program file for Control Panel, from starting. As a result, users
cannot start Control Panel or run any Control Panel items. This setting also removes
Control Panel from the Start menu. (To open Control Panel, click Start, point to Settings,
and then click Control Panel.) This setting also removes the Control Panel folder from
Windows Explorer. If a user tries to select a Control Panel item from the Properties item on
a context menu, a message appears explaining that a setting prevents the action. Also, see
the Remove Display in Control Panel and Remove programs on Settings menu settings.
11. Hide these specified drives in My Computer:- Removes the icons representing selected
hard drives from My Computer and Windows Explorer. Also, the drive letters representing
the selected drives do not appear in the standard Open dialog box. To use this setting,
select a drive or combination of drives in the drop-down list. To display all drives, disable
this setting or select the Do not restrict drives option in the drop-down list.

NOTE
This setting removes the drive icons. Users can still gain access to drive contents by
using other methods, such as by typing the path to a directory on the drive in the Map
Network Drive dialog box, in the Run dialog box, or in a command window. Also, this
setting does not prevent users from using programs to access these drives or their
contents. And it does not prevent users from using the Disk Managment snap-in to view
and change drive characteristics. It is a requirement for third party applications with
Windows 2003 or later certification to adhere to this setting.

12. Prevent access to drives from My Computer:- Prevents users from using My Computer to
gain access to the content of selected drives. If you enable this setting, users can browse
the directory structure of the selected drives in My Computer or Windows Explorer, but they
cannot open folders and access the contents. Also, they cannot use the Run dialog box or
the Map Network Drive dialog box to view the directories on these drives. To use this
setting, select a drive or combination of drives from the drop-down list. To allow access to
all drive directories, disable this setting or select the Do not restrict drives option from the
drop-down list.

NOTE
The icons representing the specified drives still appear in My Computer but if users double
click the icons, a message appears explaining that a setting prevents the action. Also, this
setting does not prevent the users from using programs to access local and network

Propalms Terminal Services Edition Administrator Guide--1 March 2013 93

Concepts
Server Lockdown

drives. And it does not prevent them from using Disk Managment snap-in to view and
change drive characteristics.

13. Hide the common dialog places bar:- Removes the shortcut bar from the Open dialog box.
This setting, and others in this folder, lets you remove new features added in Windows
2003 Professional, so that theOpen dialog box looks like it did in Windows NT 4.0 and
earlier. These policies only affect programs that use the standard Open dialog box provided
to developers of Windows programs. To see an example of the standard Open dialog box,
start Notepad and, on the File menu, click Open.

NOTE
It is a requirement for third-party applications with Windows 2003 or later certification
adhere to this setting. However, it is possible that some older applications may not follow
this requirement.

14. Remove links and access to Windows Update:- Prevents users from connecting to the
Windows Update Web site. This setting blocks user access to the Windows Update Web
site at http://windowsupdate.microsoft.com. Also, the setting removes the Windows Update
hyperlink from the Start menu and from the Tools menu in Internet Explorer. Windows
Update, the online extension of Windows, offers software updates to keep a user’s system
up-to-date. The Windows Update Product Catalogue determines any system files, security
fixes, and Microsoft updates that users need and shows the newest versions available for
download. Also see the Hide the Add programs from Microsoft option setting.
15. Remove Task Manager:- Prevents users from starting Task Manager (Taskmgr.exe). If this
setting is enabled and users try to start Task Manager, a message appears explaining that
a policy prevents the action. Task Manager lets users start and stop programs; monitor the
performance of their computers; view and monitor all programs running on their computers,
including system services; find the executable names of programs; and change the priority
of the process in which programs run.
16. Remove Change Password:- Prevents users from changing their Windows password on
demand. This setting disables the Change Password button on the Windows Security
dialog box (which appears when you press Ctrl+Alt+Del). However, users are still able to
change their password when prompted by the system. The system prompts users for a new
password when an administrator requires a new password or their password is expiring.
17. Prevent changing wallpaper:- Prevents users from adding or changing the background
design of the desktop. By default, users can use the Desktop tab of Display in Control
Panel to add a background design (wallpaper) to their desktop. If you enable this setting,
the Desktop tab still appears, but all options on the tab are disabled. To remove the
Desktop tab, use the Hide Desktop tab setting. To specify wallpaper for a group, use the
Active Desktop Wallpaper setting. Also, see the Allow only bitmapped wallpaper setting.
18. Removes the Folder Options menu item from the Tools menu:- Removes the Folder
Options item from all Windows Explorer menus and removes the Folder Options item from
Control Panel. As a result, users cannot use the Folder Options dialog box. The Folder
Options dialog box lets users set many properties of Windows Explorer, such as Active
Desktop, Web view, Offline Files, hidden system files, and file types. Also, see the Enable
Active Desktop setting in User Configuration\AdministrativeTemplates\Desktop\Active
Desktop and the Prohibit user configuration of Offline Files setting in User
Configuration\Administrative Templates\Network\Offline Files.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 94

Concepts
Server Lockdown

19. Prohibit user from changing My Documents path:- Prevents users from changing the path
to the My Documents folder. By default, a user can change the location of the My
Documents folder by typing a new path in the Target box of the My Documents Properties
dialog box. If you enable this setting, users are unable to type a new location in the Target
box.
20. Remove common program groups from Start Menu:- Removes items in the All Users profile
from the Programs menu on the Start menu. By default, the Programs menu contains items
from the All Users profile and items from the user's profile. If you enable this setting, only
items in the user's profile appear in the Programs menu.To see the Program menu items in
the All Users profile, on the system drive, go to Documents and Settings\All Users\Start
Menu\Programs.
21. Remove Documents menu from Start Menu:- Removes the Documents menu from the Start
menu. The Documents menu contains links to the non-program files that users have most
recently opened. It appears so that users can easily reopen their documents. If you enable
this setting, the system saves document shortcuts but does not display them in the
Documents menu. If you later disable it or set it to Not Configured, the document shortcuts
saved before the setting was enabled and while it was in effect appear in the Documents
menu.

NOTE
This setting does not prevent Windows programs from displaying shortcuts to recently
opened documents. See the Do not keep history of recently opened documents on exit
policies in this folder. This setting also does not hide document shortcuts displayed in the
Open dialog box. See the Hide the Dropdown list of recent files setting.

22. Remove user's folders from the Start Menu:- Hides all folders on the user-specific (top)
section of the Start menu. Other items appear, but folders are hidden. This setting is
designed for use with redirected folders. Redirected folders appear on the main (bottom)
section of the Start menu. However, the original, user-specific version of the folder still
appears on the top section of the Start menu. Because the appearance of two folders with
the same name might confuse users, you can use this setting to hide user-specific folders.
Note that this setting hides all user-specific folders, not just those associated with
redirected folders. If you enable this setting, no folders appear on the top section of the
Start menu. If users add folders to the Start Menu directory in their user profiles, the folders
appear in the directory but not on the Start menu. If you disable this setting or do not
configure it, Windows XP Professional display folders on both sections of the Start menu.
23. Remove Favourites menu from Start Menu:- Prevents users from adding the Favourites
menu to the Start menu or classic Start menu.If you enable this setting, the Display
Favourites item does not appear in the Advanced Start menu options box. If you disable or
do not configure this setting, the Display Favourite item is available.

NOTE
The Favourites menu does not appear on the Start menu by default. To display the
Favourites menu, right click Start, click Properties and then click Customize. If you are
using the Start menu, click Advacned tab and then under Start menu items, click the
Favourites menu. If you are using the classic Start menu, click Display Favourites under
Advacned Start menu options.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 95

Concepts
Server Lockdown

NOTE
The items that appear in theFavourites menu when you install Windows are preconfigured
by the system to appeal to most uusers. However, users can add and remove items from
this menu, and system administrators can create a customized Favourites menu for a user
group. This setting only affects the Start menu. The Favourites item still appears in
Windows Explorer and in Internet Explorer.

24. Allow Only Propalms Terminal Services Edition sessions on this Server. (Disable Direct
RDP Sessions):- This is a Propalms Terminal Services Edition TSE-specific setting. This
setting does not use any of the Microsoft Group Policy Object functionality and is
implemented entirely through the Propalms Terminal Services Edition TSE product. If this
setting is applied then any ordinary user who is not a member of either the Propalms
Terminal Services Edition Administrator Group or Local Servers Administrator Group will
not be able to establish a direct RDP session with this Server using the Microsoft’s Remote
Desktop Connection.
25. Specifies whether to allow Remote Desktop Connection clients to automatically reconnect
to sessions on an RD Session Host server if their network link is temporarily lost. By
default, a maximum of twenty reconnection attempts are made at five second intervals.
26. This policy setting allows you to enter a keep-alive interval to ensure that the session state
on the RD Session Host server is consistent with the client state. After an RD Session Host
server client loses the connection to an RD Session Host server, the session on the RD
Session Host server might remain active instead of changing to a disconnected state, even
if the client is physically disconnected from the RD Session Host server. If the client logs on
to the same RD Session Host server again, a new session might be established (if the RD
Session Host server is configured to allow multiple sessions), and the original session
might still be active.
27. You can use this setting to prevent users from redirecting clipboard data to and from the
remote computer and the local computer. By default, Remote Desktop Services allows
clipboard redirection.
28. This policy setting allows you to specify whether the Remote Desktop Easy Print printer
driver is used first to install all client printers.
29. This policy setting allows you to specify whether the default client printer is the only printer
redirected in Remote Desktop Services sessions.
30. Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote
Desktop Services. You can use this setting to enforce the removal of wallpaper during a
Remote Desktop Services session. By default, Windows XP Professional displays
wallpaper to remote clients connecting through Remote Desktop, depending on the client
configuration (see the Experience tab in the Remote Desktop Connection options for more
information). Servers running Windows Server 2003 do not display wallpaper by default to
Remote Desktop Services sessions.
31. This policy setting allows you to specify whether the default client printer is the only printer
redirected in Remote Desktop Services sessions. You can use this policy setting to prevent
users from using this familiar method to disconnect their client from an RD Session Host
server.
32. Specifies whether to remove the Windows Security item from the Settings menu on
Remote Desktop clients. You can use this setting to prevent inexperienced users from
logging off from Remote Desktop Services inadvertently.
33. This policy disables the use of the F3 key to search in Microsoft® Internet Explorer and
Windows Explorer. Users cannot press F3 to search the Internet (from Internet Explorer) or
to search the hard disk (from Windows Explorer). If the user presses F3, a prompt appears

Propalms Terminal Services Edition Administrator Guide--1 March 2013 96

Concepts
Server Lockdown

that informs the user that this feature has been disabled. This policy can prevent a user
form easily searching for applications on the hard disk. It is recommended that you enable
this policy to prevent users from searching for applications on hard drive or browsing the
Internet.
34. This policy prevents users from adding, removing, or editing the list of Favorite links. If you
enable this policy, the Favorites menu is removed from the interface and the Favorites
button on the browser toolbar appears dimmed. Use this policy if you want to remove the
Favorites menu from Windows Explorer and do not want to give users easy access to
Internet Explorer.
35. This policy prevents users from connecting and disconnect to shares with Windows
Explorer. It does not prevent mapping and disconnecting drives from other applications or
the run command. It is recommended that you enable this policy to remove easy access to
browsing the domain from Windows Explorer. If mapped drives are necessary, they can be
mapped from a logon script.
36. This policy removes the Security tab from Windows Explorer. If users can open the
Properties dialog box for file system objects, including folders, files, shortcuts, and drives,
they cannot access the Security tab. It is recommended that you enable this policy to
prevent users from changing the security settings or viewing a list of all users who have
access to the object.
37. This policy removes the Manage option from Windows Explorer or My Computer. The
Manage option opens the Computer Management MMC snap-in (compmgmt.msc). Items
like Event Viewer, System Information, and Disk Administrator can be accessed from
Computer Management. This policy does not restrict access to these tasks from other
methods such as Control Panel and the run command. It is recommended that you enable
this policy to remove easy access to system information about the Terminal Server.
38. This policy turns off Windows+X hotkeys. Keyboards with a Windows logo key provide
users with shortcuts to common shell features. For example, pressing the keyboard
sequence Windows+R opens the Run dialog box; pressing the Windows+E starts Windows
Explorer. It is recommended that you enable this policy to prevent users from starting
applications with the Windows logo hotkey.
39. This policy removes the Pinned Programs list from the new Start Menu. It also removes the
default links to Internet Explorer and Outlook Express if they are pinned, and it prevents
users from pinning any new programs to the Start Menu. The Frequently Used Programs
list is not affected.
40. This policy removes Control Panel, Printers, and Network Connections from Settings on
the Classic Start menu, My Computer and Windows Explorer. It also prevents the programs
represented by these folders (such as Control.exe) from running. However, users can still
start Control Panel items by using other methods, such as right-clicking the desktop to
open Display Properties or right-clicking My Computer to open System Properties. It is
recommended that you enable this policy to prevent easy access to viewing or changing
system settings.
41. This policy prevents users from using the drag-and-drop method to reorder or remove
items on the Start menu. This setting does not prevent users from using other methods of
customizing the Start menu or performing the tasks available from the shortcut menus. It is
recommended that you enable this policy to remove shortcut menus from the Start menu,
including tasks such as creating a new shortcut.
42. It is recommended that you enable this policy to make it easy for users to log off of their
Terminal Server sessions. This policy adds the "Log Off <user name>" item to the Start
menu and prevents users from removing it. This setting affects the Start menu only. It does
not affect the Log Off item on the Windows Security dialog box that appears when you
press CTRL+ALT+DEL or CTRL+ALT+END from a Terminal Server client.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 97

Concepts
Manage Lockdown Policies

43. This policy removes the ability for the user to open the Shutdown dialog box from the Start
menu and from the Windows Security dialog box (CTRL+ALT+DEL). This policy does not
prevent users from running programs to shut down Windows. It is recommended that you
enable this policy help remove confusion from the users and prevent administrators from
shutting down the system while it is in production.
44. This policy removes the right-click menu on the taskbar. This setting does not prevent
users from using other methods to issue the commands that appear on this menu. It is
recommended that you enable this policy to prevent potential access to files and
applications by starting Windows Explorer or Search.
45. This policy effects the presentation of the Start menu. The Classic Start menu in Windows
2000 allows users to begin common tasks, while the new Start menu consolidates common
items onto one menu. When the Classic Start menu is used, the following icons are placed
on the desktop: My Documents, My Pictures, My Music, My Computer, and My Network
Places. The new Start menu starts them directly. Disabling the new Start menu removes
Printers and Faxes. From Printers and Faxes, users can view Server Properties to see
where the Spool folder is installed.
46. This policy removes Add or Remove Programs from Control Panel and removes the Add or
Remove Programs item from menus. If access to Control Panel is prohibited, this policy
can be used to remove the links to Add or Remove Programs from places like My
Computer. The link then displays an access denied message if clicked. This setting does
not prevent users from using other tools and methods to install or uninstall programs. It is
recommended that you enable this policy to prevent users to viewing Terminal Server
configuration information.
47. This policy prevents users from using familiar methods to add local and network printers. It
is recommended that you enable this policy to prevent users from browsing the network or
searching the active directory for printers. This policy does not prevent the auto-creation of
Terminal Server redirected printers, nor does it prevent users from running other programs
to add printers.
48. This policy prevents users from locking their sessions. Users can still disconnect and log
off. While locked, the desktop can not be used. Only the user who locked the system or the
system administrator can unlock it.

Manage Lockdown Policies

Use the Options>Lockdown Policies page of the Propalms Terminal Services Edition
Management Console to view, add, update, or remove lockdown policies. You can apply the
policies you add here to the Application Servers from the Manage>Servers>Update Server page
of the Console.

NOTE
You cannot modify or delete predefined lockdown policies.

This section provides step-by-step procedures to do the following:

View Lockdown Policy

You can view all the policies configured in the Propalms Terminal Services Edition system from the
Options>Lockdown Policies page of the Console. To view the details of a particular policy, click

Propalms Terminal Services Edition Administrator Guide--1 March 2013 98

Concepts

the Policy Name of the relevant policy. The Console displays the lockdown policy details such as
the name and description of the policy and the lockdown policy settings.Click Show All Policies to
return to the Lockdown Policies page.

Add Lockdown Policy

The Add Policy action allows you to add a new lockdown policy to the Propalms Terminal Services
Edition system.
1. To add a set of lockdown policy restrictions:
2. From the Options>Lockdown Policy page, click Add Policy.
3. On the Add Policy page, select/enter the relevant information and click Next.
The Add Policy page displays the choices you make. Review the information, and click Add.
Following are the fields you need to specify while adding a lockdown policy.
Policy Name
This Lockdown Policy name appears on the Propalms Terminal Services Edition Console. You
should specify a meaningful name for a Lockdown Policy.
Description
This is a free-form description of the lockdown policy that identifies the policy or provides other
clarification.
Policy Settings
Select the relevant restrictions you want to include in the lockdown policy.
After you add a lockdown policy, you can apply it to a server from the Manage>Servers>Update
Server page of the console.

Update Lockdown Policy

The Update Policy action permits you to change the restrictive properties of the selected lockdown
policies.

NOTE
You cannot update the properties of a built-in lockdown policy.

To update a set of lockdown policy restrictions:

1. From the Options>Lockdown Policy page, select a lockdown policy and click Update Policy.
2. Change the relevant fields and click Update.

Remove Lockdown Policy

The Remove Policy action permits you to remove the selected lockdown policies. You cannot
remove a lockdown policy template.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 99

Concepts
Printer Driver Management Utility

NOTE
You cannot remove a built-in lockdown policy.

To update a set of lockdown policy restrictions:

1. From the Options>Lockdown Policy page, select a lockdown policy and click Remove
Policy.
2. The Remove Policy page displays the lockdown policies you choose. Click Remove to
remove the displayed lockdown policies.

NOTE
When you remove a lockdown policy that is applied to an Application Server, the server
reverts to the default setting of no restrictions.

Printer Driver Management Utility

During application launch, the client printer is mapped onto an application server. The
corresponding printer driver is installed on the server, if it is not already there. This driver
installation might fail or get aborted if it is not completed in one minute. Finding such failures and
correcting them was not possible in previous versions of Propalms Terminal Services Edition TSE;
there is a tool in TSE v7.0 which allows the administrator to accomplish this task.
The Printer driver management utility in TSE v7.0 enables the administrator to find failed driver
installations in the Propalms Terminal Services Edition TSE team and provides a way to map these
failed drivers to an alternate driver. With that, any subsequent attempts to install the failed driver
will be replaced by installing the alternate driver.
In addition, the utility provides the following features:
1. Displays list of installed drivers in the Propalms Terminal Services Edition TSE server team.
Administrator can replicate the installed driver to all remaining application servers in the team that
have the same operating system.
2. Uninstall of drivers from all application servers having the same operating system.
3. Custom driver mapping: The administrator can map a client driver to a server driver without
having to wait for it to fail (and then do the mapping).
4. Delete and edit user defined driver mappings.
5. Create an allow-only or deny list of drivers. If the administrator creates an allow only list, then
only those drivers are allowed to install on the application server. If the administrator creates a
deny list, then all the drivers except those in the list are allowed to install onto the application
server.
6. Delete a driver from failed driver list.

User Interface
Use the Manage>Servers page of the Propalms Terminal Services Edition Management Console
to launch the Printer Driver Management (PDM) utility. The launch is through Propalms Terminal
Services Edition TSE.
The printer driver utility has four tabs. This section explains their usage in detail.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 100

Concepts
Printer Driver Management Utility

Failed Driver Tab

This tab shows a list of failed drivers for the Propalms Terminal Services Edition TSE team and
allows a user to map an alternate driver for the failed one.

To view the server(s) on which the driver failed, click on a driver in the list. The Application
Servers list box shows servers on which the installation failed.
To view all failed drivers in the team select All from the Application Servers combo box.
To view a server-specific list of failed drivers, select the particular server from Application Servers
combo box.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 101

Concepts
Printer Driver Management Utility

To map a failed driver, select a particular application server and click on the driver name. The right
side of the UI shows driver-specific information, such as the operating system of the application
server, a suggested list of alternate drivers, or a custom list of drivers. The suggested list shows
recommended drivers which should be used as an alternative for the failed driver. This list is
populated from the Propalms Terminal Services Edition TSE database. If the administrator wants
to use any other driver that is not in the suggested list, she can do so using a custom driver list.
The selected alternate driver is shown in the Configured driver edit box. To apply the
mapping click Apply button on the tab.
When the user hits the Apply button the mapping is done and added to the Propalms Terminal
Services Edition TSE
database. The new setting is displayed in the Driver Mappings tab.

NOTE
NOTE: The mapping is done for all servers that have the same operating system installed.
The administrator can remove the driver from the failed list. Select the server on which the
driver has failed, right click on the driver and select the Delete menu item.

Installed Driver Tabs

This tab shows all installed drivers in the team.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 102

Concepts
Printer Driver Management Utility

If All is selected in the Application Servers combo box then the installed drivers list shows all the
drivers installed within the server team. To view the application server on which this driver is
installed, select a particular driver; the right side list of Application servers shows all servers on
which this driver is installed.
To view all drivers installed on a particular server, select the server from the Application Servers
combo box.
Replicate installed driver
Select a server from the Application Servers combo box. To replicate a driver on all remaining
application servers in the team that have the same operating system installed as that of the
selected server, right click the driver and select Replicate menu item. The utility will attempt to
install the driver on all remaining application servers with the same OS type. It then shows a
message box with details including on which servers the installation has succeeded or failed.
Uninstall driver
Select a server from the Application Servers combo box. Select a driver and right click, a pop-up
menu is then displayed. Now select Uninstall from the pop-up menu and click on it. The utility will
attempt to uninstall the driver from all application servers with the same operating system installed
as that of the selected server. It shows a message box with details including on which servers the
uninstall has succeeded or failed.

NOTE
NOTE: The driver installation will fail if the driver is in use, that is if some printer is using
the said driver.

Driver Mapping Tab

This tab shows all the user defined mapping.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 103

Concepts
Printer Driver Management Utility

The user can add a new custom mapping or delete/edit driver mapping.
Add custom mapping
Click the Add button. It shows a dialog box with fields for server platform, client driver and server
driver. Select server driver from the given list, select client driver from the given list or enter the
driver name if it is not in the list. Select alternate driver and click on the OK button. The mapping is
added to the Propalms Terminal Services Edition TSE database. The user cannot assign any
custom server driver name.
Delete custom mapping
Select mapping to be deleted from Printer Driver Mappings list and click the Delete button. The
system asks for confirmation before deleting the mapping. If the user clicks on the Yes button the
mapping gets deleted from the database.
Edit custom mapping
To change any existing user defined mapping, select it and click the Edit button. A dialog box
appears which shows the server platform, client driver and the server driver combo box. The user
is allowed to edit the server driver only. Select the alternate driver and click the OK button.
Compatibility Tab
Here the administrator can create an allow-only/deny list of drivers.
Allow-only list – Only the drivers present in this list are allowed to be installed on an application
server. Any other driver won’t get installed and if any attempt is made to install, an entry will be
made to the event log by the application server.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 104

Concepts
Printer Driver Management Utility

Deny list – All drivers except those in the list are allowed to be installed on the application server.
If a client tries to install a denied driver, an entry is made to the event log by the application server.
The user can either create an allow list or a deny list. The list can be created for application servers
running Windows Server 2003 or Windows Server 2008.
To add drivers in the list click the Add button. It pops up a dialog box showing a list of drivers,
select the driver and click OK.
To delete a driver from list, select the driver and click the Delete button.
To save the list into the database click the Save button. A message box pops up asking for
confirmation. Click OK to save the list.
If user closes the application without saving the changes in the tab, then during application close, a
message box is shown indicating that there are some changes in the compatibility tab, and asking
whether the user wants to save these changes. Click Yes to save the changes.
Refresh Installed Drivers List
The installed drivers list is maintained in the TSE database. Whenever a driver is installed on an
application server through TSE, its entry is added to the list of installed drivers. However, if the
administrator installs a driver manually, then its entry is not added to the database. This option
allows the administrator to enumerate all installed drivers on all application servers in the team.
Go to Tools->Refresh installed drivers and click the menu item. This operation might take some
time since the utility tries to collect the information from all application servers

Propalms Terminal Services Edition Administrator Guide--1 March 2013 105

Concepts
IFS and Printer Data Compression

in the team.
Update Bad Drivers List
Bad drivers are drivers that have shown not to be fully compatible with Windows Terminal
Services. The list of such bad drivers is kept in the database. The list also contains the mapping
information for the alternate driver (if applicable) for the bad driver. Administrator needs to update
the BadDriversForW2K3.inf and BadDriversW2K8.inf files manually on the web server under
Depot folder and then update the bad drivers list through PDM utility. Go to Tools->Update bad
drivers list and click the menu item. This operation might take some time depending on the
connection speed.

IFS and Printer Data Compression

Data compression typically improves the perceived application performance and hence the end
user experience in server-based computing. There are several means of compressing data. In the
latest version of Propalms Terminal Services Edition TSE v7.0, the product uses the lossless
scheme. This scheme is also called non-destructive because the initial data can always be
recovered later.
Data compression reduces the amount of data transferred across the RDP session to increase IFS
or printing performance over bandwidth-limited connections. Effective performance improvements
depend on:
• Time taken by compressed data to travel across client-server network.
• Time taken to compress/decompress the data.
For instance, on low-bandwidth connections, the time taken by the data to travel across a client-
server network is of major concern. So a higher compression-ratio algorithm will be preferred, even
though it takes more time to compress/decompress the data. This is due to the fact that the
majority of the time is consumed for the data transfer over the network, while only a minor part of
the time is consumed for compressing/decompressing the data. However, for high-bandwidth

Propalms Terminal Services Edition Administrator Guide--1 March 2013 106

Concepts
Bandwidth Throttling Management

connections, the time taken by the data to travel over the network is minor. Therefore, a
compression algorithm that executes faster is preferred.
The Connection Settings page of the Propalms Terminal Services Edition Management Console
shows the following data compression related fields:
• Client File System Sharing – Compression:- This setting dictates whether IFS data will
be compressed or not. This field can have values: ON, OFF or UNSPECIFIED. By default,
it’s OFF.
• Client Printer Sharing - Compression (for Propalms Terminal Services Edition
printing only):- This setting dictates whether printer data will be compressed or not. This
field can have values: ON, OFF or UNSPECIFIED. By default, it’s OFF.

Bandwidth Throttling Management

Terminal sessions typically don’t consume much bandwidth for RDP traffic. However, a large print
job may consume available bandwidth in such a way that users are not able to use their terminal
sessions until these print jobs are finished, especially on low-bandwidth connections. In previous
versions of TSE there was no way by which an administrator could avoid performance problems in
terminal sessions caused by large print jobs.
Therefore, the goal of this feature in TSE v7.0 was to prevent performance problems with terminal
sessions caused by large print jobs happening concurrently. Since printing is a job which can run in
the background while the user can continue to work with other applications in a terminal session,
the goals set out for effective bandwidth throttling management were:
• Consistent application performance over different network connections.
• Enhancing the usability of printing over low-bandwidth connections.
“Bandwidth throttling” is used to optimize network bandwidth usage to get more consistent
application performance. It provides the administrator with a way to set a maximum threshold for
the amount of bandwidth a print job may use. While it can slow down printing, it does prevent
performance problems with terminal sessions that are running at the same time.
A typical bandwidth throttling implementation involves following steps:
• Slicing of network packets to a specified size.
• Sending these packets over a network in such a way that they don’t exceed the
specified bandwidth limit.
The Connection Settings page of the Propalms Terminal Services Edition Management Console
shows the following bandwidth throttling related field:
• Client Printer Sharing - Limiting Bandwidth (for Propalms Terminal Services Edition printing
only) :- This field specifies the bandwidth limit for printer traffic. It can have the following
values: Low (28.8 kbps), Medium (56.6 kbps), High (128 kbps), and Unlimited. By default,
the value is set to “Unlimited”.

Automated Administrator Tasks

This feature adds simple, but common and important tasks like Reboot Server, Synchronize
Backup database and Synchronize Database with domain to servers in the Propalms Terminal
Services Edition TSE team. These tasks can be scheduled to run at a specified time and on the
specified server(s).
Propalms Terminal Services Edition TSE ships with two System Defined Tasks:
1. Synchronize Backup Database Task - This task will synchronize the backup database
with the primary database. This task is scheduled to run daily at 4 AM.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 107

Concepts
Automated Administrator Tasks

2. Synchronize Domain Task – This task will synchronize domain objects like users, groups,
OU and their memberships in the Propalms Terminal Services Edition TSE database with
actual domain objects. This will run daily at 3 AM.

NOTE
NOTE: System defined tasks cannot be removed. You cannot add or remove servers to
System Defined tasks. You can only change the schedule of these tasks.

Use Manage->Tasks tab to add, update or remove tasks.

This section provides step-by-step procedures to do the following:
• Add Task
• Remove Task
• Update Task
• Update Schedule
• Add Servers
• Remove Servers
Add Task
To add a new task:
1. On the Manage>Tasks page, click Add Task.
2. The Add Task page opens. While adding an Admin Role you need to define the “Task
Information”.

Task Information. These are the Task information properties.

Name. This name identifies this task. Try to make this name descriptive of its responsibilities.

Description. This free-form field permits you to describe information about the new Task.

Task Settings. These are the Task settings:

Write Task status to application event log:- If this check box is selected, then whenever the task
runs on a server it will make an event log entry specifying information if the task ran successfully or
not.
Enabled:- If this check box is unchecked then the Task will not run on assigned servers.

Task Actions. These are the action settings for the Task:
Action to be performed:- Currently only one action is supported for a Task, which is Reboot
Servers.
Run Only if No Active Session:- If this check box is checked then the Task will run on assigned
Propalms Terminal Services Edition TSE application servers only if there are no active sessions
running on that server.
Time To Give Active Session To Logoff:- If “Run Only If No Active Session” is not selected then
before the rebooting of the application server starts, the Task will automatically logoff active
sessions on that server. To specify the time interval to log off active sessions use this setting.
Select one of the intervals from the drop down box.
Click Next to proceed to the Select Servers page.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 108

Concepts
Automated Administrator Tasks

Select Servers. The Select Servers page allows you to select the Servers on which this Task will run. Select
the Servers and click Next to proceed to the Set Schedule page.

Set Schedule. This page will allow you to schedule this new Task.
Run This Task:- You can choose the Task to run daily or weekly depending on your needs. If you
choose the Task to run weekly then the day selection page will appear only after you click Next.
Start Time (hh:mm):- Specify the start time (hh:mm) to run the Task on the servers. Click Next to
go to day of week selection page if you have chosen to run the Task weekly, else Next will take you
to the confirmation page.
Day of Week:- This page will allow you to select the day(s) of the week on which you want to run
the Task. Click Next to go to the confirmation page, verify all the details about the new Task and
then click Add to add the Task.
Remove Task
The Remove Task action allows you to remove an existing Task from the Propalms Terminal
Services Edition TSE system.
To remove a Task:
1. From the Manage>Tasks page, select the Tasks you want to remove and click Next.
2. The Remove Task page lists the roles you choose. Review the information and click
Remove.

NOTE
You cannot remove system defined Tasks (see above) from the system.

Update Task
The Update Task action allows you to change Task information and the Tasks settings.
To update a Task:
1. From the Manage>Tasks page, select the Task you want to update and click Next.
2. Change the relevant fields and click Update.
For more information on the fields on this page, refer to "Add Task Information".
Update Schedule
The Update Schedule action allows you to change the Task Schedule.
To update the Task Schedule:
1. From the Manage>Tasks page, select the Task for which you want to update the schedule
and click Next.
2. On Update Schedule page change the current schedule to the new schedule to run the
Task and click Next.
3. Review the task schedule information and then click Update.
For more information on the fields on this page, refer to "Set Schedule".
Add Servers
You can add servers from the Propalms Terminal Services Edition TSE team for existing Tasks to
run.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 109

Concepts
Change Password

To add servers to the Task:

1. From the Manage>Tasks page, select Tasks, and then click Add Servers.
2. Select the servers on which you want to run the selected Tasks, and click Add. These
Tasks will now run at scheduled intervals.

NOTE
NOTE: You can add multiple tasks to multiple servers at one time by selecting multiple
tasks t oadd and selecting multiple servers to receive.

Remove Servers
To stop Tasks from running on servers:
1. From the Manage>Tasks page, select a Task, and then click Remove Servers.
2. Select the servers and click Remove.

Change Password
The Change Password feature will allow users to change their domain password from the
Propalms Terminal Services Edition – TSE Launchpad. By default this feature is enabled.
Propalms Terminal Services Edition TSE Console administrators can disable this feature from
Console -> Options -> User page.
When a user logs into the Propalms Terminal Services Edition TSE Launchpad, she will see a
Change Password button on the Options page. After clicking this button the user will be directed
to the Change Password page. To change your password, type your old password and new
password and click Change. You will be asked to re-login into Launchpad again after this.
If the password is expired you will get a warning to change your password upon logging into the
Launchpad. At this stage you can either change the password using the Options page or launch
an application. The application launch will pop up a Windows Change Password dialog box on the
application server. Use this dialog to change your password.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 110

Concepts
Connection Setting Monitoring

Connection Setting Monitoring

Feature Monitor -> Connections -> View Session Details
One of the primary functions of Propalms Terminal Services Edition TSE is to facilitate secure and
managed RDP connections between client and server computers. Connection settings objects set
the parameters of these connections. Administrators can assign a connection setting to an
individual application to override the system’s default setting.
Initially, users connect with the settings that are marked as the default settings. If a user needs to
override the default connection setting for a particular client, the user can choose the setting from
the Option page of the LaunchPad. The chosen setting is remembered on the client computer.
This way, administrators can tailor the connections used on a particular computer to the network
performance of the computer.
Thus, the administrator can assign existing Connection Settings to Client Groups and also to
applications. In addition, a user can select Connection Settings from the LaunchPad.
The effective Connection Settings that are returned to the user can be a combination of the Client
Group Connection Settings, Application Connection Settings, User Connection Settings, and
Default Connection Settings. The precedence order for each type of Connection Settings is Client
Group Settings, Application Connection Settings, and User Connection Settings. If none of these
values is specified, the Connection Settings specified in the Connection Settings set as Default
Connection Settings are used.
As connection settings can be applied at various levels (see above) and as there is some logic
applied that calculates the effective connection settings, it can become a challenge for an
administrator to determine or troubleshoot the effective set of connection settings that controls the
behavior of a particular session.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 111

Concepts
Java Client

Therefore, a feature is available in TSE v7.0 to help the administrator view and manage individual
Connection Settings. In the Monitor -> Connections page of the TSE Management Console,
select any particular session and click on View Session Details. This page shows the effective
Connection settings being applied to the session.

Java Client
Overview
The Java client feature in the Propalms TSE v7.0 enables you to run server-based applications
without installing any additional client software. The Java applet support in the Web Browser is
assumed.

Launching a server-based TSE application via a Java client provides several key benefits:
• Support for RDP 5.x feature set
• Support for DMZ-SPR enabled TSE sessions
In addition to the above mentioned benefits, the Java client launches every application in its own
applet session. Using the Java client users can access printers and files only from the application
server. For using the Java client, users do not need to have Admin rights to their user account.

The following features will not be available while using the Propalms TSE Java client.
• Seamless windows
• File association
• Desktop and Start menu shortcuts
• Local client drive and Printer redirection
Java Client on Windows
While there is no need to install any client software from Propalms, you still must have the support
for Java Runtime Environment (JRE) in the Web Browser. By default this is not available in
Windows XP so the user has to download it from the web. However for other Windows operating
systems such as XP and 2003 it is installed by default but just the user has to enable a setting in
the Internet Explorer. To get the SSL support, it is required to have JRE 1.4 and above or JRE 1.2/
1.3 with JSSE integrated with the browser.
How to Access the Feature?
To launch applications using the Java Client feature administrator has to first enable the feature in
the Propalms TSE Console.
Go To,
Console> Options> Users> Update Options>
Show "Use Java Client" button on Launch Pad (ENABLE)
On the Client Machine (If the Propalms Connection Manager in Not Installed)
You will directly go to the Download Client page on the TSE Launchpad and select the option “Use
Java Client” button.
On the Client Machine (If the Propalms Connection Manager in Installed)
You are directed to the TSE Launchpad page. You should go to the Download Client page and
select the option “Use Java Client” button.
Alternately, even if the administrator does not enables the Java option in the Propalms TSE
Console. Then to launch applications using the Java Client Connection feature one may append a
“?client=java” string to the Launchpad URL. For example if the Launchpad URL is http://

Propalms Terminal Services Edition Administrator Guide--1 March 2013 112

Concepts
Native Windows Client Connections

www.company.com/launchpad, then to access the Launchpad via the Java Client, use the
following URL:
http://www.company.com/launchpad?Client=Java
System Requirements
Operating Systems:
Microsoft Windows ( XP)
Web Browsers:
Internet Explorer (5.5 and 6.0)
Netscape 4.75
Java Environment:
Microsoft Virtual Machine in Internet Explorer 5.5
Java Runtime Environment (JRE)

NOTE
The Java Client feature for Internet Explorer 5.5 will not work if in the Advance setting for
Microsoft VM is not enabled for “Java Console Enabled” “Java Logging Enabled” and “JIT
Compiler for Virtual Machine Enabled”.

For SSL support with Java Runtime Environment (JRE) 1.2 and 1.3 you need to install
Java Secure Socket Extension (JSSE) explicitly.

For SSL support you should have Java Runtime Environment (JRE) 1.4 and above.

Native Windows Client Connections

Overview
The Native RDP Client Connections feature in Propalms Terminal Services Edition TSE v7.0
enables you to run server-based applications without having to install any additional client software
(besides the native Microsoft RDP client) on the client device. Launching a server-based TSE
application via a Native RDP Client Connection provides several key benefits:
• Support for RDP 5.x feature set
• Publishing of applications to web-based interface (TSE Launchpad)
• Resource-based load-balancing for the native RDP session
• No additional installation of a vendor-specific client component
On the other hand, when launching applications using a Native RDP Client Connection, you will
lose many feature enhancements that Propalms’s Propalms Terminal Services Edition TSE clients
provide. The following features will NOT be available in case of a Native RDP Client Connection
launch:
• Seamless windows
• SPR Support
• File Associations
• Desktop and Start menu Shortcuts
• Enhanced Propalms Terminal Services Edition TSE Printing support

Propalms Terminal Services Edition Administrator Guide--1 March 2013 113

Concepts
Native Macintosh Client Connections

Native Client on Windows

While there is no need to install any client software from Propalms, you still must have the
Microsoft Terminal Services Advanced Client (TSAC) ActiveX control properly registered on your
client machine. This ActiveX control resides in a DLL file named MSTSACX.DLL. Windows XP has
this ActiveX installed by default, however for other Windows operating systems it is not installed by
default. If this ActiveX control is not already installed by default, it gets seamlessly installed on your
machine as long as the security settings of your Internet Explorer are configured to allow download
of ActiveX controls.

NOTE
The TSAC ActiveX control and hence the Native RDP Client Connection feature for
Windows will not work if the security settings of the Internet Explorer for “ActiveX controls
and plugins” are not configured to enable “Run ActiveX controls and plugin” and “Script
ActiveX controls marked safe for scripting”.

How to Access the Feature?

To launch applications using the Native RDP Client Connection feature one may append a
“?Client=native” string to the launchpad URL. For example if the Launchpad URL is http://
www.company.com/launchpad, then, to access the Launchpad via the Native RDP Client, use the
following URL:
http://www.comp any.com/launchpad?Client=Native
Alternately, you can go to the Download Client page on the TSE Launchpad and select the “Use
Native Client” button.
Description
When you launch an application through the TSE Launchpad using the Native RDP Client, then
this launch is marked as a Native launch. For Native launches, an additional browser window is
popped up and you can see the application or the remote desktop in this new browser window. On
the Connections page of the TSE Launchpad, the Active Connections list will mark any such
launches as “Native” in the third column named “Client Type”. The “Client Type” column in the
“Active Connections on other clients” indicates “Native” in case of sessions that are launched using
the Native Client. The Connections page in the Monitor tab of the Management Console will
always specify a “Client Type” as either Native or Propalms Terminal Services Edition, as
appropriate.
Reconnecting/Disconnecting a Native RDP Client Session
Even if you launch an application using the Native RDP Client Connection feature from one
machine, you will be able to reconnect to this application from a different machine that has the
Propalms Terminal Services Edition TSE Client Software installed. However, while the new
machine has the proper client software installed, the application will still be reconnected as a
Native RDP Client Launch. In other words, an application launched with the Native RDP Client
Connection feature will always remain a natively run application, no matter whether the Propalms
Terminal Services Edition TSE client software is installed or not on the machine that you use to
reconnect to the application.

Native Macintosh Client Connections

Overview
The Native RDP Client Connections feature in Propalms Terminal Services Edition TSE v7.0
enables you to run server-based applications without having to install any additional client software

Propalms Terminal Services Edition Administrator Guide--1 March 2013 114

Concepts
Native Macintosh Client Connections

(besides the native Microsoft RDP client) on the client device. Launching a server-based TSE
application via a Native RDP Client Connection provides several key benefits:
• Support for RDP 5.x feature set
• Publishing of applications to web-based interface (TSE Launchpad)
• Resource-based load-balancing for the native RDP session
• No additional installation of a vendor-specific client component
On the other hand, when launching applications using a Native RDP Client Connection, you will
lose many feature enhancements that Propalms’s Propalms Terminal Services Edition TSE clients
provide. The following features will NOT be available in case of a Native RDP Client Connection
launch:
• Seamless windows
• SPR Support
• File Associations
• Desktop and Start menu Shortcuts
• Enhanced Propalms Terminal Services Edition TSE Printing support
Native Client on Apple Macintosh
Launching Propalms Terminal Services Edition TSE applications from a Macintosh client machine
requires the Microsoft Remote Desktop Connection Client for Mac to be installed on the machine.
More information can be obtained at this Microsoft Websites Mac section:
http://www.microsoft.com/mac/otherproducts/otherproducts.aspx?pid=remotedesktopclient.
In addition to this client, a Propalms Terminal Services Edition TSE plug-in from Propalms has to
be downloaded and installed in order to use Macintosh machines. This plug-in is currently only
tested on Safari 1.1 (v100) and higher browser running on OS X version 10.3.
How to Access the Feature?
To access TSE from an Apple Macintosh device for the first time you will need to have the
Microsoft RDP client for Macintosh as well as the Propalms Plug-in for TSE installed. Please
complete the following steps:
• First, make sure that the Microsoft RDP client for Macintosh is already installed on your
device; if you don’t have the latest RDP client installed on your device, you can download it
at
http://www.microsoft.com/downloads/details.aspx?FamilyID=6573f9f1-8ae1-4da9- ab5c-
f8457ecdaf2d&DisplayLang=en#filelist
• Next, point the browser on your Macintosh to the TSE Launchpad. TSE will sense the
Macintosh operating system on your device and will offer you to download a ‘native client’
for your device.
• Clicking on the Download button will install the Propalms Terminal Services Edition TSE
plug-in (1PropalmsMacPlugin) for Macintosh OS X by running the Apple Installer.
• Follow the instructions of the Apple Installer.
• Upon completion of the Apple Installer, the Propalms Terminal Services Edition TSE plug-in
will be installed to the /Library/Internet Plug-Ins/ path of the drive you selected.
• Close your browser, restart it, and point it to the TSE Launchpad. You will now be able to
launch an application from any application icon on the Launchpad.
A current limitation of the Microsoft Remote Desktop Connection Client for Mac is that there can be
only one application launched from an application server at a time.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 115

Concepts
Deploying Propalms Terminal Services Edition roles

Deploying Propalms Terminal Services Edition roles

Propalms Terminal Services Edition uses roles to assign a specific task to one or more servers.
The administrator first needs to add a server to the Propalms Terminal Services Edition team and
then add the relevant roles to the server. The roles an administrator can deploy from the
Management Console are:
• Web Server Role
• Application Server Role
• Load Balancer Role
• Relay Server Role
• Virtual Desktop Server Role

Role requirements
Propalms Terminal Services Edition can push any role to any server in the team, but each server
must already have the specific minimum hardware and software configuration required to operate
each role received. Intel Xeon Processor, 400 MHz, Windows 2003 or Windows 2008 servers
generally have the software required for most roles, but to run the Application Server role, a server
must be configured in Application mode.

NOTE
If the Console is running in secure mode (HTTPS), the Depot folder on the Web Server
has to have plain HTTP access, even if the other folders are secured as HTTPS.

The configuration requirements for the various Propalms Terminal Services Edition roles follow,
along with the MDAC, SQL server and browser requirements.
Propalms Terminal Services Edition Web Server role
The Propalms Terminal Services Edition Web Server role requires the following software:
• Windows Server 2003, Standard Edition or Windows Server 2003, Enterprise Edition or
Windows Server 2003, Web Edition or Windows Server 2008 / 2008 R2, Windows Server
2012
• Internet Information Services (IIS)
• MDAC
• Browser
Propalms Terminal Services Edition Load Balancer role
The Propalms Terminal Services Edition Load Balancer role requires the following software:
• Windows Server 2003, Standard Edition or Windows Server 2003, Enterprise Edition or
Windows Server 2008 / 2008 R2, Windows Server 2012
• MDAC
Propalms Terminal Services Edition Relay Server role
The Propalms Terminal Services Edition Load Balancer role requires the following software:
• Windows Server 2003, Standard Edition or Windows Server 2003, Enterprise Edition or
Windows Server 2008 / 2008 R2, Windows Server 2012
• MDAC

Propalms Terminal Services Edition Administrator Guide--1 March 2013 116

Concepts
Deploying Propalms Terminal Services Edition roles

Propalms Terminal Services Edition Application Server role

You must have a system with the following:
• Windows Server 2003, Standard Edition or Windows Server 2003, Enterprise Edition or
Windows Server 2008 / 2008 R2, Windows Server 2012
• Windows Terminal Services installed in Application Server Mode with the service running.
• MDAC
SQL Server
The following versions are supported:
• SQL Server 7 with Service Pack 3
• SQL Server 2005
• SQL Express

NOTE

The SQL Server should be installed with case insensitive collation settings.

MDAC
The following versions are supported:
• MDAC 2.8 and above
Browser
The following versions are supported:
• Internet Explorer 5.5, Internet Explorer 6, Internet Explorer 7.

NOTE
Cookies should be enabled to logon to the Console.

Server Identification in Propalms Terminal Services Edition

The administrator needs to enter the name of the server while adding a server to the team. Further,
the system also needs the internal IP address of the server and a published IP address of the
server. This section explains the use of these in the system.
Server Name
Name of the server as shown in console. This value is read-only in console and Propalms Terminal
Services Edition Engine detects the name of the server. Propalms Terminal Services Edition
Engine can put either NetBIOS or FQDN name. Server name given in console while adding the
server is used to connect to the server.
Internal IP
This IP address of the server is used by other Propalms Terminal Services Edition servers to
communicate with this server. This value is also given to the clients if a published IP address is not
specified. Propalms Terminal Services Edition Engine auto-detects the IP address of the server.
Sometimes the administrator may want to disable auto-detect. For instance, when the server has
multiple network cards, or one card has multiple IP addresses assigned. In such cases, the IP

Propalms Terminal Services Edition Administrator Guide--1 March 2013 117

Concepts
Deploying Propalms Terminal Services Edition roles

address selected by Propalms Terminal Services Edition Engine might not be the right one. The
administrator can disable auto-detection in the Add Server or Update Server sequence from the
Manage>Servers page. The administrator can then specify a NetBIOS name, FQDN name, or IP
address to be used. Unless auto discovery is disabled, values entered by the administrator are
overwritten by the Propalms Terminal Services Edition Engine. For more information, refer to "Add
a server".

NOTE
The Propalms Terminal Services Edition system does not do any validation checks on the
value entered here. Whatever is entered by the administrator, is used by Propalms
Terminal Services Edition, so the administrator has to be very sure about this value.
Otherwise, it may result in an unstable system where other servers in team might not be
able to talk to this server.

Published Address
This IP address is given to the clients. Internal IP address might not be routable from client, so the
administrator can put two network cards on the server, or have two IP addresses on the same card
and make one of them externally routable. Published Address is used only when it is defined;
otherwise, the clients always get the Internal IP address. The Administrator may enter the IP
address or an FQDN name in this field.

Web Server role

The purpose of the Web Server role is to provide a front-end to Propalms Terminal Services
Edition end users and Propalms Terminal Services Edition administrators.
Propalms Terminal Services Edition implements the Web Server role using Web pages (asp, xml,
xsl) that are located in the following folder on the IIS server: \inetpub\wwwroot.
When Propalms Terminal Services Edition deploys a Web Server role, Propalms Terminal Services
Edition creates Console, Depot, and Launch Pad folders.
• Console folder. This folder contains the pages and logic that create the interface that
enables an administrator to configure and manage Propalms Terminal Services Edition.
• Depot folder. This folder contains the software that you need to install Propalms Terminal
Services Edition to either a client or a server (for deploying additional roles). Following is the
description of some of the more important files and folders in the Depot folder:
• Propalms-TSE-Roles.msi file. This contains the binaries used to deploy a role to
another server.
• Versions folder. This contains the individual installs for the Propalms Connection
Manager and the WTS client. These functions are separate to facilitate individual
component upgrades and to simplify client deployments (via automatic version
checking and upgrades).
• Icons folder. This contains the icons of the applications that are available in the
system.
• Launch Pad. This folder contains pages that the end users connect to in order to access
their applications.
When Propalms Terminal Services Edition deploys a Web Server role, Propalms Terminal Services
Edition also uses COM+ Applications. There are six COM+ applications:
• Propalms Terminal Services Edition Application Engine
• Propalms Terminal Services Edition Jobs Framework Engine
• Propalms Terminal Services Edition Domain Engine

Propalms Terminal Services Edition Administrator Guide--1 March 2013 118

Concepts
Deploying Propalms Terminal Services Edition roles

• Propalms Terminal Services Edition License Engine

• Propalms Terminal Services Edition Management Engine
• Propalms Terminal Services Edition Database Access Engine

Load Balancer role

The purpose of the Load Balancer role is to improve the performance of the application delivery
process by utilizing the available resources in an intelligent way. It distributes application delivery
requests to the server that is best suited to handle the request. The Load Balancer uses an
algorithm to determine which server, from those available to the requestor, has the largest amount
of free resources.
By default, Propalms Terminal Services Edition installs the Load Balancer role in the folder
\program files\Propalms\Load Balancer on the server that is to be the Load Balancer
Server, and this Load Balancer Server can be any server in the team that has enough resources to
handle the additional tasks associated with the Load Balancer role.
To provide redundancy for the Load Balancer Role, you should install the role on more than one
server.
The Load Balancer scheme provides the concept of a Master Load Balancer and Peer Load
Balancers. All the Application Servers in the system register with the Master Load Balancer.
The Peer Load Balancers choose one Load Balancer from amongst themselves to become the
Master Load Balancer. Every other Load Balancer in the system keeps track of the health of this
Master Load Balancer. If the Master Load Balancer fails, then the Peer Load Balancers cooperate
to select a new Master Load Balancer and the Application Servers register with the new Master
Load Balancer. This process creates a failover mechanism and ensures system continuity, if ever
there is a Master Load Balancer failure.
When a Master Load Balancer goes down, it takes a maximum of thirty seconds to discover that
the Load Balancer is offline. The new Master Load Balancer waits for all the Application Servers to
register with it. This process takes a maximum of 2 minutes. No applications can be launched in
that interval. However, the existing application sessions continue as usual.
If the Master Load Balancer goes down when promoting the Secondary Database Server, no other
Load Balancer takes over as Master Load Balancer until the promotion is over.
The Load Balancer in Propalms Terminal Services Edition version 7.0 is scalable.
The Application Servers ping the Load Balancers once a minute. The Master Load Balancer
discovers within 3 minutes if an Application Server goes down and does not send any more
sessions to the Application Server.

Relay Server role

The purpose of the Relay Server role is to enhance security by opening only one port for
communication with client computers. If you are not using port 443, you can deploy the Relay
Server role to a Web Server.
Relay Server role is a non-essential role. By default, installation of Propalms Terminal Services
Edition does not install the Relay Server role like other roles. In the Propalms Terminal Services
Edition team, the Propalms Terminal Services Edition administrator can deploy the Relay Server
role on a Windows Server 2003 or a Windows Server 2008.
Prerequisites
• Windows Server 2003, Standard Edition or Windows Server 2003, Enterprise Edition or
Windows Server 2008.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 119

Concepts
Deploying Propalms Terminal Services Edition roles

• The port configured for the single port relay should be available. The system does not allow
pushing of the Relay Server role on a server on which the port configured for single port
relay is not available.
• If the administrator has to add the Relay Server role on a server that is a Web Server, the
administrator should disable the SSL port on the IIS or change the IIS port.
Deploying the entire system to run on a single port
The administrator needs to do the following:
• Distribute Relay Servers and Web Server on mutually exclusive servers. If both are installed
on the same server, both will compete for the same port. Hence, in such a case, two ports
are required.
• Set the same port on the Web Server and Relay Server for communication.
• Ensure there are enough roles of each kind to take care of the load.
Deploying multiple Single Port Relay Servers
The Propalms Terminal Services Edition administrator can configure multiple Relay Servers to
balance the load on the servers in the Propalms Terminal Services Edition team depending on the
number of users. Propalms Terminal Services Edition uses round-robin logic to balance the load
among different Relay Servers.
For a session, a client uses the same Relay Server. When a team is configured with multiple Relay
Servers, if one Relay Server is offline, another takes over. However, if a Relay Server that has an
application launched from it goes offline, the session goes to a disconnect state, if enabled, or logs
off.
Deployment scenarios
The administrator needs to take a calculated decision on which client computers should go through
the Single Port Relay Server. Single port affects performance; hence, the use should be limited to
where needed.
The administrator can configure the clients that should use Single Port Relay using:
Connection settings for
• Client Groups
• Applications
• Users
• URL specification. For more information, refer to "Relay switch for Launch Pad".
Thus, to make different clients use or not use Single Port Relay Server, do any one of the
following:
• Create two Client Groups based on IP addresses for internal and external users. For
internal users, turn off Single Port Relay.
• Use the firewall / DNS to route the right clients to Single Port Relay on, by using the special
URL property.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 120

Concepts
Deploying Propalms Terminal Services Edition roles

DMZ /Firewall /VPN and the Single Port Relay Server

Single Port Relay Server in the DMZ
The following diagram is a symbolic representation of the protocols and ports used by the
Propalms Terminal Services Edition components when the Single Port Relay and the Web
Server are placed in the DMZ.

FIGURE 12. Single Port Relay Server in DMZ

Communication with Domain Controller uses:
• TCP/UDP protocol on MS-DS Traffic port 445
• TCP/UDP protocol on Kerberos port 88
• TCP/UDP protocol on LDAP port 389
• TCP/UDP protocol on DNS port 53
DCOM Calls use TCP protocol on port 135. Additionally, Microsoft recommends that you open a
minimum of 15 to 20 ports from port 5000 and up. For more information, refer to http://
support.microsoft.com/default.aspx?scid=kb;EN-US;250367.
SQL Server uses named pipes by default. You will have to configure a TCP provider on the Single
Port Relay and the Web Server.
To specify TCP/IP as the transport append the following to the connection string using the RK.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 121

Concepts
Deploying Propalms Terminal Services Edition roles

;network=DBMSSOCN;
To specify a port as well if SQL running on a port other than port 1433, use the following format
server=<servername>,<portnumber>
To summarize, following is an example of the connection string.
Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security
Info=False;Initial
Catalog=CanaveralDB;Server=192.168.9.55,2443;network=DBMSSOCN;

Alternatively, you can set the port and transport for the whole computer (from where ADO
connection is being made). You may use the SQL Client Network utility to configure this. However,
this is less useful if there are multiple applications running on the same computer.
Single Port Relay Server inside Firewall
The following diagram is a symbolic representation of the protocols and ports used by the
Propalms Terminal Services Edition components when the Single Port Relay and the Web
Server are placed inside the firewall.

FIGURE 13. Single Port Relay Server inside Firewall

Propalms Terminal Services Edition Administrator Guide--1 March 2013 122

Concepts
Local server install

Application Server role

The purpose of the Application Server role is to enable Propalms Terminal Services Edition to
control the terminal server, either Microsoft Windows Server 2003 or Microsoft Windows Server
2008. Propalms Terminal Services Edition will manage the applications that have been installed on
these Application Servers.

Local server install

Propalms Terminal Services Edition can function in two possible modes.
• Domain install mode, where domain resources (such as users, groups, and computers) are
available.
• Local server install, where it is limited to local computer resources only.
In the second case, the local server may or may not be a part of a domain. Thus, for installations
where a domain is not accessible, administrators are still able to use Propalms Terminal Services
Edition using local user credentials.

Administrators and users

Propalms Terminal Services Edition administrators for the local server install have to be members
of a local group. These administrators can then launch the Console, add applications on the
server, and assign them to local users and groups.
Local users can launch the applications assigned to them when they logon locally. External users
can connect to the Launch Pad and launch applications as long as they logon using a local user
credentials.
In this case, only unibox install is supported. That is, all the roles have to be installed on a single
server. Further, the database must also be on the same server. The software and hardware
requirements for the servers are the same as those for any other Propalms Terminal Services
Edition installation.
If the computer on which Propalms Terminal Services Edition is being installed is a part of a
Domain, the Administrator has the choice to do a domain install or a local server install. If the
computer is not in a domain, only a local server install is possible

Limitations
A local server install has the following limitations when compared to a domain install:
• The installation has to be a unibox installation
• An administrator cannot add another server to the team
• Since the default port for Single Port Relay is same as the SSL port for a Web Server, Single
Port Relay cannot be used without changing the default port
• Since the install is limited to one computer only, backup of database is possible only when
you use a named instance of SQL server (which might not make a lot of sense)
• Domain objects (such as OUs) are not available

Local server install and domain users

In a Propalms Terminal Services Edition team that has been installed for local users only,
sometimes a local user cannot see the provisioned applications after logging on to the Launch
Pad. This happens when the group to which the local user belongs also has some domain users

Propalms Terminal Services Edition Administrator Guide--1 March 2013 123

Concepts
Publishing a Windows Desktop

as members of the group, and the server is no longer in the domain. In this case, the server is
unable to resolve the user SIDs of the domain users.
The administrator should remove the users with unresolved user SIDs from the group and
provision another application to the same group. Now, when the user refreshes the application list,
the application icons are displayed on the Launch Pad. Alternatively, after the unresolved SIDs are
removed, the administrator should delete the user from Console. The next time the user logs on,
all the assigned applications are displayed.
To be able to logon to the Launch Pad or the Console in a local server install setup, the users
should have a valid Logon Name and Password. Users with blank password cannot logon to the
console and the Launch Pad.
It is not possible to do a local server install on a domain controller.

NOTE
If the computer is not in a domain, then only a local server install is possible. In case of
local server install, Propalms Terminal Services Edition Administrator cannot change the
Domain Name field (fixed to local server name) while changing the Propalms Terminal
Services Edition Administrator group from Console.

Publishing a Windows Desktop

Whenever a user logs on to a server using Terminal Services, the shell is launched on the server.
Accessing shell with Terminal Services means getting access to the desktop of the server.
The Publishing a Windows Desktop feature in Propalms Terminal Services Edition makes it easy
for the Propalms Terminal Services Edition administrators to provision Shell (by default,
explorer.exe) for the Application Servers. A Propalms Terminal Services Edition administrator can
directly publish the desktop for users without having to put in the path of the shell manually as
Propalms Terminal Services Edition puts in the path.
While publishing the desktop, the administrator can specify Connection Settings. We have
provided “Shell” Connection Settings, which is an optimized set of connection settings for shell
provisioning.

NOTE
If you provision a shell with connection settings that allow multiple application launches
per session, and multiple applications are launched in a session, then logging off a
published desktop closes all the applications in that session.

The user can access the Application Server desktop from the Launch Pad and use any application
on the Application Server.
Publishing a Windows Desktop is particularly useful in case of CE clients. The administrator can
install all the applications needed by a group or an OU on an Application Server and provision a
shell for the required groups. The users can then logon to the Propalms Terminal Services Edition
team using the Launch Pad and access the shell. The user gets the feel of having the Application
Server desktop as own desktop.

NOTE
For this feature to work, v4.1 or later of the Propalms Connection Manager should be
installed on the Application Server.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 124

Concepts
Load balancing

Steps for publishing a Desktop

An administrator has to do the following for publishing a desktop:
1. Publish a desktop by choosing the Windows Desktop option from the Add Application page
on the Console.
2. Add Application Servers.
3. Add groups, organizational units.
4. Install a client on the Application Server.

NOTE
We recommend that you choose the built-in set of optimum connection settings called
“Shell” for publishing a desktop.

Behavior
When a user accesses the remote Windows Desktop from a client computer, the client has access
to all the Propalms Terminal Services Edition shortcuts on the Application Server. Subsequent
launches via these Propalms Terminal Services Edition shortcuts are metered by the system as if
the launch came from the original client computer. This can be viewed from the
Monitor>Connections page.
When the client launches an application, the desktop server is the preferred server as the first
server to launch these applications. If the desktop server is not available, the Load Balancer
directs the application to another available Application Server.
A single Propalms Terminal Services Edition license is used for the launch.
IFS
The client drives are redirected twice and the Application Server drives are redirected once if the
application is launched from another Application Server. When you make a remote desktop
connection, IFS maps the client drives on the remote Application Server. Any application launched
from that remote desktop will launch in the same RDP session as the desktop if the application is
available on that Application Server. If the application is not available on the same remote server, a
new RDP session will be to an Application Server where the application is available. When
connection is made to the new server, the client drives and the remote desktop drivers (which
include the original client drivers) will be mapped on the new server. Thus doubling the client
drives along with the original remote desktop drives.

Security implications
If the shell is the default windows shell (explorer.exe), then the user accessing the desktop is able
to launch any application that is present on the Application Server. If the user has administrative
rights on the Application Server, the user gets total control of the server.

Load balancing
Propalms Terminal Services Edition enables administrators to load balance terminal server
application sessions based on the resources of the Application Servers. Propalms Terminal
Services Edition supports resource based application-level load balancing as well as resource
based connection-level load balancing.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 125

Concepts
Load balancing

The following figure shows the Load balancing architecture with clients, Propalms Terminal
Services Edition severs, and Application delivery servers.

FIGURE 14. Load Balancing Architecture

Propalms Terminal Services Edition can have multiple servers designated to perform the job of
load balancing by giving them the “Load Balancer” role. These servers could include the same
server as the Application Server in small deployments, or could be a separate dedicated server for
larger deployments.
For redundancy, there should be more than one Load Balancer in the system.
Once the Load Balancer service starts, it checks to see if a Master Load Balancer exists in the
system. If one does not exist, then this load balancer service tries to declare itself the Master Load
Balancer. All the Application Servers in the system register themselves with the Master Load
Balancer. The Load Balancer Assistant also uses Master Load Balancer to forward the client
requests. When Master Load Balancer goes down, other Load Balancers detect this and
collaborate to select the new Master Load Balancer. All of the Application Servers and Load
Balancer Assistants, who are in periodic contact with the Master Load Balancer, detect this change
and begin communicating with this new Master Load Balancer, and Propalms Terminal Services
Edition processing persists with data integrity.
Process flow:
1. Based on a few metrics, Propalms Terminal Services Edition elects the server that will
function as the primary or the Master Load Balancer.
2. The Application Servers now register themselves with this primary load balancer.
3. The Load Balancer now talks to the database about this Application Server, gets the
response concerning the applications provisioned to it, and replies back to the Application
Server with all the application settings required to perform this task.
4. The Application Server now initiates itself with this response and waits for the next
application session request.
5. On a regular basis, the Application Server reports its own perform metrics to the Load
Balancer.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 126

Concepts
Application Grouping

Application Grouping
Overview
Application Grouping feature allows the Propalms TSE administrator to group several applications
into different folders.
With this feature Propalms TSE will display the applications in groups (folders) instead of
displaying application icons randomly on the launchpad only for Icon view.
The Propalms TSE administrator can group the application into different folder through the
Propalms TSE Console. Administrator can even assign or remove a full folder or a single
application from the folder to a specific User, Group and OU.
Application shortcuts will be created in their specific folders on the Desktop and Start Menu.

NOTE
The Application Grouping feature for Launchpad only works with Internet Explorer Web
Browser, but the Shortcuts on the Desktop and Start Menu will be created irrespective of
the browser.

How to Access the Feature

1) Adding a New Folder
Go To,
Console> Manage> Applications> Add Application>
Select the Application that you want to publish and then scroll to Folder Information (The user
has to select from the following options.)
Create New (This will allow the administrator to create a new folder for that application.)
Or Select From (This will allow the administrator to use any pre defined folders for that
application.)
If the user selects the option “Create New” then will have to specify a folder name.
Once you have selected the application details and the folder information then click NEXT and
follow the procedure of adding a new application.
2) Changing folder of a Published Application
Go To,
Console> Manage> Applications> Update Applications> Select Application and click NEXT
In Folder Information select from the option “Create New” and specify a folder name or the other
option “Or Select From” and select the folder from the drop down menu and once done then click
UPDATE.
3) Changing folder of Multiple Applications
Go To,
Console> Manage> Applications> Update Applications> Select multiple Applications and click
NEXT
In Folder Information select from the option “Create New” and specify a folder name or the other
option “Or Select From” and select the folder from the drop down menu and once done then click
UPDATE.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 127

Concepts
Update Icon

4) Removing/Deleting a folder
Note: A folder cannot be removed unless it is Empty.
Go To,
Console> Manage> Applications> Remove Folders
Select the specific folder you want to remove and click on REMOVE.

NOTE
It is not possible to rename a folder that has been created.

It is not possible to assign a single application to multiple folders.

It is not possible to assign two applications with the same name to a single folder, but you
can assign the same application with different names to a single folder.

The application grouping feature for the Launchpad only works with Internet Explorer web
browser but the shortcuts on the desktop and start menu will be created irrespective of the
browser.

Update Icon
Overview
Propalms TSE Update Icon feature allows you to change the Icon of the application that has been
published through TSE. As TSE displays the same icons for applications as displayed on the
Application Server & when the administrator publishes an application, TSE extracts the default
icon associated with that application.
By using this feature of Propalms TSE the administrator can change the default icon to a different
icon by selecting the icon either from that application or from a custom dll, exe or ico file.
The Propalms TSE administrator can change the icon for an application through the Propalms TSE
Console.
How to Access the Feature
1) Updating Icon
Go To,
Console> Manage> Applications> Update Icon> Select Application and click NEXT
Select an Application Server on which the application was published and click NEXT
(If you have multiple servers for that specific application then select any one of them on which the
application is published.)
The administrator has to enter the path of the (.exe, .dll, .ico) file and the icon will be extracted
from the specified path of the file and the list of icons will be displayed and the administrator can
select any icon and click on UPDATE.
(This field is optional and the administrator can skip and click NEXT)

If the administrator skips the above step and clicks NEXT, the icon will be extracted from the
original exe file of the specific application and a list of icons will be displayed and the administrator
can select any icon and click on UPDATE.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 128

Concepts
File associations

Once the administrator has updated the update icon feature the Application Icon will be updated
on the Launchpad, Console, Desktop and Start Menu.
Note: It is not possible to update icons for multiple applications at one time.

File associations
The File Association feature in Propalms Terminal Services Edition enables the users to launch
applications on the Propalms Terminal Services Edition Application Servers directly from the
documents. Windows users can open files by double-clicking the files that have file associations to
local applications. File Associations allow opening an existing file without first opening the
application on remote Application Servers.
When a user double-clicks a file that is associated with an application on an Application Server, the
file automatically opens in the application on the remote Application Server.

Associating file extensions with applications

The Propalms Terminal Services Edition Administrator can associate applications with file
extensions from the console. Depending on the user settings made by the administrator, they may
be binding for the user.
Making file associations from the Console
Propalms Terminal Services Edition Administrators can create file associations for each
application that they provision on the Propalms Terminal Services Edition Application Servers. The
administrator can make these associations while adding a new application to the Propalms
Terminal Services Edition Team, or while updating file associations for an existing application.
When the administrator provisions an application and assigns it to multiple Application Servers, the
administrator gets an intersection of all the current associations on all the selected servers for this
application. These file associations on each server are taken from the HKLM registry hive.

NOTE
Like all other provisioned applications, the applications with file associations also launch in
accordance with the licensing scheme.

The administrator then selects one or many of these extensions for file association. For example,
consider the scenario where the administrator adds PaintShopPro as an application named
PSPEastCoast, and assigns it to two Application Servers, AppEast1and AppEast2, out of the three
available servers. The table that follows explains the concept.
TABLE 5. File Associations on Servers
Application Server Extensions Extensions
Available on Server Available for
Association
AppEast1 .bmp, .gif, .jpeg
AppEast2 .bmp, .jpeg, .tiff .bmp, .jpeg
AppEast3

The administrator can now associate the application with .bmp and .jpeg extensions.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 129

Concepts
File associations

Further, for each application, the administrators can make these file associations binding for the
users. Alternatively, they can give the users the choice to enable Propalms Terminal Services
Edition file association for the each application. For more details on how to make file associations
from the Console, refer to "Update file associations".

NOTE
If another application that hijacks the file associations is installed on top of an existing
server, then this new application is launched even if the administrator has not provisioned
it.

Enabling file associations from the Launch Pad

If the Administrator settings allow the user to enable file associations, the user can use the Launch
Pad to select the desired applications for file association.
On the other hand, if the Administrator settings make the application settings binding on the user,
the file associations made by the Administrator will be created on the client computer. For more
information on how to enable file associations assigned by the administrator from the Launch Pad,
refer to Propalms Terminal Services Edition User Guide.

File associations and the user’s computer

Whenever the file associations are enabled, they are created on the user’s computer whenever
any user:
• Runs the Launch Pad and logs in
• Reboots the computer
• Logs on to a computer as a different windows user
• Clicks the Refresh Applications Link on the Launch Pad
• Right-clicks the Propalms Connection Manager icon on the Task Manager and selects
Refresh all shortcuts
• Launches an application when the Propalms Connection Manager is not running

NOTE
If multiple Propalms Terminal Services Edition users use the same computer as a single
windows user, then the settings of the last user logged on govern the file associations
created on the computer.

On a Windows XP or later, file associations modify the HKEY_LOCAL_MACHINE registry key. On

a Windows 2003 computer, file associations modify the HKEY_CURRENT_USER registry key.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 130

Concepts
File associations

The following screenshot shows the file association for .doc added to
HKEY_CURRENT_USER>Software>Classes for a Windows 2003 client.

FIGURE 15. Registry Entries for File Associations

Interaction with other features

Client Group interaction
Client Group applications do not create file associations on the client’s computer.
Connection Manager on Application Server
There are no issues. You can use file associations in conjunction with a published desktop. In
other words, if a desktop is published to users, then with that desktop the users can use file
associations.

Security implications
For any application, if the file association does not exist on the server, then the “Open With” dialog
will appear and this might pose a security risk in some situations.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 131

Concepts
Launch Pad

Overriding file associations

A local administrator can override the Propalms Terminal Services Edition file associations on a
computer by reverting to the local file associations by:
• Right-clicking the Propalms Connection Manager in the task bar and selecting Delete all
shortcuts from the shortcut menu.
• Editing the Registry to delete the relevant keys.
• From the Options>Update>Update Application Options page, by clearing the check box
next to the appropriate application name whose extensions are to be deleted.
• Exiting the Connection Manager by right-clicking the Propalms Connection Manager in
the task bar and selecting Exit from the shortcut menu.
• Uninstalling Propalms Connection Manager from the computer.
Editing the Registry
To edit the registry to revert to the local file associations:
1. Select Start>Run.
2. Enter regedit in the Open field and click OK.
3. In the Registry Editor, expand HKEY_CURRENT_USER>Software>Classes in the left
pane.
4. Right-click the file association folder that you want to delete, and select Delete from the
shortcut menu.
5. Repeat the previous step for each file association you want to delete.

Launch Pad
The Propalms Terminal Services Edition Launch Pad gives users access to their Propalms
Terminal Services Edition managed applications. Through this Web site, users can launch
applications, adjust their Propalms Terminal Services Edition settings, and manage their
connections. Users can also launch applications using items on their Windows Start Menu,
desktop shortcuts, and Propalms Terminal Services Edition Connections on their Windows-Based
Terminal, but they cannot perform these management functions from these places.

Launch Pad features

From the user’s point of view, the Launch Pad is a simple Web site, focused on launching
applications. The Launch Pad actually has two pages for launching applications: a Favorites page,
which lists the applications a user has selected, and an Applications page, which lists all of the
user’s applications. The Favorites page is the home page for the site. The users can select the
layout of their applications icons on each page.
From the Launch Pad, users can see all the connections that they have made to the Propalms
Terminal Services Edition system, both from their current computer and other client computers and
terminals. The Connections page lists both active and disconnected connections. From this page,
the users can disconnect from active connections and reconnect to disconnected connections.
The user can also connect to active connections on other client computers without first
disconnecting those sessions on the other computers
The Launch Pad is one method for an administrator to distribute the Propalms Client. When users
log on to the site, client-side scripts will detect the presence of the Propalms Client and prompt
them to download the client if they do not have it.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 132

Concepts
Launch Pad

From the Launch Pad, users can choose their favorite applications, start menu applications,
desktop shortcuts, and file associations. They can also set the layouts of their favorites and
applications pages, specify the reconnect option, and select the connection setting for application
launches. Connection settings are collections of connection parameters that are setup by the
administrator for the system.

Setting up the Launch Pad

Propalms Terminal Services Edition allows administrators to customize the Launch Pad from the
Options>User page of the Management Console. The Propalms Terminal Services Edition
administrator can remove end-user features, such as favorites or shortcuts and choose the style of
the Launch Pad. The style affects the layout and graphics that appear in the Launch Pad.
Propalms Terminal Services Edition provides styles that are useful in a stand-alone site or as a
frame in another site.
TABLE 6. Propalms Terminal Services Edition Application Launch Pad styles
Name Features Graphics Comments
Full All Full Default stand-alone
style
No Banner All Minimal Useful for a stand
alone style or a
frame in another site
Minimal Application/Logon None Useful for a frame in
another site

The Propalms Terminal Services Edition Administrator sets the Launch Pad style for all members
of a team. However, a user can change the appearance of his own or her own Launch Pad in
terms of style. To do this, a user adds style=<style number> in the query string and the query string
must begin with a question mark (?).
The first example below shows a generic Launch Pad URL and the second example shows a URL
that is qualified using the style= parameter. In this case, the second URL specifies a Launch Pad
style that has no banner.
http://<Propalms Terminal Services Edition Web Server Name>/Launch Pad\
http://<Propalms Terminal Services Edition Web Server Name>/Launch Pad/?style=2
The valid values for the style number are the digits 1, 2, and 3. The style associated with each
follows:
• 1= full (with banner, side-bar action list, and highlighted page content)
• 2= no banner (with side-bar action list and highlighted page content)
• 3= minimal (with highlighted page content and neither side-bar actions nor banner)
The full launch style contains a banner.
The Propalms Terminal Services Edition administrator can choose to show the team name in the
banner on the Launch Pad, customize the Propalms Terminal Services Edition team name, and
change the support link for the user from the Options>System>Update Options page of the
Management Console. The Propalms Terminal Services Edition administrator can also enable or
disable certain features and specify the reconnect options. For more information, refer to "User
options".

Propalms Terminal Services Edition Administrator Guide--1 March 2013 133

Concepts
Client upgrade

Client upgrade
To allow the Propalms Terminal Services Edition system to use all the features available in later
versions, Propalms Client upgrade from Propalms Terminal Services Edition version 6.0 or later
versions of Propalms Terminal Services Edition is required on the Client computers, where the
Propalms Terminal Services Edition users logon. The client uninstalls the v6.5 client and then
installs the new client. The computer does not have to be rebooted generally.
When you upgrade your team to later versions of Propalms Terminal Services Edition from
Propalms Terminal Services Edition v7.0, if you have already upgraded to Propalms Connection
Manager v7.0, the Propalms Connection Manager v6.5 task bar icon appears green instead of the
usual maroon when there are no active connections. This is to indicate that a newer version of the
client is available for download. After downloading the latest client, the Propalms Connection
Manager task bar icon appears maroon when there are no active connections. When there are
active connections, the Propalms Connection Manager task bar icon always appears blue.
The user needs to be an administrator on the local computer to install the client. The shortcuts
remain functional after the client install as before the Client upgrade.

NOTE
An upgrade does not delete the user settings. That is, the user still connects to the same
Web Server after the upgrade, and has the same shortcuts.

Forcing a download
An administrator can force an upgrade any time a user logs in by selecting the Force Client
Upgrade check box in the Options>User>Update User Options page on the Console. In this
case, every time the user launches the Launch Pad the Download Client page appears, depending
on the Server and the Client versions.

NOTE
The user cannot proceed to any other page except the About page on the Launch Pad
without downloading the client if the force download is applicable as per Table 2.

Thus,
• If Propalms Client is not present on a computer and a user accesses the Launch Pad using
the browser, the user is forced to download the Client, irrespective of the administrator’s
settings and the version of the Server.
• If the version of the Server is later than the version of the Client, the user is forced to
download the Client only if the administrator has made this mandatory in the user settings.
However, the user can go to the Download page and download the Client.
• If the version of the Server is not later than the version of the Client, the user is not forced to
download the Client even if the administrator has made this mandatory in the user settings.

Pushing a client
For a Client upgrade, an administrator generally may want to push the client if:
• After a Server upgrade, there are multiple clients that need an upgrade
• There are multiple logons from such users that do not have administrator rights on Client
computers

Propalms Terminal Services Edition Administrator Guide--1 March 2013 134

Concepts
Client upgrade

In such a case, the administrator can push a Client on each computer using a third party tool such
as Windows 2003 IntelliMirror. For more information, refer to "Installing the client using an MSI
push".

NOTE
We recommend that the administrator push the Client during install in a system account
context and not to a user.

Client on a computer
Deploying the client software
There are two methods of deploying the Client software on a Client computer:
• User can download from a Web Server. For more information on downloading a client from
a Web Server, refer to the Propalms Terminal Services Edition User Guide.
• Administrator can push to the Client computers using some third party tools in the system
context.
Type of client
On a Client computer, in order to be able to use the Propalms Terminal Services Edition Team
applications and shortcuts, Client software along with a Launch Pad ID is required for each user.
The Client software manages the connections between the Servers and the Client computer and
the Launch Pad ID manages the shortcuts and the file associations for a user.
A Client computer may have any one of the following types of Clients:
• Transformed Client
• Nascent Client
Transformed client
A transformed Client has the Launch Pad URL associated with it. This URL is stored in
HKEY_LOCAL_MACHINE in the registry. When a Windows user logs on to a computer, the
Launch Pad URL is combined with the user name and Launch Pad ID is generated. This Launch
Pad ID is stored in HKEY_CURRENT_USER in the registry. The next time this user logs on to this
Client computer, this registry entry in HKEY_CURRENT_USER is used to connect to the
appropriate Web Server and provide the shortcuts, applications, file associations assigned to this
user.
When another user logs on to the same computer, the same Launch Pad URL is combined with
this user name and another Launch Pad ID is generated. This Launch Pad ID is also stored in
HKEY_CURRENT_USER in the registry. The next time this user logs on to this Client computer,
this registry entry in HKEY_CURRENT_USER is used to connect to the appropriate Web Server
and provide the shortcuts, applications, file associations assigned to this user.
Thus, a Launch Pad ID is generated for every user, and an entry is created in
HKEY_CURRENT_USER for every user. Moreover, the Launch Pad URL that is used is the
same for every user. This is the same URL that the administrator has used to transform the
Client software.

NOTE
A user who logs on to a computer having a transformed client has the shortcuts available
after logon as the Launch Pad ID is created at logon.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 135

Concepts
Shortcuts

Nascent client
A Nascent Client does not have a Launch Pad URL associated with it. A user has to logon to the
Launch Pad using the Launch Pad URL provided by the administrator in the browser. The Launch
Pad URL is combined with the user name and a Launch Pad ID is generated. This Launch Pad ID
is stored in HKEY_CURRENT_USER in the registry. The next time this user logs on to this Client
computer, this registry entry in HKEY_CURRENT_USER is used to connect to the appropriate
Web Server and provide the shortcuts, applications, file associations assigned to this user.
When another user logs on to the same computer, the user can logon to the same Launch Pad
URL or another Launch Pad URL provided by the administrator. This Launch Pad URL is
combined with this user name and another Launch Pad ID is generated. This Launch Pad ID is
also stored in HKEY_CURRENT_USER in the registry. The next time this user logs on to this
Client computer, this registry entry in HKEY_CURRENT_USER is used to connect to the
appropriate Web Server and provide the shortcuts, applications, file associations assigned to this
user.
Thus, a Launch Pad ID is generated for every user, and an entry is created in
HKEY_CURRENT_USER for every user. However, the Launch Pad URL that is used may not
be the same for every user.

NOTE
A user who logs on to a computer having a nascent client has no shortcuts available after
logon as the Launch Pad ID is created only after the user logs on to the Launch Pad using
the browser.

Shortcuts
The purpose of the Propalms Terminal Services Edition shortcuts is to provide access to the
Propalms Terminal Services Edition system from the client without requiring the user to use the
Propalms Terminal Services Edition Launch Pad.
The user may have to enter a password when using a shortcut. First, a Propalms Terminal
Services Edition administrator may specify that all users enter a password when using a shortcut.
Second, the Propalms Terminal Services Edition administrator may permit users to omit using a
password when launching an application using a shortcut. Third, if a Propalms Terminal Services
Edition administrator permits a user to omit the password, the user still needs to select the check
box on the Launch Pad Log On page to activate the option to use no password with shortcuts.
Furthermore, although password saving affects shortcuts, it actually operates on all of a user’s
launch triggers whether they are shortcuts or regular Launch Pad triggers.

NOTE
If there are two or more applications in the Propalms Terminal Services Edition system
with the same name, then shortcuts are created only for one application.

For a user to be able to run an application via Propalms Terminal Services Edition, Propalms
Terminal Services Edition must install the Propalms Client on the user’s computer. This client
software is a 6.6 MB file package.
The user can obtain the client software in one of two ways, by having the administrator pushed the
software to the client device or by downloading the client software from the Launch Pad via a
browser.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 136

Concepts
Shortcuts

NOTE
Cookies should be enabled to logon to the Console or the Launch Pad.

What is the Propalms Client?

The Propalms Client is an MSI package that contains the following components
• Propalms Connection Manager
• MS RDP 5.1 ActiveX control
• MS RDP 6.0 ActiveX control for Windows XP
• MS RDP MUI needed for RDP 6.0 ActiveX as per locale
The size of the whole package is approximately 8 MB

Installing the Propalms Client and shortcuts

This section explains two ways of installing a Propalms Client along with your personalized set of
Propalms Terminal Services Edition shortcuts.
Installing the client using an MSI push
An administrator can push the client software to a user’s client devices using any standard third
party tool that supports .msi, such as Microsoft Intellimirror. Before you push the client install, you
need to set the LAUNCH PADURL property in the Propalms-TSE-Client700.msi to point to the
URL of the appropriate Launch Pad. When you open the .msi this LAUNCH PADURL property may
be set to http://shipit/someasppage. Change this to the value that is appropriate for your site. You
can do this by editing the Propalms-TSE-Client700.msi file or by applying a transform for the MSI
(Intellimirror only). To edit the .msi file, you need a special application program. You cannot edit the
.msi file using a program such as Notepad, but you can edit it using a program such as Wise for
Windows Installer.
To read more about these operations:
• Refer to Windows Installer Service Help to find out more about editing MSI.
• Refer to Intellimirror and Windows Installer Service Help to learn more about applying
transforms.
• Refer to your Intellimirror user guide to find out how you can push MSIs.
When a Propalms Terminal Services Edition administrator pushes a client install, it is best to push
it on a per computer basis instead of a per user basis.
When the user logs into the computer with its corporate credentials, at logon, Propalms Terminal
Services Edition evaluates the status of the shortcuts, and when necessary, pushes them,
dynamically, to a user’s Windows Start menu. Propalms Terminal Services Edition creates these
shortcuts to reflect the applications accessible to this user from the groups or OUs to which the
user belongs and through the direct assignment of applications.
When a user wants to update shortcuts for a Client that was set up using a push install, then the
user must click Start>Programs>Startup>Refresh Propalms Terminal Services Edition
Shortcuts.
Installing the client using a user-initiated download
A user can initiate a download of the client software to the user’s client device using the Propalms
Terminal Services Edition Launch Pad.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 137

Concepts
Shortcuts

NOTE
The user needs to have local administrative privileges to install the client.

Under normal circumstances, a user goes to the Launch Pad URL using a browser, logs on to
Propalms Terminal Services Edition using corporate network credentials, and when the Propalms
Client does not exist on the user’s computer, Propalms Terminal Services Edition takes the user to
the Download Client page. The user clicks Download Now to initiate the client download and
install. The client install queries the user for the install location. At the end of the install, the client
automatically contacts the Propalms Terminal Services Edition server, Propalms Terminal Services
Edition populates the user’s Windows Start menu with the appropriate Propalms Terminal Services
Edition applications icons, and the browser page URL points to the Web page that lists this user’s
applications.
Any user who logs on to Propalms Terminal Services Edition from this computer will automatically
have the personal shortcuts generated appropriately.

Configuring shortcuts
For administrators
Administrators can permit or deny the creation of shortcuts on the client devices. Administrators
can allow certain users to override the system-wide shortcuts settings for their devices.
Location of shortcuts in the Start menu
Propalms Terminal Services Edition, by default, creates shortcuts in the program files folder that
resides under a user’s Windows Start menu. All shortcuts appear in a folder that has a name that
reflects the Propalms Terminal Services Edition team name.
Location on a per application basis
An administrator can change the system-wide default-location for shortcuts files. An administrator
does this on a per application basis, using the application’s shortcut-location property. By placing a
new value in this property, an administrator can change the location on the Windows Start menu
where the Propalms Terminal Services Edition shortcuts appear.
For users
Users can launch their applications in one of several ways. They receive a preferred Launch Pad
site, and they can choose to launch an application from that site or from the desktop or Start menu
shortcuts.
If an administrator permits a user to have shortcuts, the user can decide on a per application basis,
where to create application shortcuts. User can choose to create shortcuts on the desktop and or
in the Windows Start menu. A user’s permissions remain with the user’s settings, so a user’s
shortcuts can appear on any client computers from which that the user connects. Therefore, a user
could carry these settings to an internet café.
An Administrator can set one of the following shortcut options for Propalms Terminal Services
Edition users:
None
This option prohibits the creation of shortcuts on the client computers.
All
This option creates shortcuts for all the applications in the Client, on Windows Start menu only

Propalms Terminal Services Edition Administrator Guide--1 March 2013 138

Concepts
Printing

User choice
This option permits a user to choose specific applications to receive associated shortcuts. Then
the user can choose to establish these shortcuts in the Start menu, on the Desktop, or in both
locations.
Shortcut refresh
A refresh event deletes the old shortcuts and creates new ones in their place. It is important to
understand that Propalms Terminal Services Edition updates only those shortcuts that Propalms
Terminal Services Edition creates. If a user creates a shortcut using a method that is external to
Propalms Terminal Services Edition then Propalms Terminal Services Edition does not update that
shortcut. For example, a user could create a shortcut by using a standard Windows shortcut
creation method, then the user might want to delete these shortcuts and then recreate them to
match the Propalms Terminal Services Edition auto generated shortcuts.
The following shortcut creation methods exist:
A user right-clicks the Propalms Connection Manager on the task bar of the client computer, and
then clicks Refresh shortcuts and file associations. The shortcuts will refresh if the user has
previously logged on to the Propalms Terminal Services Edition Application Launch Pad, or if the
administrator has placed the Launch Pad address in the Propalms-TSE-Client700.msi install file.
A user logs on to a client computer. The logon event triggers a refresh. The shortcuts will refresh if
the user has previously logged on to the Propalms Terminal Services Edition Application Launch
Pad or if the administrator has placed the Launch Pad address in the Propalms-TSE-Client700.msi
install file.
A user clicks the refresh application list link that appears on the Favorites or Applications page
of the Launch Pad to refresh the application list.
The user should refresh the shortcuts after changing the shortcut configuration from the Launch
Pad>Options>Update Options page.
Security issues
All user-specific information is stored in the HKCU hive in the registry; therefore, other users using
the same computer to access Propalms Terminal Services Edition applications cannot access
another user’s applications.
Each user’s shortcuts exist on a per-user basis; consequently, shortcuts belonging to one user are
not accessible to other users.

Printing
Propalms Terminal Services Edition printing
Propalms Terminal Services Edition provides multiple printing configuration options. Administrators
need to find the best option for their environment based on the information provided.
Configuring Propalms Terminal Services Edition
After analyzing the system, the administrator can decide which option best suits the environment.
The following is a list of the printing options that an administrator can choose.
Option 1 - Disable Propalms Terminal Services Edition Printer Sharing
Use this option to enable server-side printing only.
We recommend this option if you want all printing to be from printers connected directly to the
server or over the server-side network.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 139

Concepts
Printing

To enable this option from the Management Console, from the Manage>Connection Settings
page, select the Connection Settings you want to update and click Update Settings. In the Client
Printer Sharing area, from the Windows 2003 lists, select the Off option.
Option 2 - Enable Vendor Driver printing
Use this to enable users to print using the vendor driver of the printer.
For this option, the vendor driver must be installed on the server.
We recommend this option for most configurations. Propalms Terminal Services Edition Printing
offers administrators the ability to select both the vendor driver and the Unidriver. In this way,
Propalms Terminal Services Edition leverages any additional functionality that might be available
with the vendor-specific printer drivers. If the vendor driver is not available, printing will use the
UniDriver.
To enable this option from the Management Console, from the Manage>Connection Settings
page, select the Connection Settings you want to update and click Update Settings. In the Client
Printer Sharing area, from the Unidriver list, select the If vendor driver not available option.
Be sure to load all client-side drivers on the Application Server.
Option 3 – Enable UniDriver printing
Use this to enable the UniDriver, the proprietary generic printer driver, to print.
The proprietary Unidriver supports full quality printing, including color. By choosing this option, you
may lose some functionality of the printer driver. For example, if your printer supports showing you
ink levels of your printer, using the unidriver, you will not see that function.
We recommend this option if you do not want to install printer drivers on your server, and are
satisfied with the full quality yet less functionality of your printers.
To enable this option from the Management Console, from the Manage>Connection Settings
page, select the Connection Settings you want to update and click Update Settings. In the Client
Printer Sharing area, from the Unidriver list, select the Always option.

NOTE
Printing data is always transmitted in encrypted form.

Option 4 - Printer Properties Remoted

You can retrieve the per-user DEVMODE properties and set them on the redirected client printers.
A device driver's private data follows the public portion of the DEVMODE structure. Only those
properties which are present in DEVMODE's public data can be remoted.
The properties that can be remoted are :
• Orientation
• Paper size
• Paper length
• Paper width
• Factor by which the printed output is to be scaled
• Number of copies to be printed
• Paper source
• Print quality(printer x-resolution)
• Color (monochrome or true color)
• Duplex printing

Propalms Terminal Services Edition Administrator Guide--1 March 2013 140

Concepts
Printing

• Y-resolution of printer
• TrueType fonts option
• Whether collation should be used when printing multiple copies
• Name of the form to use
• Number of pixels per logical inch
• Color resolution
• Whether the NUP is done
• Frequency
• ICM method
• ICM color matching method
• Type of media being printed on
• How dithering is to be done.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 141

Concepts
Printing

How Propalms Terminal Services Edition Unidriver printing works

This section explains the Propalms Terminal Services Edition printing process.
This section addresses the operational differences between the Propalms Terminal Services
Edition UniDriver and the Citirx MetaFrame Universal Printer Driver by reviewing the process flow
of a print job. The following figure shows this flow.

FIGURE 16. Propalms Terminal Services Edition Unidriver printer driver job flow
When the client connects to the Application Server, Propalms Terminal Services Edition maps all
the client printers on the Application Server (network and local). Propalms Terminal Services
Edition creates printers on the server using Windows Unidriver files. Since these drivers will not be
used to process the print job it is not necessary to have the “real” printer driver on the server.
When the client prints via any of the active applications, Propalms Terminal Services Edition
creates a print job on the server side.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 142

Concepts
Printing

When the print job is rerouted from the server to the client computer, it is routed in the form of an
EMF (Enhanced Meta File), using the proprietary IFS (Internet File System) technology of
Propalms Terminal Services Edition. The EMF format ensures that there is no noticeable loss in
quality during the transmission of print files for the majority of cases.

NOTE
IFS and printing data is always transmitted in encrypted form.

When Propalms Terminal Services Edition processes the print job on the client side, it uses the
actual vendor-supplied printer driver, and Propalms Terminal Services Edition converts the job to a
format that the printer understands. Since Propalms Terminal Services Edition processes the job
using the device-specific printer driver on the client, Propalms Terminal Services Edition fully
supports printing features such as full color and high resolution.
When the print job is then finally sent to the printer, there is minimal loss in quality.

UniDriver printing
This section addresses Unidriver printing, network printing, and support of a default printer.
Propalms Terminal Services Edition UniDriver printing
The Propalms Terminal Services Edition UniDriver supports all types of printers (from basic, black
and white, to high-resolution and high-color laser, PCL3, PCL4, and PostScript printers. The
Propalms Terminal Services Edition UniDriver enables clients to print to any of their attached
printers and to use all of their default printer’s functionality. It does this without requiring server-
side printer drivers and without compromising the quality of the print job.
Propalms Terminal Services Edition can print color output, support all printers that are used on the
network, retain a reference to a client’s original printer name, and print to a printer that is locally
attached to a client’s computer. As Propalms Terminal Services Edition does this, it eliminates
printer driver conflict and improves printing reliability. It does not convert data transmitted from the
server to the client to an interim format, because it avoids processes that can cause degraded
printing quality.
Propalms Terminal Services Edition utilizes the superior Enhanced Meta File (EMF) redirection
technology to achieve reliable, high quality, printing performance. The print process proceeds as
follows: the client connects to the Application Server and Propalms Terminal Services Edition
maps all the clients’ printers to the Application Server (network and local). These printer drivers
can exist on the Application Server along with the Propalms Terminal Services Edition UniDriver.
However, the printer-specific server-side printer driver is not functioning to print the job, so if the
required printer driver is missing on the Application Server host, Propalms Terminal Services
Edition can still produce high-quality print jobs. It is not necessary to have the “real” printer driver
on the server.
The Propalms Client prints via an active application. Propalms Terminal Services Edition creates a
print job on the server side, and Propalms Terminal Services Edition uses its own proprietary IFS
technology to reroute this print job, in the form of an enhanced meta file (EMF), to the client’s
computer; additionally, the use of EMF ensures that there is no loss in quality during the
transmission.
On the client side, a vendor-supplied, device-specific printer driver exists to process the print job,
so the print job uses the full functionality of the printer. For example, Propalms Terminal Services
Edition supports advanced-color and high-resolution printing.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 143

Concepts
Jobs framework

Linking to printers
The Propalms Terminal Services Edition administrator should link to the printers that the Propalms
Terminal Services Edition users will use. The administrator does this by using the Microsoft Printer
Add utility (Start>Settings>Control Panel>Printers>Add Printer).
The Propalms Terminal Services Edition administrator should do this during the initial configuration
of Propalms Terminal Services Edition and should update this configuration periodically. It is
important to update as it can improve application launch speed.
When the Propalms Terminal Services Edition administrator does not perform this task, Propalms
Terminal Services Edition creates transient printer links on a per user basis. This means, when a
user launches an application, Propalms Terminal Services Edition launches the application and
creates a transient link to the user’s printer. When another user launches an application, Propalms
Terminal Services Edition launches the application and creates a transient link to the user’s printer
(even if the user uses the same printer as the first user). When a user logs off from Propalms
Terminal Services Edition, the printer link for that user disappears.
When the Propalms Terminal Services Edition administrator configures printers for each
Application Server using the Microsoft utility, the configuration is static. This means that a specific
printer used by a specific user will be available whenever that user wants to use the printer. The
user will not have to wait for Propalms Terminal Services Edition to create the link, and this speeds
the application launch process.

Jobs framework
Jobs framework feature in Propalms Terminal Services Edition ensures that jobs submitted by
administrators, for example adding a group to an application, are completed without timing out.
The system assigns a Job ID to the job and puts it in a queue from where the Jobs Framework
picks up the job and completes it. The Job Framework feature displays a “Job in Progress” page,
which checks in short intervals if the job is complete. Meanwhile, the administrator can go to any
other page and carry on with the administrative tasks.
An administrator can monitor the jobs submitted to the system by all administrators. Additionally,
the administrator can view the details of any job.

File handling
In the server-based computing world, all applications execute on central servers and not on user
desktop. In an ideal world scenario, the users will save all their files on the servers too, which is not
the case today. Users also need to access and save some of their files on their local hard drives.
Propalms Terminal Services Edition adds this functionality to the RDP protocol. Propalms Terminal
Services Edition permits users to save and access information from their local hard drives as well
as their network drives mapped to their local PC.

Configuration
To map the client’s drives on the server, there must be unique driver letter for each client drive. For
instance if drive A, B, C are being used by the server operation system as server’s floppy and hard
drives then there must be a range of drive letters that must be set aside for client drive maps.
Propalms Terminal Services Edition, by default, reserves drives I through Q on the server for the
client-side drive mappings. These drive letters must not be used by the server. For smooth
functioning, the administrator needs to ensure the following:
• The server is not using drive letters reserved for the client’s drives, on the server.
• Drive letters reserved on the server are sufficient to map all client drives.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 144

Concepts
System heartbeats

The administrator can change the letters to be used for client drive mapping from the
Options>System page. The Propalms Terminal Services Edition Monitor service should be
restarted for any change in the drive letter mapping to be effective.
You can turn off client drive sharing by specifying the first and last letter for drive sharing such that
the last letter specified comes before the first letter specified in the alphabetical order. For
example, you can specify the first letter as "Q" and the last letter as "M". In this case, none of the
client drives will be available to the user in Propalms Terminal Services Edition.

Drive letter confusion on the client side

Because the client’s drive letters change when using a server-side application, the administrator
needs to explain this anomaly. It is possible for administrators to enable end users to retain their
original drive letters by changing the drive letters on the server; for example, if the drives on the
server are A, B, and C, the administrator can re-map these drives to U, V, and W. Then the
administrator can reserve A, B, C to F, for the client drive mapping. You must re-map the drives
before installing Propalms Terminal Services Edition or any other application software on the
servers. There are numerous third-party tools available to do this job.

Security concern
Propalms Terminal Services Edition implements a SMB (Server Message Block) server on the
client. This server allows secure access to client-side drives, within Propalms Terminal Services
Edition applications, without exposing client drives to the whole network.
For certain secure environments, drive mapping may be a security concern. Administrators may
want to prevent users from accessing local drives in Propalms Terminal Services Edition
applications. Propalms Terminal Services Edition provides a global switch for turning off local drive
access. To disable this option from the Management Console, from the Manage>Connection
Settings page, select the Connection Settings you want to update and click Update Settings. In
the Client Drive Sharing area, from the Windows 2003 lists, select the Off option.

System heartbeats
The system heartbeats and time-outs topic describes the heartbeat variables.

Heartbeat variables
Application attribute changes
If an administrator changes the properties of an application, such as the working directory path for
the application, Propalms Terminal Services Edition instantaneously reflects the change, notifying
all Application Servers that hold a copy of the amended application of the change. Next, the
Application Servers register themselves with the Load Balancer. The Load Balancer queries the
database gets the latest information and sends it to the Application Server. This process is roughly
instantaneous, discounting any peripheral network-throughput issues.
Server-side application assignments to changes
If an administrator adds or deletes applications from Application Servers, Propalms Terminal
Services Edition reacts by updating the Propalms Terminal Services Edition database and notifying
the affected Application Server to refresh itself. This process is roughly instantaneous, discounting
any peripheral network-throughput issues.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 145

Concepts
System heartbeats

User-related application assignment change

Changes made to server-side application assignments affect users differently depending on their
logon status.
If users are not using the Propalms Terminal Services Edition Applications Launch Pad then they
receive the latest set of applications when they log on or when they refresh their shortcuts.
If users are using the Propalms Terminal Services Edition Applications Launch Pad then they need
to perform an action, they must either refresh their browser to get a new set of applications or
logon to Propalms Terminal Services Edition again.
Configuration changes
If an administrator changes the system’s configuration, by altering one of the properties using the
Management Console under the Options tab, the changes appear throughout Propalms Terminal
Services Edition instantaneously. The Application Server’s cache holds configuration information;
therefore, in response to a configuration change, Propalms Terminal Services Edition, using the
Propalms Terminal Services Edition Engine that runs on the Application Servers, forces each
Application Server to refresh its cache. Incidentally, all components on an Application Server
obtain configuration information from the Application Server’s cache.
New role addition
If an administrator changes role assignments for a server on a Propalms Terminal Services Edition
team, Propalms Terminal Services Edition reacts by marking these changes in the database and
forcing the Propalms Terminal Services Edition Engine on the affected server to refresh itself.
During this refresh, the server learns that it has a new role, and it takes appropriate actions to
update itself. Propalms Terminal Services Edition reacts based on the conditions of the affected
server. If either the Propalms Terminal Services Edition Engine or the server itself is down, then the
refresh occurs when the server powers up. If the server is idle, the server automatically looks for
changes, about every ten minutes, and it refreshes itself. This refresh process does not consume
many resources.
Console monitor page
The monitor page in the Management Console refreshes itself every five seconds. This refresh
updates the console with load balancer, database connections, relay server, jobs, and connection
information. The administrator can change the page refresh interval from the
Options>Administrator page. For more information, refer to "Administrator options".
Application Server load measurement
The Application Server reports its health (based on variables such as memory, CPU, and queue
length) once every minute to the system. Propalms Terminal Services Edition samples five
readings per minute, averages these five readings, and reports the averaged values to the system.
Application Server crash check
If the Load Balancer does not hear from the Application Server through three continuous refresh
cycles (sixty seconds per cycle), the Load Balancer assumes that the Application Server is offline.
Thus, if an Application Server becomes unavailable without notifying the system, Propalms
Terminal Services Edition detects the condition anyway within three minutes.
The server crash check also operates to free application licenses that might otherwise be stuck
with a failed session. This is how this works. If a user launches an application session, the
Propalms Terminal Services Edition load balancer decrements that application’s licenses-available
count by one. Once the session starts on an Application Server, the Load Balancer knows that the
session has started and Propalms Terminal Services Edition show a “launching” state in the
Management Console, under the Monitor tab, and the connection’s status. Once the sessions
starts on the client, the Application Server the Load Balancer knows that the session has started.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 146

Concepts
Diagnostics

Propalms Terminal Services Edition watches for the session to launch the application, and if the
application session does not launch, after five minutes then Propalms Terminal Services Edition
times out the application session. This time-out must be of a sufficient duration to allow users to
download a client, to obtain their profiles, and to launch their applications. After this amount of
time, frequently five minutes, Propalms Terminal Services Edition increments that application’s
license-available count.

Diagnostics
Propalms Terminal Services Edition is a system that can use many computers and many
configuration variables. Diagnostics helps you detect problems with the Propalms Terminal
Services Edition servers’ configuration or setup.
After selecting the servers to diagnose and the diagnostic tests to carry out, when the diagnose
button is hit on the Management Console by the administrator then the servers selected asked to
diagnose the roles on them. All the roles on the server get the diagnostic request, they are the
ones who actually do the tests, and they report problems back to Propalms Terminal Services
Edition and Propalms Terminal Services Edition displays this status information to the Propalms
Terminal Services Edition administrator.
The architecture of the diagnostic flow appears in the following figure.

FIGURE 17. Flow of diagnostics

These are the Propalms Terminal Services Edition diagnostic tests and the table that follows
explains each.
• Application Path test
• Printer Driver Path Test
• Services Status Test
•
Settings Test
TABLE 7. Diagnostic tests

Diagnostic tests Test Description

Application Path Test This test checks the executable paths for the applications assigned to the
Application Servers and reports if any application path is incorrect.
Printer Driver Path Test This test checks the printer driver paths for each Application Server to
verify that the printer driver paths actually exist on the server.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 147

Concepts
Diagnostics

TABLE 7. Diagnostic tests

Diagnostic tests Test Description
Services Status Test This test checks the status of the required services on the Servers and
reports if a service is missing or stopped.
Settings Test* This test checks whether the Servers have the proper settings required
for the Propalms Terminal Services Edition roles. The various settings
that this process checks for the roles are:
Web server role: Here Propalms Terminal Services Edition checks to see
that the required virtual directories exist on the IIS server and if they do, it
checks to see that the required properties are set correctly.
Load balancer role: If the Load Balancer is the Master Load Balancer then
here Propalms Terminal Services Edition checks to see that all of the
online Application Servers have registered with it. If the Load Balancer is
not the master then Propalms Terminal Services Edition checks to ensure
that no Application Servers have registered with it.
Application server role: Here Propalms Terminal Services Edition checks
the Terminal Services settings to ensure that they are properly set, and it
reports any problem detected.
Relay server role: Here Propalms Terminal Services Edition checks if port
is available and if the Relay server was able to grab it. It also checks if the
Single Port Relay was able to load certificate correctly.

* If you receive a Settings Test failure, see "Settings Test failure" in this document.
The following table lists some of the messages displayed after running the diagnostic tests, along
with the cause and remedy for each message.
TABLE 8. Diagnostic test error messages
Description Cause Remedy
The application was Application Path specified is Update the application path from the
not found. incorrect. Manage>Applications>Update Application
page. For more information, refer to "Update
application properties".
Service not running. Any one of the role Services is not Select Start>Programs>Administrative
running. Tools>Services and start the service.
The printer driver file Printer File Path specified is Update the printer file path from the
was not found. incorrect. Manage>Servers>Update Server page. For
more information, refer to "Update server
profile".
Propalms Client is The Terminal Services connection is Follow the procedure in "Settings Test
unable to set the user not configured to use the connection failure" to configure the Terminal Services
settings correctly. settings from user settings in the connection correctly.
Terminal Services Extension to Local
Users and Groups and Active
Directory Users and Computers.
Propalms Terminal The Terminal Services connection is 1. Click Start>Settings>Control
Services Edition is set to override the default user Panel>Administrative Tools>Terminal
unable to set the idle settings in the Terminal Services Server Configuration>Connections.
timeout. Extension to Local Users and Groups
2. Right click RDP-Tcp and select Properties
and Active Directory Users and
from the shortcut menu.
Computers. This does not allow you
to configure time-out settings for the 3. Click the Sessions tab and then under the
connection. Connection area, clear the Override user
settings check box.
4. Click OK to save your settings.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 148

Concepts
Diagnostics

TABLE 8. Diagnostic test error messages

Description Cause Remedy
Propalms Terminal The Terminal Services connection is 1. Click Start>Settings>Control
Services Edition is set to override the default user Panel>Administrative Tools>Terminal
unable to set the settings in the Terminal Services Server Configuration>Connections.
disconnect timeout. Extension to Local Users and Groups
2. Right click RDP-Tcp and select Properties
and Active Directory Users and
from the shortcut menu.
Computers. This does not allow you
to configure time-out settings for the 3. Click the Sessions tab and clear the
connection. Override user settings check box.
4. Click OK to save your settings.
Propalms Terminal The Terminal Services connection is 1. Click Start>Settings>Control
Services Edition is configured to disallow remote control Panel>Administrative Tools>Terminal
unable to remote of a user’s session. Server Configuration>Connections.
control user sessions.
2. Right click RDP-Tcp and select Properties
from the shortcut menu.
3. Click the Remote Control tab, and choose
the Use remote control with default user
settings option, or select the Use remote
control with the following settings option,
and then choose the appropriate options.
4. Click OK to save your settings.
Automatic logon The Terminal Services connection is 1. Click Start>Settings>Control
needs to be allowed. configured to prompt for password. Panel>Administrative Tools>Terminal
Server Configuration>Connections.
2. Right click RDP-Tcp and select Properties
from the shortcut menu.
3. Click the Logon Settings tab, and clear the
Always prompt for password check box.
4. Click OK to save your settings.
Propalms Terminal The Terminal Services connection 1. Click Start>Settings>Control
Services Edition is environment is not configured Panel>Administrative Tools>Terminal
unable to launch the correctly. Server Configuration>Connections.
application requested
2. Right click RDP-Tcp and select Properties
by user.
from the shortcut menu.
3. Click the Environment tab, and clear the
Override settings from user profile and
Client Connection Manager wizard check
box.
4. Click OK to save your settings.
Propalms Terminal The maximum number of 1. Click Start>Settings>Control
Services Edition is connections is not configured Panel>Administrative Tools>Terminal
unable to manage the correctly for the terminal server. Server Configuration>Connections.
number of
2. Right click RDP-Tcp and select Properties
connections to this
from the shortcut menu.
terminal server based
on load balancing 3. Click the Network Adapter tab, and choose
information. the Unlimited connections option, or choose
the Maximum connections option and specify
the number of maximum connections.
4. Click OK to save your settings.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 149

Concepts
Reporting

TABLE 8. Diagnostic test error messages

Description Cause Remedy
Service not found One of the services is not registered. On the command prompt go to the directory
where the service is installed.
Type LoadMgrService.exe -service
and press Enter.
The Read permissions IIS is not configured with read 1. Click Start>Settings>Control
are not set for the permission. Panel>Administrative Tools>Internet
Console virtual Services Manager.
directory (Console,
2. Right click Console (or Launch Pad or
Launch Pad, Depot)
Depot) and select Properties from the
shortcut menu.
3. Click the Virtual Directory tab, and select
the Read check box.
4. Click OK to save your settings.
The Enable Default IIS is not configured with the correct 1. Click Start>Settings>Control
Documents property is settings for documents. Panel>Administrative Tools>Internet
not set for the Console Services Manager.
virtual directory
2. Right click Console (or Launch Pad or
(Console, Launch
Depot) and select Properties from the
Pad, Depot)
shortcut menu.
3. Click the Documents tab, and select the
Enable Default Document check box.
4. Click OK to save your settings.

Reporting
Propalms Terminal Services Edition provides many powerful system-status and management-
information reports that are dynamically updated in real time. These reports are available from the
Management Console. Additionally, Propalms Terminal Services Edition provides data
manipulation features to support data sorting, to summarize data by properties, or to filter data
object type or processing time. It also provides administrators with a simple way to download the
Propalms Terminal Services Edition data, so the data can be input to other management
information systems. These reports help administrators observe resource usage and project future
resource requirements.

NOTE
If a report has a very large size, the download may time-out and an error may be
displayed.

Propalms Terminal Services Edition creates session data reports and audit data reports.
Sessions data
When users launch applications through Propalms Terminal Services Edition, Propalms Terminal
Services Edition monitors and stores information about each session. Propalms Terminal Services
Edition stores information about both currently running and completed sessions.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 150

Concepts
Reporting

Audit log data

When an administrator changes system data (by adding, changing, or deleting an object such as a
user, an application, or a server) or when an administrator changes object options, Propalms
Terminal Services Edition records the change in the Propalms Terminal Services Edition Audit Log.
Elements
Propalms Terminal Services Edition monitors and reports on these elements, many of which are
domain objects:
Sessions
With this report, the administrator can view the currently active and completed sessions to see who
launches sessions, the time and duration of sessions, and a session’s exit status. The
administrator has the option to truncate or to copy and truncate some or all of the session logs.
Applications
With this report, an administrator can view who uses an application from which client, to see the
maximum current application license use for a designated period, and to determine if the site has
too many or too few licenses. Additionally, the sessions report shows requestor and server
information such as who requests applications from which client computers and which servers
fulfill these requests.
Users
With this report, an administrator can see who launches sessions, number of sessions launched,
and the aggregate duration of the sessions’ use during the specified time. This report helps an
administrator understand how heavily each user uses Propalms Terminal Services Edition for a
given period and to ascertain whether demand is increasing or decreasing by providing data from
different periods.
Clients
With this report, an administrator can see the client computer that launches sessions, number of
sessions launched, and the aggregate duration of the sessions’ use during the specified time. This
report helps an administrator understand how heavily each client computer uses Propalms
Terminal Services Edition for a given period and to ascertain whether demand is increasing or
decreasing by providing data from different periods.
Servers
With this report, an administrator can see the Application Server that hosts sessions, number of
sessions launched, and the aggregate duration of the sessions’ use during the specified time. This
report helps an administrator understand how heavily each client computer uses Propalms
Terminal Services Edition for a given period and to ascertain whether demand is increasing or
decreasing by providing data from different periods.
Audit log
With this report, the administrator can view changes made to the Propalms Terminal Services
Edition database. The administrator can view who made which changes to what instances of which
object, and when they made a change. This report encourages accountability for changes (adds,
updates, or deletes) made to objects (user groups or organizational units, client computers, server
computers, or applications). The administrator has the option to truncate or to copy and truncate
some or all audit log.
Product keys
With this report, the administrator can see the number of Propalms Terminal Services Edition seats
owned, which indicates the number of users who can use Propalms Terminal Services Edition

Propalms Terminal Services Edition Administrator Guide--1 March 2013 151

Concepts
Active session management

concurrently; the maximum concurrent usage for a given period; and the number of times this
maximum use occurred over the specified period. An administrator can determine, at a single
glance, whether the Propalms Terminal Services Edition licensing is adequate or nearing its limit. If
it is nearing its limit, an administrator can upgrade the Propalms Terminal Services Edition
licensing agreement.

NOTE
The setting made by the administrator to purge the Propalms Terminal Services Edition
logs under System>Options affects the Peak Concurrent Usage report. For example, if
the administrator sets purging for logs older than 30 days, and sets the find filter for the
Peak Concurrent Usage to Last 90 Days, the report displays the result only for last 30
days. This is because all the logs older then 30 days are purged.

Reports for business solutions

Over time, Propalms Terminal Services Edition gathers a lot of useful information about the
behavior of the end users with respect to application usage. The following table shows some
business problems that Propalms Terminal Services Edition addresses.
TABLE 9. Business problems and useful Propalms Terminal Services Edition reports
Business Problem Related Propalms Terminal Services
Edition Report
To learn about the activity on a Sessions
particular server
To learn about the usage of the Product Keys
Propalms Terminal Services
Edition product license keys
To monitor application software Applications
license compliance

The different kinds of licensing that can

be monitored by the reports are:
• Application Summary by Users –
unique users licensing
• Application Summary by Sessions –
concurrent usage licensing
• Application Summary by Clients –
client access licensing
To monitor changes made to the Audit Log
Propalms Terminal Services
Edition System

Active session management

An administrator can manage the active sessions by shadowing, disconnecting, reconnecting, or -
off the sessions.

Session shadowing
The Session Shadowing feature permits Propalms Terminal Services Edition administrators to
view and control, from the Management Console, a Propalms Terminal Services Edition session
that is running on a user's desktop.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 152

Concepts
Active session management

Administrators and qualified technical-support representatives use this type of session shadowing
for user training and for trouble shooting. This feature can provide enormous cost-savings by
reducing the need for system administrators and technical representatives to visit a user's site to
resolve an application problem.
An administrator or support representative can activate shadowing, a session-level tool, for any
active session (a disconnected session cannot be shadowed). To shadow a session, a Propalms
Terminal Services Edition administrator or support representative selects the session to be
shadowed from the Monitor>Connections page, and clicks the Shadow action. This action
generates a request to shadow the session to the owner of a session. The owner of the session
may grant or disallow permission to shadow the session.
When an administrator monitors a session, both the administrator and the session owner can
control input to and save output from the session. However, either can save the work from the
session only on those drives that are available to the owner of the session.
Considerations
• A session cannot be shadowed more than once at the same time. If more than one
administrator would like to view the same user session, one administrator must log off from
the shadowing session to permit the next administrator to log on and shadow that same
session.
• To close a shadowing session from the Console, the Propalms Terminal Services Edition
Administrator should type the following keys together:
<Ctrl> <*>
where the * is taken from the numeric keypad.
Do not use the * that is created from <Shift> <8> on the alphabetic/numeric area of the
keyboard.

Session disconnect and reconnect

The Session Disconnect and Reconnect features permit the administrator or a user to detach a
session from a user’s computer temporarily. The user can later reattach to the disconnected
Propalms Terminal Services Edition session.
The session disconnect option terminates a session on a user’s computer, but maintains the
session on the server. Whereas, a session log off terminates a session on both the user's
computer and the Application Server.
The administrator can disconnect a session from the console. Additionally, a user can disconnect a
session from the Propalms Connection Manager or the Launch Pad.
Only a user can initiate a session reconnect. The user can do this from either the original user
computer (the computer from which the user triggered the disconnect event) or from a different
computer (maybe from a home computer). The user can resume work on the affected files at the
point in the files where the disconnect event was triggered.
When a user logs on to Propalms Terminal Services Edition and launches an application that was
a component of a disconnected session, Propalms Terminal Services Edition highlights all of that
user's sessions that have a disconnected status. The user can select and launch a disconnected
session, which will trigger the launch of all applications that were components of that session.
Users can also connect to their active sessions on other client computers. They need not first
disconnect from one client and then go to the other client. This is useful, for example, if a user
leaves a session running in the office, but forgets to save, and then wants to continue with the
same session at home so that there is no loss of work.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 153

Concepts
Active session management

When a network failure occurs, Propalms Terminal Services Edition attempts to save the session
data, so a user can later continue work on a project at the point in the project where the error
occurred.
Considerations
For a session disconnect/reconnect to operate, a Propalms Terminal Services Edition
administrator must first permit session disconnects.
To enable the disconnect connections property, a Propalms Terminal Services Edition
administrator the administrator selects the profile to be changed from the Manage>Connection
Settings page of the console, clicks Update Setting, and selects the Reconnect check box.
Once the reconnect option is set, the user has the option to consider session disconnect and
reconnect actions. The following items are true if the Reconnect check box is selected.
If there is a failure (a power outage on the client computer, a network-generated failure, or a
Terminal Server failure), Propalms Terminal Services Edition automatically triggers a session
disconnect.
• If the Reconnect option is enabled, the session disconnect executes, and data from all
applications running under that session is saved.
• If the Reconnect option is not enabled, the session disconnect fails, a session log off occurs,
and data from all the applications running under that session is not saved.
If a user saves the files at some point prior to the failure, the user can later launch the
affected files and see that data as it was during the last save. The data entered between the
last file save and failure event is lost.
Procedures
A user uses the Launch Pad to view all active sessions and to disconnect from one or more
sessions. Additionally, the user uses the Launch pad to reconnect to a disconnected session or
connect to an active session on another client computer without first disconnecting the session
from the other computer.
An Administrator uses the Console:
• To view all disconnected sessions from the Monitor>Connections page, by sorting active
sessions on the Session State column.
• To disconnect a user’s session from the Monitor>Connections page, by using the
Disconnect function.
• To control the duration between a session’s disconnect event and a subsequent automatic
session log off event.
• To enable or disable the session disconnect/reconnect option.
Configuration
The session disconnect/reconnect option is available only when an administrator enables this
feature. Some administrators may want to disable this feature.

Session log off

The Session Log Off feature permits the administrator to terminate a session that is running on a
user's computer in an active or a session that is in a disconnected state. The administrator may
need to log off sessions in extreme circumstances; for example, a server may be failing or a disk
may appear corrupt and the administrator may want to remove the session from the server
immediately.
The session log off option terminates the session on both the user's computer and on the
Application Server. This action forcibly kills and permanently terminates the session.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 154

Concepts
Achieving database redundancy

Consequently, it is a good idea to send a message to the owner of the session in question before
executing a logoff event. To send a message to the owner of the session, use the Send Message
action on the Manage>Connection Settings page.
Propalms Terminal Services Edition can initiate a session log-off event programmatically in
conjunction with an inactivity timer, an administrator can initiate a log off from a Management
Console, or a user can initiate a log off from the Propalms Connection Manager or the Launch
Pad. The Session report lists all logged off sessions along with a logoff event trigger (normal,
forced, or time-out).
Procedures
An Administrator uses the Console:
• To view the event that triggered a session’s logoff, from the Report>Sessions page, select
the time duration and sort the sessions on the Application Exit Status column.
• To force a log off from the console, from the Monitor>Connections page, select the
session to terminate, and click Log Off.
• To control the duration between a sessions’ disconnect event and a subsequent automatic
log off event, from the Manage>Connection Settings page, select the Connection setting
target, and click Update Settings. Change the Logoff Disconnected Connections option
under the Propalms Terminal Services Edition Features area, and click Update.
• To send a message to one or more active sessions, from the Monitor>Connections page,
select the logon names that are the target of the message and click Send Message.
Configuration
The only configurable variable is the idle time-out parameter, which relates to the duration of
inactivity between the client computer and a server. This is duration between the then current time
and the prior last keyboard input or mouse click. This time-out parameter acts at the session level;
however, it is set at the launch settings level, so all users (and their sessions) running under a
specific Launch Settings profile are affected by the value of the idle time out setting. A Propalms
Terminal Services Edition administrator who uses the Console sets this variable.

Achieving database redundancy

Propalms Terminal Services Edition provides a method for a fail-over Database Server so that
application launches do not fail even if the Primary Database Server is offline.
An administrator can achieve database redundancy in the following ways:
• Use SQL tools to create a database cluster or use a redundancy mechanism
• Use Propalms Terminal Services Edition database redundancy feature
Propalms Terminal Services Edition allows the administrator to specify a Backup Database Server
in addition to the Primary Database Server. After the administrator adds a backup database, the
Propalms Terminal Services Edition system adds to the Console the interface to promote, remove,
and synchronize the backup database.
The system automatically synchronizes the Backup Database Server periodically with the Primary
Database Server. The administrator can specify the time interval for this synchronization. The
Load Balancer decides which Web Server does the synchronization. The system requirements for
the Backup Database Server are the same as those for the Primary Database Server.
The administrator can promote a Backup Database Server to make it a Primary Database Server.
Additionally, the administrator can remove a Backup Database Server. The administrator can also
view the status of the Database Server Connections.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 155

Concepts
Achieving database redundancy

Adding backup Database Server

An administrator can add a second Database Server to act as a backup in case the Primary
Database Server goes offline. This server is called a Backup Database Server. When the Backup
Database Server is added, the system:
• Creates the database
• Copies all the system, log, and session information from the database on the Primary to the
Backup Database Server
In order to add a Backup Database Server, the administrator needs to:
• Specify the name of a Database Server and the synchronization interval.
• Specify the required user credentials. The account should have sufficient rights on the
Database Server to create database.

NOTE
Incomplete jobs are not copied to the Backup Database as it is read-only and
administrative changes cannot be updated to the Backup Database.

Uses of the Database redundancy feature

This section explains some of the ways for the administrator to use the database redundancy
feature.
Primary Database Server fails or goes offline
When the Primary Database Server fails or goes offline, the system becomes read-only and
application launches take place using the Backup Database Server. The administrator cannot
make any updates to the system.
The Backup database contains information synchronized during the last synchronization. Changes
made in the Primary database after the last synchronization will not be there in Backup database.
Existing users can launch applications from the existing client computers. However, a user who
has never logged on to the Launch Pad will not be able to logon while the Propalms Terminal
Services Edition team is running on the backup database. Additionally, any computer that never
been used to logon to the Launch Pad cannot be used to logon to the Launch Pad while running on
the backup database. Users cannot change their system option settings.
The administrator can do the following:
• Logon to Console/Launch Pad and navigate all tabs
• Diagnose servers
• All actions under Connections tab
• Monitor Load Balancer status
• Monitor database connections
• Monitor the Relay Server
• Review jobs history

NOTE
Only completed and failed jobs are copied to the backup database, so a job in started or
submitted state is not displayed.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 156

Concepts
Achieving database redundancy

• Generate and download all types of reports.

• Promote backup database.

NOTE
It takes about two minutes to switch launches from the Primary Database Server to the
Backup Database Server when the Primary Database Server fails or goes offline. All
launches attempted in the switching period fail.

Promoting the Backup Database Server

When the Primary Database Server fails or goes offline, the administrator should do the following:
• Promote the Backup Database Server to make it the Primary Database Server. For more
information, refer to "Promote Backup DB".

NOTE

Since the Backup Database Server is synchronized periodically, it is possible that

the backup database is not synchronized with the Primary Database Server when
the Primary Database Server goes down. We recommend that if the Primary
Database Server is online, the administrator should synchronize the Backup
Database Server with the Primary Database Server before promoting the Backup
Database Server.

While promoting the Backup Database Server, the administrator should ensure that all the
servers in the system are online and can talk to the Backup Database Server. The
administrator can verify this from the Monitoring>Database Connections page.
• Create a new Backup Database Server. For more information, refer to"Add Backup DB".
If the master Load Balancer goes offline when promoting the Backup Database Sever, no other
Load Balancer takes over as master Load Balancer until promotion is over.
The administrator can decide not to promote the Backup Database Server and restore the Primary
Database Server with some other mechanism, or correct a hardware problem on Primary
Database Server and bring that back online. In this case, all the information the system writes to
the log archive table while the Primary Database Server is offline is lost.
Using Propalms Terminal Services Edition Resource Kit to assign Database Server
If a server is offline when the administrator promotes a Backup Database Server, the administrator
should wait for the server to come online, and then use the Propalms Terminal Services Edition
Resource Kit to assign the new Primary Database Server, that is the promoted Backup Server to
the server that has come online. For more information, refer to "Migrating to a new Propalms
Terminal Services Edition Database server".
Taking the Primary Database Server offline for maintenance
The administrator needs to do the following:
• Manually synchronize the Backup Database Server with the Primary Database Server.
• Take down the Primary Database Server, and do the maintenance. The system runs on the
Backup Database Server in the read-only mode in this time.
• Bring up the Primary Database Server. All the information written in the log archive table
while the Primary Database Server is taken off for maintenance is lost.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 157

Concepts
Seamless windows

Moving the Primary Database Server to another server

To move the data from the Primary Database Server ‘A’ to another Database Server ‘C’, the
administrator should:
• Create a Backup Database Server ‘C’.
• Promote ‘C’ to make it the Primary Database Server.

Synchronization of the Backup Database Server

The system synchronizes the Backup Database Server with the Primary Database Server in two
ways:
Full copy of the database
Using the same database, the system recreates the tables and copies all the data again to the
Backup Database Server. It is like recreating a new backup database minus “create database”.
The administrator can set the synchronization interval from the Console. For more information,
refer to "Change Sync Interval".
In addition to the automatic full copy of the database that occurs at the interval, the administrator
can manually synchronize the backup database from the console. For more information, refer to
"Synchronize DB".
Advantages of full synchronization are:
• Any failed 10-minute synchronizations are now reset.
• It resets the database.
Disadvantages of full synchronization are:
• It causes overhead on the Web Server.
• It increases the Network traffic.
We recommend full synchronization when:
• 10-minute synchronizations are failing.
• Log archive table information is to be synchronized.
• Administrator wants to take down the Primary Database Server for maintenance.
Incremental synchronization of the database
Every ten minutes, the system copies the incremental audit log operations to the backup database.
All the essential Propalms Terminal Services Edition functioning data is copied from the primary
database to the backup database.
The interval for this incremental synchronization is set in the registry of each Load Balancer server.
We recommend that you do not edit the registry. Contact Propalms support if you want to change
the incremental synchronization interval.
Every 10 minutes, the Master Load Balancer finds the best Web Server that can connect to both
the databases to perform this synchronization. The Web Server does the synchronization.

Seamless windows
The seamless windows feature integrates locally and remotely running application into a local
Windows desktop removing the WTS shell. This allows a user to view a remotely hosted session
without viewing the desktop frame from the server session that hosts the application.
The seamless windows feature provides a cleaner-looking, less-confusing interface and it enables
a remotely launched application to mirror the look and feel of a locally launched application.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 158

Concepts
Seamless windows

Propalms Terminal Services Edition places a task bar button on the task bar for each top-level
window in that Propalms Terminal Services Edition session.
To produce a seamless window on a user’s desktop, Propalms Terminal Services Edition removes
the background of the remote desktop and adds a corresponding dummy task bar button to allow a
user to minimize and then maximize an application. The dummy task bar button activity then
synchronizes with the actual server-side window.
Launch setting configuration
Every Launch Pad portal, high-speed to low bandwidth, has at least one associated launch setting
profile that supports the device and its configuration characteristics. Seamless windows is one of
the parameters of the launch setting profile, so all applications launched under a specific Launch
Settings profile will have the same seamless windows behavior.
Seamless window options
The administrator can set the value for the Seamless Windows option on the Propalms Terminal
Services Edition Features area from the Manage>Connection Settings page by selecting the
relevant Connection Settings and clicking Update Setting. The valid values are Always, Never,
and Except During Logon.
The following text explains why many people select the Except During Logon option.
When the administrator permits users to use automatic logon and users are also using seamless
windows, it generally works. In most cases, a user can successfully log on to the Terminal Server
Computer (Application Server) without the user entering the password and username.
However, in some instances, the computer may prompt for some user response and the prompt
may not be visible to the user. This might happen when the user’s password expires or when some
network-security-authentication message box pops up.
To negotiate these exception events, it is best to select the Except During Logon option for the
Connection setting.
• If the Seamless Windows setting is set to Always, the prompt will not be visible on the client
computer but some message box will be waiting for some user input. So the session may
effectively appear like hung.
• If the Seamless Windows setting is set to Except During Logon, the prompt will be visible.
Therefore, it is always advisable to set the Seamless Windows setting to Except During
Logon. This setting permits the Window session to launch in one mode and to run in another
mode. The session launches in a non-seamless window, and the user sees the Windows
Logon Dialog box and any subsequent message boxes. Once the authentication completes
and the session switches complete, the session runs in a seamless mode.
Procedures
An administrator uses the Application Management Console, Manage>Connection
Settings>Update Settings page to affect Seamless Windows in the following ways:
• To enable or disable seamless windows mode for the relevant platform’s launch profile.
• To enable select seamless window Always or Except During Logon.
This parameter affects all applications that use a particular launch setting.
Windows 2008 Seamless
To use Microsoft seamless i.e. Win 2008 seamless – Go to Manage-> Connection Setting and
select the respective setting for which you have to enable Microsoft seamless. All applications
using this connection setting will be launched by using Microsoft seamless window.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 159

Concepts
Security

Security
Server-based computing has many potential security benefits. Servers can be placed in a
datacenter where administrators can safeguard them. If a user is using a thin-client computer, data
will be stored in the datacenter, so the datacenter can protect that data, and software can audit,
monitor, and control application access. Industries, such as health care and finance, are adopting
server-based computing for these reasons.

Design principles and practices

The design of Propalms Terminal Services Edition reflects the following principles and practices.
Unsecured external components
Propalms Terminal Services Edition assumes the network that connects all of its servers is
unsecured; therefore, it takes measures to protect Propalms Terminal Services Edition data,
communication, and components on all of its servers, not just those exposed to clients. IFS and
Propalms Terminal Services Edition printing data is always transmitted in encrypted form.
Redundant measures
Every Propalms Terminal Services Edition component, not just those dealing with clients or
networks, has security measures. If one component were compromised, then the other
components will prevent the system from becoming compromised. In this manner, the total
damage to the system could be isolated if an attack were successful.
Least privilege
On Windows servers, every component runs under a security context with set of privileges.
Privileges give the component permission to perform certain operations such as access a file or
set a registry entry. Components that run with fewer privileges are safer, because if they were
compromised, they would do less damage. The Propalms Terminal Services Edition designers
made sure that every Propalms Terminal Services Edition component runs with the smallest set of
privileges possible. All COM+ components run with privileges for a normal user. Propalms Terminal
Services Edition services run under SYSTEM account.
Proven code
Rather than invent its own encryption algorithms and security techniques, Propalms Terminal
Services Edition relies on proven security libraries. Code that as been heavily scrutinized and
found to be secure is better than the code that has not been so challenged. In particular, Propalms
Terminal Services Edition relies heavily on the Window’s cryptography, authentication, and access
control mechanisms for it security design.
Secure defaults
Propalms Terminal Services Edition ensures that every default setting of the system is the most
secure setting for the system. The only exceptions to this principle are settings that might not run
on most systems. A corollary to this principle is to warn the administrator when the administrator
chooses settings that are not secure.

Features and security

Many features have security aspects to them. This section reviews the features with security
considerations.
Logon
To perform any operation in Propalms Terminal Services Edition, an end-user or administrator
must authenticate with Propalms Terminal Services Edition using their domain user name. Since

Propalms Terminal Services Edition Administrator Guide--1 March 2013 160

Concepts
Security

the Management Console and Launch Pad portal are web applications, they use web
authentication methods. Propalms Terminal Services Edition supports all the authentication
mechanisms found on the Windows Internet Information Server (IIS). The table below summarizes
the advantages and disadvantages of each.
TABLE 10. Web authentication methods
Type Automatic SSL Required Internet Explorer Firewall Special Setup
Logon Required Compatible
Anonymous Yes, with Recommended No Yes None
cookies
Basic No Yes No Yes None

Windows Yes No Yes No None

Integrated
Certificate Yes Yes No Yes Yes

The administrators can choose the authentication that best suits their environment. They change
their IIS authentication method directly using the IIS administration consoles. Propalms Terminal
Services Edition dynamically detects the authentication method set up by an administrator.
By default, IIS uses anonymous authentication. With anonymous authentication, Propalms
Terminal Services Edition will display a form in their web browser to query the user’s name and
password. To keep these credentials secure, we recommend that administrators configure their
servers to have SSL available, so that the browser transmits these credentials to the Web Server
in an encrypted form. The Management Console has an “SSL Available” setting to configure
Propalms Terminal Services Edition to switch to SSL automatically for logon.
Certificates and Smart Cards
Many vendors provide Public Key Infrastructures that distribute certificates to users. Setting up a
PKI system can be difficult. Administrators are encouraged to check the Propalms Web site for
more details on specific PKI vendors. As long as the PKI used is compatible with the Windows
certificate cache and as well as the IIS Directory Service Mapper Propalms Terminal Services
Edition will be able access certificates in the cache.
Since Propalms Terminal Services Edition supports Certificate based authentication, it easily
supports authentication using Smart Cards. As long as the Smart Card vendor implements
Window security providers that place certificates in the Windows certificate cache, Propalms
Terminal Services Edition will be able use these certificates for authentication.
Launching applications
When a user launches an application, the user must logon to the Application Server that hosts the
application. This is a fundamental feature of Windows Terminal Services. For this logon to be
successful, the Application Server must verify the user’s name, domain, and password. This
verification requires a trust relationship between the domain containing the Application Server and
the domain containing the user.
As a convenience to the user, Propalms Terminal Services Edition can cache the user name and
password for Application Server logon on the client computer and use these stored credentials
every time the user connects. Propalms Terminal Services Edition uses a strong encryption
algorithm provided by the Windows CryptoAPI’s protect the user’s credentials. The administrator
can configure the system to store the credentials in memory or on disk, or to disable the cache
altogether.
Installation
Propalms Terminal Services Edition needs a domain user account and a domain group to operate.
The domain user account is called the Propalms Terminal Services Edition System Identity.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 161

Concepts
Security

Propalms Terminal Services Edition components use this to authenticate to each other, so that
malicious calls to the components are denied access. The Propalms Terminal Services Edition
System Identity only needs normal user privileges, but it should be setup so that its password does
not expire. This identity account should have access to the Propalms Terminal Services Edition
Database. Additionally, this Propalms Terminal Services Edition Identity account should have read-
only rights on all users that are likely to use the Propalms Terminal Services Edition system. For
more information, refer to "Giving read permissions to Propalms Terminal Services Edition Identity
account".

NOTE
For security reasons, it is recommended that the Propalms Terminal Services Edition
Identity account should have low privileges in the domain and on the Database Server.

The domain group is called the Propalms Terminal Services Edition Administrators group. As the
name implies, this group contains those users who have administrative access to the Propalms
Terminal Services Edition system.
During initial installation of Propalms Terminal Services Edition, the installer prompts for the
Propalms Terminal Services Edition System Identity and the Propalms Terminal Services Edition
Administrator group. The administrator must provide the names of an existing user (whose
password never expires) and a group for the accounts to manage Propalms Terminal Services
Edition. During installation, the administrator who installs Propalms Terminal Services Edition must
have software install privileges on the computers that will receive the installs.
When you add servers in Propalms Terminal Services Edition Team through Management
Console, you must provide the name and the password of an account that has Administrative
rights on the computer on which you are going to install the Propalms Terminal Services Edition
software.
Server lock down
To help administrators protect their Application Servers, Propalms Terminal Services Edition
contains a component that prevents RDP connections to the server that does not use Propalms
Terminal Services Edition. Only Propalms Terminal Services Edition administrators and local
administrators can logon to a locked down server through RDP. However, if the Primary Database
Server is down, or if the Propalms Terminal Services Edition Database connectivity is lost due to
some reason, only local administrators can logon to a locked down server through RDP.

Best practices
Propalms Terminal Services Edition has many security measures, but it is ultimately the
administrator’s responsibility to secure their datacenter.
Setup SSL
Perhaps the most important security precaution that the administrator can take is to install
certificates on the Web Servers and Relay Servers so that Propalms Terminal Services Edition can
use SSL for communications. SSL is required to make the basic authentication secure and to
prevent tampering with the web traffic of the console. Once the certificate installation completes,
the administrator should configure the Web Server to require SSL on the Console and Launch Pad
Web sites.
Monitor audit logs
Propalms Terminal Services Edition keeps an audit trail of all the changes made to the system and
the initiator. This audit can be very valuable to stop tampering with the system.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 162

Concepts
File logging

Update your operating system

Propalms Terminal Services Edition adapts to the operating system of the server that receives the
install. Each release of Windows has new security features that Propalms Terminal Services
Edition will exploit. In particular, Windows 2003, and Windows XP contain security features that
help Propalms Terminal Services Edition store user credentials.
Use the NTFS file system
The NTFS file system is an option of Windows 2003, and Windows XP. Propalms Terminal
Services Edition takes advantage of the access control feature of the NTFS file system to protect
its files from tampering.
Place all Propalms Terminal Services Edition Servers in an Active Directory OU
It is a good management practice to place all the Propalms Terminal Services Edition servers in
single Active Directory OU. From a security perspective, this configuration allows the administrator
setup a Group Policy Object to govern the access settings and encryption levels of the servers.
Screen saver
We do not recommend setting screen savers for remote users’ profiles and on the Application
Servers.

File logging
Propalms Terminal Services Edition logs all warning, error, and information messages to a log file.
The log file is called PropalmsTSE.log and it is created in the install directory. If the administrator
accepted the default destination settings while installing Propalms Terminal Services Edition, the
log file is created in X:\Program Files\Propalms directory. A Propalms Terminal Services Edition
administrator contacting the Propalms Technical Support for some troubleshooting may be asked
to send the log files as the log files contain a lot of information that can help the Technical Support
in troubleshooting.

NOTE
File logging is not the same as tracing, whose options you can set from the
Options>System>Update System Options page.

Configuration settings for log file

The error logging feature of Propalms Terminal Services Edition uses the
HKEY_LOCAL_MACHINE\SOFTWARE\New Moon Systems\Canaveral\<Propalms Terminal
Services Edition version>\Config\Log registry key. You can change the file logging settings by

Propalms Terminal Services Edition Administrator Guide--1 March 2013 163

Concepts
Propalms Terminal Services Edition — Basic Configurations

modifying the registry values. The following table lists the details of the Propalms Terminal
Services Edition file logging registry keys.
TABLE 11. File Logging registry keys
Name Default Value Description
LoggingEnabled 1 Controls file logging. It can take one of the following values:
• 1 - File logging enabled
• 0 - File logging disabled
LogToFile 1 Controls where the logs go. It can take one of the following
values:
• 0 - Output debugger
• 1 - File
MaxLogSizeMB 10 Controls the maximum file size for a log file before it is
rolled over. The value specified is in MB. It can take any
numeric value and is only limited by the amount of free
space on the drive. It cannot be set to a value less than 1.

The changes made to the LoggingEnabled and LogToFile keys are effective immediately. For the
changes made to MaxLogSizeMB key to be applicable, the administrator should restart the
Propalms Terminal Services Edition Engine service.

Rollover of log file

When the PropalmsTSE.log file is full, that is, when it reaches the maximum log file size setting
defined in registry, it is archived with the name PropalmsTSEOld.log. At each subsequent rollover,
old PropalmsTSEOld.log file is replaced by new PropalmsTSE.log file and a new
PropalmsTSE.log is created. Thus, the latest logs are always in PropalmsTSE.log file and the
oldest logs are in PropalmsTSEOld.log.

Propalms Terminal Services Edition — Basic Configurations

This section addresses the ways you can configure Propalms Terminal Services Edition to support
different operational demands. It also shows how you can scale Propalms Terminal Services
Edition to accommodate more users over time.
You can use one of three basic configurations:
• Single Server Configuration: A Propalms Terminal Services Edition single-server
configuration uses one Propalms Terminal Services Edition server.
• Multi-Server Configuration: A multi-server configuration distributes Propalms Terminal
Services Edition across more than one server.
• Advanced-Server Configuration: An advanced configuration distributes roles across more
than one server and creates redundant configuration elements.
In addition, you can install Propalms Terminal Services Edition on a local server, which may not be
a part of a domain, for local users. For more information, refer to "Local server install".

Single server configuration

A small company or a site that is evaluating Propalms Terminal Services Edition can use the
Propalms Terminal Services Edition single server configuration. An administrator can use this as
an initial configuration, where there are plans to scale the Propalms Terminal Services Edition
deployment in the future.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 164

Concepts
Propalms Terminal Services Edition — Basic Configurations

An administrator may want to choose the Propalms Terminal Services Edition single server
configuration for a production site with up to 100 concurrent users.
A typical server configuration can use a Intel Xeon Processor with 1 GB RAM for an application
Server and 1 GB for a Web/ Load Balancer run on a Windows 2003 or a Windows 2008 server. To
size a server to offer applications to these 100 concurrent users, the system might require a dual 1
GHz CPU with 4 GB of memory. The disk size will depend on the amount of storage the
applications require.
Procedure
To set up a Propalms Terminal Services Edition single server configuration.
1. If you want the domain to be redundant, be sure that redundancy elements, such as RAID
or clusters, exist.
2. Configure the Windows 2000 server in application delivery mode.
3. Add those applications that you will offer to your users to the Application Servers.
4. Set up the Microsoft SQL Server.
5. Install Propalms Terminal Services Edition on a single box. This will set up the Web Server,
Load Balancer, and Application Server roles on the same box.
6. Provision applications to those users who will use the Propalms Terminal Services Edition
services.
This configuration provides some advantages. This configuration is very inexpensive to install,
maintain, and backup. This configuration is easy to expand by adding new servers to the team.
This configuration also has some areas that you need to consider. Administrators are running
Propalms Terminal Services Edition on a single server, so there is no built-in fault tolerance.
Administrators cannot take advantage of load balancing in Propalms Terminal Services Edition,
because there can be no load balancing when only one application server is used. Administrators
can serve only a limited number of concurrent users.
If you plan to use a single server configuration, here are some tips.
• It is best to avoid using applications that consume large amounts of memory or CPU cycles.
• It is best to boost the number of processors on the server configuration.
• It is best to use a server that implements redundancy to reduce the opportunity for and
consequences of failures. An administrator can implement redundancy by using
technologies such as RAID, hot swap, dual power supplies, or cluster servers.
• It is best to keep Propalms Terminal Services Edition on a server other than the domain
controller. However, if the domain controller must be on the same server, it is best to boost
the amount of memory available on the server.

NOTE
Printing does not work when the Propalms Terminal Services Edition server resides on the
domain controller.

Multi-server configuration
The multi-server configuration is generally appropriate for more mature sites or sites that have up
to 1000 users. This configuration provides the ability to perform load balancing of applications in
the Propalms Terminal Services Edition environment.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 165

Concepts
Propalms Terminal Services Edition — Basic Configurations

An administrator might use this type of configuration for a site that has more than 1000 concurrent
users. Typically, the Application Servers should be at least dual Pentium III 600 MHz CPUs with
1GB of memory. The Web Server/Load Balancer should be at least a dual Pentium III 500 MHz
with 1GB of memory. The disk size will depend on the amount of storage the applications require.
The environment, as noted above, requires one Web Server/Load Balancer and one SQL server.
The number of application servers typically used ranges between 15 and 25. If an administrator
uses more powerful Application Servers, the site requires fewer Application Servers.
In order to set up Propalms Terminal Services Edition on several servers, administrators generally
install Propalms Terminal Services Edition on a central server and then use the Propalms Terminal
Services Edition Administrative Console to join other servers to the team. An administrator would
add servers to a team, and then plan and push roles to the appropriate Application Servers. An
administrator can push the following four roles: Web Server Role, Load Balancer Role, Application
Server Role, and Relay Server Role.

NOTE
If the Console is running in secure mode (HTTPS), the Depot folder on the Web Server
has to have plain HTTP access, even if the other folders are secured as HTTPS.

For a simple multi-server configuration, the administrator would most likely push many application
server roles because Application Servers hold and manage applications that users use. The
administrator would then provision applications to the Application Servers and to users (users,
groups, and OUs) to Propalms Terminal Services Edition. Finally, the administrator would arrange
for backups. An administrator might want to consider performing frequent incremental backups
and less frequent full backups on the Propalms Terminal Services Edition database.
This configuration provides some advantages.
• It uses the load balancing capabilities of Propalms Terminal Services Edition.
• It can enhance security by using a single port relay server.
• It can accommodate server maintenance during business hours.
It can do this because the Load Balancer has the ability to exclude a server from a team
dynamically and to redirect application requests to the servers that remain in the team. This
configuration allows an administrator to set CPU, memory, and queue resource limits for
application servers to ensure better performance.
• It distributes processing load across the available resources so there is no concentration of
load on a single server. This configuration is robust in that if one server fails, other servers
can still accept new application requests.
This configuration also has some areas that you need to consider. Administrators are still working
with a system that has a single point of failure because neither the SQL server nor the Web/Load
Balancer server has redundancy features. Additionally, an administrator will see the entire
Propalms Terminal Services Edition operation fail when the domain controller fails.
If you plan to use a multi-server configuration, here are some tips.
• When copies of the same application are stored on different Application Servers in a team,
the instances of these applications need to be stored on the same absolute path on each
server, so the Propalms Terminal Services Edition load balancer can use load balancing to
accommodate a request for an application.
• Ensure an even distribution of the application load across all the servers. To do this,
configure the servers to have similar characteristics in terms of storage, speed, and RAM. If
some of the servers are more powerful than others then the Load Balancer will send those
powerful servers a greater number of the application requests. This is the benefit of
resource-based load balancing: the server with the most resources available receives the
request.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 166

Concepts
Propalms Terminal Services Edition — Basic Configurations

• Consider placing servers that are involved in critical tasks in a redundant configuration. The
administrator should implement one or more of the various technologies that the industry
makes available to increase uptime. These technologies include RAID for hard disks, hot
swap for power supplies, and fault tolerant NICs for communications.

Advanced-server configuration
The advanced configuration is generally appropriate for larger, complex sites. An administrator can
use this configuration for sites that serve 1000 to 3000 users concurrently. This configuration has
multiple web servers and load balancers and there is no single point of failure.
The hardware requirements for the advanced environment are similar to the requirements for the
multi-server configuration. Yet this configuration is different in that it uses redundant hardware
resources for the Web Server, Load Balancer, and Relay Server roles.
In order to set up Propalms Terminal Services Edition on several servers, administrators generally
install Propalms Terminal Services Edition on a central server and then use the Propalms Terminal
Services Edition Administrative Console to join other servers to the team. To set up Propalms
Terminal Services Edition on several servers, an administrator would need to verify that a virtual IP
server is available for the Web Server, and if only a round robin domain name system were
available, this would suffice. However, it would not provide guaranteed system availability due to
the implementation of round robin DNS. That administrator would also verify that a site
management system is running in the Propalms Terminal Services Edition environment, as this
type of software can warn administrators of critical events. Next, an administrator would set up
applications on several application servers and the administrator would use an imaging technology
to replicate the setup; in this way, an administrator could be sure that the software installs
applications on the same absolute path for all servers. The administrator would distribute
Propalms Terminal Services Edition roles to different servers to ensure that those servers that
have a unique role also have at least one companion server. This arrangement provides a nonstop
configuration for the Web Server, the Load Balancer Server, and the SQL server. Of course, the
Application Servers would be numerous. To enhance security, the administrator would distribute
the Relay Server role to at least on server. Finally, the administrator would arrange for backups. An
administrator might want to consider performing frequent incremental backups and less frequent
full backups on the Propalms Terminal Services Edition database.
This configuration provides some advantages. This configuration provides a fully redundant
environment, so there is no single point of failure, it accommodates a high number of simultaneous
users, it accommodates best-of-breed technologies for virtual IP (VIP) and SQL Clustering, and it
can use a network load balancer or a round robin domain name system to perform load balancing
on the Web Servers.
This configuration also has some areas that you need to consider. Administrators are working in a
more complex environment, the virtual IP server that is part of this configuration adds hardware
expense, and to accommodate multiple sites, an administrator must make special preparations.
If you plan to use an advanced server configuration, here are some tips.
• It is recommended that an administrator install Microsoft Cluster Server (MSCS) on cluster
nodes to encourage high-availability, scalability, and manageability for the Microsoft SQL
Server. A SQL server in a clustered configuration requires a minimum of two servers and a
shared disk storage device.
• The environment as noted above is suitable for many Application Servers. The ideal number
of Application Servers that an administrator can manage range between 20 and 60. When
an administrator uses more powerful application servers, fewer servers are required.
Therefore, there is an inverse relationship between the number of servers required and the
power of servers used.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 167

Concepts
HyperPrint

HyperPrint
HyperPrint client side print option

In TSE 7.0 there are also new options available on the Propalms Client side for HyperPrint.
They are
- Print directly to default printer on client
- Ability to select and set the pdf reader software to use with HyperPrint
- Ability to save HyperPrint pdf files on client machine, for offline printing.
In Propalms Client (Propalms Connection Manager ) PCM, system tray right click menu, a new
menu is available called “HyperPrint settings”.

It will open the HyperPrint menu where TSE user can set his/her preference for HyperPrint.
These settings are retained until TSE user changes it.

For Printing to happen, ‘Print Options’ should be checked. User can choose between sending the
print job directly to the default printer on client for printing or have printer selection box shown to

Propalms Terminal Services Edition Administrator Guide--1 March 2013 168

Concepts
HyperPrint

select the printer. When choosing the “Show Printer Selection Box before Printing” the pdf
reader selected in the “Default PDF reader for HyperPrint” will be used to open the PDF file and
s printer selection box.
TSE users can also Save the HyperPrint pdf file on their client machine for offline printing, backup
or compliance purposes. User can choose the location to save the files and a confirmation
message will be shown when HyperPrint pdf file is saved on the client machine at the chosen
location.

In TSE 7.0 Propalms HyperPrint supports other PDF reader applications like NitroPDF and Foxit
on the client machine. The installed PDF reader applications are programmatically enumerated in
the HyperPrint client settings menu and TSE user can set the Default PDF reader for use with
HyperPrint using the dropdown menu.

NOTE
Note: There are many PDF reader softwares available for use. All have not been tested
but most of them should work with Propalms HyperPrint.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 169

Concepts
Web Redundancy

Web Redundancy
TSE Web, TSE SPR and TSE DMZ-SPR redundancy using auto failover
feature in Propalms client.
A new feature in TSE , where Propalms Client will automatically switch over communication to
other WEB, SPR or DMZ-SPR servers in the TSE team , in the event of a failure in communication
with an existing Web,SPR or DMZ-SPR server. This will facilitate redundancy, fault tolerance and
fall back mechanism of the WEB, SPR and DMZ-SPR server role .

Client failover to other WEB server:

For Propalms client to failover communication to other WEB server, there is no special
configuration or settings that are needed on the server side or in TSE Management Console. TSE
admin, only needs to ensure, that there are more than one TSE servers running the TSE WEB
role. Propalms client will be notified of the other online WEB servers, on the first successful
handshake between Propalms Client and TSE Web server (Launchpad site). This information will
be cached and saved by Propalms Client and will be used in the event of communication failure
with the current TSE WEB server.

Alternatively, TSE User can also specify the primary and secondary TSE Web server to be
explicitly used, in Propalms TSE Client configuration, right-click PCM sys tray icons “Propalms

Propalms Terminal Services Edition Administrator Guide--1 March 2013 170

Concepts
Web Redundancy

TSE Launchpad Settings”.

PCMConfig file may also be used to auto fill the Web server information.
Refer next section for more information on PCMConfig file and its use.

Client failover to other SPR,DMZ-SPR server:

Unlike the Client Web failover, for SPR or DMZ-SPR failover to happen, alternate or secondary
SPR, DMZ-SPR information needs to be pre-configured in Propalms client, using “Propalms TSE
Launchpad Settings” menu. TSE admin can provide user a PCMConfig file that has info for all the
TSE WEB, SPR and DMZ-SPR servers running in their TSE team. A user should copy the config
file in the \ Propalms Client directory and use the “Auto Fill from config file “check box to populate
the settings.
The config file can also be made downloadable from TSE Launchpad web portal from the
Download Client section. Alternatively, during PCM install, if the PCMConfig file is present in the
same folder as PCM install files, the config file will be copied into the Propalms Client Folder on
install.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 171

Concepts
Configurable fall-back Web server for DMZ-SPR

The PCMConfig.xml file should always be copied to the ‘Program files\Propalms Client’ install
directory and should retain the same name i.e. ‘PCMConfig.xml’ .If the location or file name is
changed , ‘Auto Fill form config file’ will not work. To make the PCM Config file downloadable
from Propalms Launchpad-Download client page, zip the config as PCMConfig.zip and place it in
Inetpub\wwwroot\Depot directory of all TSE WEB servers.
TSE users can then download the config file using the “Download PCM Config file” option on
Download client, TSE Launchpad page.

Configurable fall-back Web server for DMZ-SPR

In TSE 7.0 Propalms TSE Administrator can configure a fall back TSE Web server that the DMZ-
SPR Server can communicate with, in the event where the primary TSE Web server becomes
unreachable. DMZ-SPR will automatically start communication with the fall back TSE Web server ,
when the primary TSE Web server goes offline or becomes unreachable. The fall back TSE Web
server IP address has to be manually configured on the DMZ-SPR server by creating a Registry
key on the DMZ-SPR server under HKLM-Software-NewMoonSystems-Canaveral-
2.0.0.0\DMZConfig.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 172

Concepts
Browser less access to applications using Propalms client.

Key type=String
Key Name= Web Server IP1
Value = “IP address or hostname of the alternate TSE WEB server”

NOTE
Note: Ensure that the fallback TSE Web server has the same Http port and SSL settings
as the primary TSE WEB server. Also ensure that the necessary ports are open between
the DMZ-SPR and the fallback TSE Web server

Browser less access to applications using Propalms client.

Configure Launchpad address and application launch settings from Propalms Client System Tray
icon. A user need not visit the Propalms TSE Launchpad portal to retrieve the app list and launch
applications. Hence eliminating use of Browser to get and launch TSE published apps
1. Once Propalms Client or also called as Propalms Connection Manager (PCM) i installed, a user
can right click on the system tray icon and select “Propalms TSE Launchpad Settings”

Propalms Terminal Services Edition Administrator Guide--1 March 2013 173

Concepts
Browser less access to applications using Propalms client.

2. Fill the Propalms Web server Launchpad portal info and user info OR use the AutoFill from
config check box to read info from the PCMConfig file. Read the previous section for detailed
information on PCM Config file.

Note: if the PCMConfig file also has SPR or DMZ-SPR info included. This info will
also be saved when configuring Web server details.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 174

Concepts
Browser less access to applications using Propalms client.

3. After entering the info, user may either want to just Save the Settings or Save & retrieve the TSE
app list to start launching the published Apps. On clicking ‘Save and Get App List’ user will be
given a confirmation message seeking time to retrieve the app list,

If the Primary Web server is not reachable the following error will be shown.

If the Primary web server info is correct and is reachable this confirmation message will be shown;
4. Click OK to Continue, if the provided Web server info and User info are correct, the app list will
be retrieved and displayed in the System Tray area. User can click on it to start launching the
apps.

Once the app list is retrieved, user can access the app list any number of times using
normal left mouse click on the PCM Sys tray icon.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 175

Concepts
Browser less access to applications using Propalms client.

5. If the User info or Web server info is incorrect an appropriate message will be displayed
,notifying the error to the user,
If Web server info is incorrect or Web servers are not reachable,

If user and domain info is incorrect the following message will be shown,

Note: If password is incorrect, the app list will still be retrieved but password will
be prompted for during app launch.
6. If the user selects on ‘Save’ , the settings will be saved after confirming that the Web
server info is correct , the following notification will be shown in case of incorrect Web
server info or Web servers not reachable.

Use PCM right click “Get and Launch TSE Apps with” menu to get the app list.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 176

Concepts
Browser less access to applications using Propalms client.

7. If SPR or DMZ-SPR is set up for accessing TSE apps for external users, TSE users may specify
the SPR or DMZ-SPR info in “Propalms TSE Launchpad Settings” menu.
Select the ‘TSE Relay Server Settings’ to configure the Relay server info.
Check ‘Connect using SPR’ or ‘Connect using DMZ-SPR’ if using SPR or DMZ-SPR respectively.
The settings can also be read from the PCMConfig file using the ‘Auto Fill from Config file’ option.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 177

Concepts
Browser less access to applications using Propalms client.

Other options remain the same for saving and launching Apps via Relay server as discussed for
Web server. Once WEB and Relay server settings are configured, a TSE user who needs access
to TSE apps from within and outside the office network can simply switch between using the Web
server and Relay server settings for retrieving and launching apps.
Right click on PCM and mouse over to “Get and launch TSE Apps with” and select the access
mode , depending on whether one wishes to connect via Web server or Relay server.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 178

Concepts
Linux Client Support

The check box shows the current setting selected.

NOTE
NOTE: When Relay server is selected as mode of access, all app launches will be forced
over SPR or DMZ-SPR , even if they are not turned ON in the respective TSE Connection
setting for the app launched.

Linux Client Support

New Features In Propalms TSE 7.0
In TSE 7.0, Propalms TSE client for Linux support following features:
1. Seamless Application Launch.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 179

Concepts
Linux Client Support

2. Propalms HyperPrint Support.

3. Client Printer Redirection.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 180

Concepts
Linux Client Support

4. Client Drive Sharing.

5. Enable Compression.
6. Bitmap Caching.
7. Enable Audio.
8. Color Depth.
Prerequisites
Rdesktop should be installed on your Linux Box. You can get the rdesktop from
http://www.rdesktop.org.
For Propalms HyperPrint support , use the custom Rdesktop included with the TSE Linux client
module.
If Rdesktop already exists , you may rename and move it out to usr/bin directory. Copy the
custom Rdesktop module to usr/bin directory.
In case, trouble getting the custom Rdesktop to work, build the Rdesktop on the linux box using
the 'rdesktop-1.6.0' setup files included. For instructions on how to build rdesktop using the set up
files, please refer instructions in the later part of this document.

How To Use
1. Unzip linux-tse-bridge.tgz file. It contains files protse, Rdesktop and rdesktop-1.6.0. Protse
is a bridge application for launching Propalms TSE sessions.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 181

Concepts
Linux Client Support

2. Copy protse and Rdesktop in user's '/usr/bin' directory, this is guaranteed to be in PATH
always and Must have execute permission. To use HyperPrint, protse must placed in '/usr/
bin' directory.
3. Use Mozilla or Konqueror ( or any other browser that supports Helper Applications ) to open
the Propalms TSE Launchpad WebPage.
4. After you sign in you will get a list of Application that are assigned to you. When you click on
any app to launch, your browser will prompt you that a file called NMNativeRDPLauncher.ASP
is being downloaded and browser does not know how to open it. So it will give you two options
either "Save it to disk" or "Open it with:". Select open with option and specify the helper app
as "protse".

Propalms Terminal Services Edition Administrator Guide--1 March 2013 182

Concepts
Linux Client Support

This will automatically configure "protse" as a helper Application for the MIME Type
application/x-propalms-xrdp. You will have to give the complete path for example "/usr/bin/
protse" . Alternatively you can manually configure the Helper Application as protse for the MIME
Type , "application/x-propalms-xrdc".

We have added support for HyperPrint in TSE 7.0 for TSE Linux client.
The default pdf reader to be used on Linux client machine for Propalms hyperprint can be set
through an external config file. By default xpdf is used to open the HyperPrint pdf file.
If xpdf is not available , user must specify a pdf reader app using the external .tseconfig file.
Write default PDF reader settings in this file with exact syntax given below.
for example;
PdfReader=xpdf
This line will make the =xpdf as a default PDF reader for hyperprint.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 183

Concepts
Linux Client Support

NOTE
Note: If user does not define '.tseconfig' file, by default pdf file will be opened using 'xpdf'
if available.

Settings which can't be mentioned in ".tseconfig"

You can not specify the following parameters in ".tseconfig" file
-u: user name
-p: password (- to prompt)
-d: domain
-s: shell
-a: connection colour depth
-T: window title
-g: desktop geometry (WxH)
-r: <any client redirection device>
These Parameters are being governed by Propalms TSE connection settings.

Building Custom Rdesktop-1.6.0

1. Configuring rdesktop

2. Make rdesktop

Propalms Terminal Services Edition Administrator Guide--1 March 2013 184

Concepts
Mac Client Support

3. Make Install rdesktop

4. Verify Installed rdesktop

NOTE
NOTE: TSE Features like SPR,DMZ_SPR, Session Recording are not available when
connecting from a Linux client.

Mac Client Support

In TSE 7.0, Propalms TSE client for Mac OS support following features:
1. Auto Reconnect.
2. Logoff Disconnected Sessions.
3. Logoff Idle Sessions.
4. Enable Session Recording.
5. Color Depth.
6. Client Printer Redirection.
7. Client Drive Sharing.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 185

Concepts
Mac Client Support

8. Bitmap Caching.
9. Enable Audio.
10. Enable Desktop Background.
11. Show Window Content While Dragging.
12. Menu and Window Animation.
13. Font Smoothing.
14. Enable Themes.

OverView
The Native RDP Client Connections feature in Propalms TSE enables you to run server-based
applications without having to install any additional client software (besides the native Microsoft
RDP client) on the client device.
Launching a server-based TSE application via a Native RDP Client Connection provides several
key benefits:
1. Support for RDP for Mac OS feature set
2. Publishing of applications to web-based interface (TSE Launchpad)
3. Resource-based load-balancing for the native RDP session
4. No additional installation of a vendor-specific client component.

As there is no TSE client software piece running, with Native client some TSE centric features are
not available:-
1. Seamless windows
2. SPR Support
3. File Associations
4. Desktop and Start menu Shortcuts
TSE MAC and Linux client are extensions of the Native client, so limitations of
Native client also apply to MAC and Linux client.

Native Client on Apple Macintosh

Launching Propalms Terminal Services Edition TSE applications from a Macintosh
client machine requires the Microsoft Remote Desktop Connection Client for Mac to be installed
on the machine.
More information can be obtained at this Microsoft Websites Mac section:
http://www.microsoft.com/mac/remote-desktop-client
Before Launching through Propalms Mac Client it is compulsory to check that one can launch a
native RDP session on Propalms v7.0 server.
Also one must make sure that latest RDP client for Mac is installed and if not then check on below
link.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=68346e0d-44d3-4065-99bb-
b664b27ee1f0

Propalms Terminal Services Edition Administrator Guide--1 March 2013 186

Concepts
Mac Client Support

The TSE Mac plug-in’s install remains same for Propalms v7.0 as well as v6.5
Both PowerPC as well Intel Mac plug-in is available on Propalms Web site.
PowerPC Mac Download Link:
http://www.propalms.com/download/clients/TSE_MAC_Client.zip
Intel Mac Download link:
http://www.propalms.com/download/clients/Intel_Mac_plugin.zip
Please follow below instructions and ensure that correct Propalms TSE Mac plug–in is installed on
your Mac as there are two different Propalms TSE MAC plug–ins.
1) Propalms TSE MAC plug-in designed for Macintosh PowerPC processor:
Propalms Mac plug-in (PowerPC) zip file containing the Propalms TSE Mac Client with entire
documentation on how to use the Mac Client only on Power Processor based Macs. This plug-in is
currently only tested on Safari 1.1 (v10.0) and higher browser running on OS X version 10.3. So
make sure latest plug-ins are installed for Safari browser on MAC PC running a Power Processor.

2) Propalms TSE Mac Plug-in for Intel processors based Macs:

Propalms Mac plug-in (Intel) attached zip file containing Mac Plug-in for Intel based Macs.
Propalms Mac Client is Tested on Mac OS X 10.5.8, Safari version 2.0.4. This zip file contains a
PKG file which is the Mac equivalent of an .MSI, so execute it only on Mac running Intel based
processor.

NOTE
NOTE: This cannot be installed on the PowerPC based older Mac machines.

With the latest RDP client 2.1 for Mac OS, more than one App/RDP session can be run from
simultaneously.

NOTE
NOTE: While installing plug-in please make sure you remove earlier TSE plug-in from
browser completely.

Mac Client Installation Steps

1. Download and extract "mac-tse-plugin.zip" file from web server it contains "Propalms TSE 7.0
plugin.pkg", which is installer on mac.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 187

Concepts
Mac Client Support

Propalms Terminal Services Edition Administrator Guide--1 March 2013 188

Concepts
Mac Client Support

2. After successful installation verify that plugin is installed.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 189

Using the Console
What’s in this chapter?

Using the Console

What’s in this chapter?

This chapter provides step-by-step procedures for using the Management Console to administer
the Propalms Terminal Services Edition system.

Management Console overview

This section provides an introduction to the Management Console

Management Console tabs

Home
The Home tab provides access to the Propalms Terminal Services Edition Summary, Getting
Started, Log On, Download, Product Keys, About (Propalms Terminal Services Edition), and
What’s New pages. Additionally, it provides information about issues that require the Propalms
Terminal Services Edition administrator’s attention.
Manage
The Manage tab contains links to Applications, Content, Servers, Groups, OUs, Users, Domains,
Client Groups, Connection Settings, Admin Roles, Tasks, and Network Printers pages. The
manage function helps you work with objects. You can add, remove, or update object properties,
and you can identify those objects that you want to use for Propalms Terminal Services Edition
from those that exist in your existing domain.
Monitor
The Monitor tab contains links to Connections, Load Balancer, Database Connections, Relay
Servers, and Jobs pages.
Report
The Report tab offers links to reports for sessions, applications, users, clients, servers, audit logs,
and product keys.
Options
The Options tab provides links to objects that interface with or control the Propalms Terminal
Services Edition environment. These objects include users, administrators, load balancers, relay
servers, database servers, TS GateWay, system, Lockdown Policies, and TSE Notifications.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 190

Using the Console
Management Console Home tab

Common operations
This topic explains how to navigate through the Propalms Terminal Services Edition Administrative
Console. Not all navigation elements appear on all pages, but you can learn about all navigation
here.
Features
To help you work with multiple objects, Propalms Terminal Services Edition offers you the ability to:
Select multiple objects for an operation
This select all feature permits you to select the check box at the top of a column to select all of the
objects that appear in that column.
Sort objects
View data in sequence by sorting on any of the columns in the report table. To do this, click the
column heading that is to represent the new sort key. Propalms Terminal Services Edition
immediately displays the re-sequenced data.
Filter objects
Choose a filter by selecting a property from the drop-down list box. Enter a corresponding value in
the text field and click Find. Propalms Terminal Services Edition displays the items that meet the
selection criteria.
Cancel button
The multi-page user input sequences have a Cancel button on page two and beyond. Click this
button to cancel the in-progress action and go back to the starting page of the multi-page
sequence.

What is application publishing?

Application publishing permits you to control application access to users, groups, and/or
organizational units.
Once you have added an application into the system, you can provision this application to your
users. Using Propalms Terminal Services Edition, you are able to provision applications to Domain
Groups, Domain Organizational Units, and/or Domain Users. Additionally, you are able to provision
applications to Client Groups.

Management Console Home tab

This Home tab has five objects, which this section considers.
"Summary page"
"Getting Started page"
"Log On page"
"Download page"
"Product Keys page"
"About page"

Propalms Terminal Services Edition Administrator Guide--1 March 2013 191

Using the Console
Management Console Home tab

Summary page
This page notifies you when you have issues that require attention. If you need to take an action,
this page indicates both the problem and the solution. It also provides a summary of the objects
that Propalms Terminal Services Edition is managing. Additionally, it provides information about
connections, Propalms Terminal Services Edition licenses in use, product keys limit, and audit
logs.

NOTE
For a delegated administrator who has been assigned the monitoring task, the Summary
page displays the total number of licenses currently consumed and not the number of
licenses consumed by only the users that the delegated administrator can monitor.

Easy navigation between Console Dashboard and Console Summary page

Hyper-link button is available to switch between the graphical and statistical representation of TSE
system info.

Getting Started page

This page provides a quick overview of the activities associated with each of the other console
tabs (Manage, Monitor, Reports, and Options). The tasks listed on this Getting Started page do not
represent a comprehensive list of tasks available.

Log On page
From this page, a member of an administrator group or a delegated administrator can log on to the
Management Console. Only some of the tabs of the Console are available when a delegated
administrator logs on, depending on the tasks that have been delegated. For more information,
refer to "Delegated administrator tasks".
The administrator group is set during the Propalms Terminal Services Edition install, and you can
modify it from Options>Administrator page.
Procedure
To log on to the Management Console:
1. Access the management console from a Web browser using a URL of the following format:
http://<webserver identification>/console

NOTE

Cookies should be enabled to log on to the Console.

2. In the Logon Name and Password fields, enter the user name and password you use to
logon to the domain.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 192

Using the Console
Management Console Home tab

NOTE

Do not enter the UPN name in the Logon Name field.

3. From the Log on to list, select the domain and click Log On.

Download page
From this page, you can download software for the Propalms Client or the Propalms Terminal
Services Edition Server.
Download for clients
You may download a Propalms Client for a Windows-based client platform. This Propalms Client
allows users to launch applications, and it allows administrators to shadow a user’s session.
Propalms Terminal Services Edition offers you two versions of the client software:
• Propalms Connection Manager (.exe): Propalms Terminal Services Edition requires
Windows Installer version 1.0 on the client to run the client software. This package includes
the Windows installer 1.1, checks for the installer on the client system, and if it is not there, it
installs the software. Use this package if you will be directing users to an ftp site or a URL.
• Propalms Connection Manager (.msi): This package does not include the Windows installer
1.1. Use this package if you will be pushing clients to the desktops via a third-party tool.
Download for servers
You may download the Propalms Terminal Services Edition server software for Propalms Terminal
Services Edition servers.
To create a Propalms Terminal Services Edition team, you need to install the Propalms Terminal
Services Edition Server software on the Web Server. After this, you can bring other servers into the
Propalms Terminal Services Edition team. Under normal circumstances, you can push the join
team software over the net using the Manage>Server>Add Server operation.
Under unusual circumstances, you can download this server software to the server that needs to
join the team. To do this, you can hand-carry the Propalms Terminal Services Edition CD to each
server that should join the team. Alternatively, you can log on to the console from the server,
download Propalms Terminal Services Edition (.msi), and run the software on a server to join an
existing team or to create a new team. This package does not include the Windows installer 1.1.

Product Keys page

From this page, you can view, add, or remove a Propalms Terminal Services Edition Product Key,
or activate the system. In addition, you can view the Propalms Terminal Services Edition license
usage.
Your product key type may be one of the following: beta key, evaluation key, base key, activation
key, or user-level upgrade key. The product key regulates the number of users who can access
your Propalms Terminal Services Edition system concurrently. You may notice that you have one
product key, called a base key, and you may have several add-on or supplemental product keys.
You will be unable to remove your base key, but you will be able to remove other product keys. The
base key expires 60 days after installation. You need to activate the system with the activation key
within 60 days of installing the base key.
For more information, see "Types of product keys".

Propalms Terminal Services Edition Administrator Guide--1 March 2013 193

Using the Console
Management Console Home tab

Add Key
To add a product key:
1. On the Product Keys page, click the Add Key link to open the Add Key page.
2. In the Product Key field, enter the product key and click Add.
Remove Key
To remove an upgrade key from the Propalms Terminal Services Edition system:
1. On the Product Keys page, select the upgrade keys you want to delete, and click the
Remove Key link to open the Remove Key page.
2. Click Remove to confirm that you want to remove the displayed keys.

NOTE

You can only remove Upgrade Keys from a Propalms Terminal Services Edition
system.

Activate System
You have to activate your system within 60 days from the time you install the base key.
To activate the Propalms Terminal Services Edition system:
1. On the Product Keys page, click Activate System. The Activate System link is available
only after the base key has been added to the Propalms Terminal Services Edition system.
Once a system is activated, the Activate System link is not displayed on the Console.
2. From the Activate System page, copy the Activation Request Code and click http://
www.Propalms.com/support/base_key_active.html to open a web form. Paste the
Activation Request Code in the web form to get the activation key.
3. Follow the steps in "Add Key" to add the activation key and activate your system.

NOTE
The activation key of one Propalms Terminal Services Edition team installation cannot be
used on another installation.

View License Usage

You can view the names of the users that are consuming the Propalms Terminal Services Edition
licenses at any time and know the number of licenses that are already in use.
To view the Propalms Terminal Services Edition user licenses currently being used, on the
Product Keys page, click View License Usage.
T the Concurrent User Licenses page opens, displaying the User Name of the users that are
currently logged on, along with the Client Name of the computer they have logged on from.

About page
Use the About page to know more about your version of the Propalms Terminal Services Edition
software. You can view the registered owner, the version number, and the build number. You can
also locate phone numbers for contacting Propalms Ltd. and the URL for accessing the Propalms
Web site.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 194

Using the Console
Management Console Manage tab

Management Console Manage tab

This Manage tab addresses the objects you can manage.

Manage summary
This Manage>Summary page identifies the types of objects that you can manage and it provides
links to the pages that manage each object type, as follows:
"Manage applications"
"Manage Servers"
"Manage content"
"Manage groups"
"Manage OUs"
"Manage users"
"Manage domains"
"Manage Client Groups"
"Manage connection settings"
"Manage Admin Roles"
"Manage Network Printers"

Manage applications
Use the Manage>Applications page to view or change application properties. This page displays
the name, path, description, and the connection settings for all the applications that you add to the
Propalms Terminal Services Edition system.
This page enables you to do the following:
"Add application to Propalms Terminal Services Edition"
"Add Common applications to Propalms Terminal Services Edition"
"Add Multiple applications to Propalms Terminal Services Edition"
"Update application properties"
"Remove applications"
"Update file associations"
"Add applications to servers"
"Remove applications from servers"
"Add applications to groups"
"Remove applications from groups"
"Add applications to OUs"
"Remove applications from OUs"
"Add applications to users"
"Remove applications from users"

Propalms Terminal Services Edition Administrator Guide--1 March 2013 195

Using the Console
Management Console Manage tab

You must install an application on an Application Server before you can add that application to
Propalms Terminal Services Edition using the Manage > Applications functions.

Add application to Propalms Terminal Services Edition

To add an application:
1. On the Manage>Applications page, click Add Application.
2. The Add Application page opens. While adding an application you need to:
• "Add application details"
• "Select servers"
• "File associations"
• "Select groups"
• "Select OUs"
After adding the application, you can make it available to individual users from the
Manage>Applications>Add Users page. If a domain user does not exist in the Propalms
Terminal Services Edition system, you can add the user from the Manage>Users>Add User
page.
The sections that follow explain each step in detail. Select/Enter the relevant information on each
page.
Add application details
The Add Application page allows you to add application information, the launch settings, and the
application defaults for shortcuts.
Application Type
You can choose to add the following:
• Windows Desktop, to provision the desktop of an Application Server
• Application, to add an application on an Application Server
You can add the applications to Propalms Terminal Services Edition by using the Start button on
the Add Application page along with the server’s name, which you select from the drop-down list.
To use this function, first select the name of the Application Server that holds the application you
want, and then click the Start button. This causes Propalms Terminal Services Edition to retrieve a
list of applications that appear on the Windows Start menu of the Application Server you select.
• If the application you want appears under the Application Server’s Start menu, you can see
the application on the Start list and you can select it. Propalms Terminal Services Edition
automatically places the configuration data that Propalms Terminal Services Edition
requires onto this Add Application page. Some applications such as Microsoft FrontPage,
Microsoft Project, and some Microsoft Office Tools are not displayed on the Start list even if
they are installed on the selected Application Server. You need to enter the application
information for these applications manually.
• If the application you want does not appear under the Application Server’s Start menu, but is
located on the server in a different directory, then you must manually enter the application
information on this Add Application page.

NOTE
If you are planning to use copies of this application on more than one Application Server in
the Propalms Terminal Services Edition team, all instances of this application must reside
on the same absolute path on each specific server. For example, if a program appears

Propalms Terminal Services Edition Administrator Guide--1 March 2013 196

Using the Console
Management Console Manage tab

under C:\Program Files\Microsoft Office\<anything>.exe on one computer in a team, it

must appear under this same path for all computers in that team.

The following text explains the other fields that appear on this page. The fields marked with an
asterisk (*) are mandatory fields.
Application Information
Application Name*
This application name will display on the Management Console. You may want to browse the
applications on a specific server using the navigation tools on this page to select the starting
information for this application’s name. Once the application data appears on this page, you may
customize the name that appears in this field. You do not have to use the name that the program
provides.
Description
This is a free-form description of the application. You may want to add identifying information such
as who uses this application.
Application Path*
This element must be a fully qualified path with the .exe file extension. When the browse utility
completes this name, you must not change the application path. Furthermore, if more than one
server in the same team will run this application, then the application must be loaded on all of the
affected servers on this specific path. All instances of one application on all members of one team
must appear on one consistent path.
Working Directory
Propalms Terminal Services Edition generally selects a working directory name, however, if this
property is blank, then Propalms Terminal Services Edition assigns a default working directory
path.
Command Line Parameters
This field has no effect when the field is blank. If you enter a command line, Propalms Terminal
Services Edition will launch the application using the information on that command line.
Start Menu Location
This field can hold two types of values, a blank value, and a literal value.
• The literal value (folder path name), places the shortcut folder at the location of the literal
path on the Windows Start menu on a client. When you select this option, if an administrator
changes the team’s name, Propalms Terminal Services Edition does not manage the path’s
modification. For example, if you specify the path as Propalms Terminal Services Edition
Team\Marketing in this field, the shortcuts are created in the Start>Programs>Propalms
Terminal Services Edition Team>Marketing folder.
• A blank value permits Propalms Terminal Services Edition to manage the location of the
folder and Propalms Terminal Services Edition places the folder under the Propalms
Terminal Services Edition Team’s name on the user’s Windows Start menu. When you
select this option, if an administrator changes the team’s name, Propalms Terminal Services
Edition automatically manages the path’s modification. For example, if the team name is
Propalms Terminal Services Edition Team Marketing, and this field is left bank, the
shortcuts are created in Start>Programs>Propalms Terminal Services Edition Team
Marketing folder.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 197

Using the Console
Management Console Manage tab

NOTE
To disable shortcuts, select Options>User>Update Options and from the Shortcuts list,
choose None.

Application Status
In Propalms TSE v7.0 administrators can temporarily disable one or more published applications
for maintenance purpose, without having to remove and re-publish the application.
To disable an application, Select one or multiple applications and click on Update Application. In
the Application Information section, go to the Application Status drop down menu select Disabled
and click on Update.
To re-enable an application, Select the disabled Applications and click on Update Application. In
the Application Information section, go to the Application Status drop down menu select Enabled
and click on Update.
Application Server Host Drive
When publishing applications on TSE for load balancing, it is required that the application install
directory and path be the same on all the TSE App servers for it to work.
There is a common problem of publishing x32 applications on TSE x32 and x64 App servers,
where the install path for x32 apps on x64 server is ..\program files(x86)\.. whereas on x32 server
it is ..\Program Files\.. .
In TSE v7.0 , publishing the same app on x32 and x64 is possible without worrying about
%program files(x86)% directory for x64 servers. The application is loaded from the correct
program files directory based on the server being x32 or x64.
In some instances, Applications are installed on different drives or the default system drive letter is
different. To accommodate such scenarios, TSE Admin can use the new Application Host Drive
option in v7.0.
There are 3 options available;
a) Default: It launches the app from the exact path specified in the Application
path field
b) System Drive: Here TSE during actual app launch will retrieve the default system drive of the
target app server and accordingly change the application launch path.
c) Find Run time: Here TSE scans all local drives of App server for the application path and once
found, launches the application
Folder Information
There are two options present to provide the folder information.
Create New
Use this option when you wants to create a folder and want to add application inside
that folder.
Select From
Use this option when you want to add application inside any one of existing folders.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 198

Using the Console
Management Console Manage tab

Launch Settings
Connection Setting
This parameter governs the way an application connects to Propalms Terminal Services Edition.
Refer to "Connection settings", for more information on this concept. You can specify the
Connection Settings as:
• Unspecified
• Default
• Any other Connection Settings defined in the system
Limit Total Concurrent Sessions
This places a maximum limit on the number of sessions of this application that can run
concurrently, on this Propalms Terminal Services Edition team. This is particularly useful for
applications where you are using specific application licenses rather than site licenses.
Limit Concurrent Sessions per Server
This places a maximum boundary on the number of sessions of this application that can run
concurrently, on any one Propalms Terminal Services Edition application server. This is particularly
useful for applications that exhibit high overhead or high resource-utilization profiles.

Allow Single instance of App per User

This feature allows TSE admin to restrict users to launch single instance of published app.
Application Defaults
This area sets the default location for shortcuts. Propalms Terminal Services Edition uses the
default location an administrator sets here. However, an administrator can permit users to change
these defaults individually, for their own user name.
Favorites
This parameter places a shortcut to this application on the Favorites page on the user’s Propalms
Terminal Services Edition Application Launch Pad.
Start Menu Shortcut
This parameter places a shortcut to this application on the user’s Windows Start menu.
Desktop Shortcut
This parameter places a shortcut to this application on the user’s Desktop.
File Association
This parameter enables file associations for this application.
Click Next to proceed to the Select Servers page
Select servers
The Select Servers page allows you to select the Application Servers that will host the application.
Select the Application Servers and click Next to proceed to the File Associations page.

NOTE
You can also add applications to Application Servers later from
Manage>Applications>Add Servers page.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 199

Using the Console
Management Console Manage tab

File associations
The File Associations page retrieves all the possible extensions that can be associated with the
application based on the servers that will host the application. You can associate the application
with one or more of these file extensions. When file associations are enabled, a user can open a
document in an application on an Application Server by double-clicking the file. Select the file
extensions you want to associate with the application and click Next to proceed to the Select
Groups page.

NOTE
You can also make file associations later from Manage>Applications>Update File
Associations page.

Select groups
The Select Groups page retrieves a list of the domain groups in the Propalms Terminal Services
Edition system and allows you to select the groups that will be able to access the application. You
may add a group to the system from the Manage>Groups>Add Group page. Select the groups
and click Next to proceed to the Select OUs page.

NOTE
You can also add applications to domain groups later from Manage>Applications>Add
Groups page.

NOTE
You can also add applications to OUs later from Manage>Applications>Add OUs page.

The Add Application page displays the choices you make in the sequence. Review the
information and click Add to add the application to the Propalms Terminal Services Edition system.

Add Common applications to Propalms Terminal Services Edition

This feature allows single click publishing of pre-defined common applications such as Microsoft
Office, Windows Explorer, Control Panel Applets etc . A new Action menu “Add Common
Applications” is available on the Manage>Applications page of TSE Console.
To add Common applications :
1. On the Manage>Applications page, click Add Common Applications.
2. The Add Common Applications page opens. While adding an application you need to:
"Add Common Applications"
"Select servers"
"Select groups"
"Select OUs"

Propalms Terminal Services Edition Administrator Guide--1 March 2013 200

Using the Console
Management Console Manage tab

Propalms Terminal Services Edition Administrator Guide--1 March 2013 201

Using the Console
Management Console Manage tab

The Add Common Application page allows you to add common applications information, the
launch settings, and the application defaults for shortcuts.
If you are planning to use copies of this application on more than one Application Server in the
Propalms Terminal Services Edition team, all instances of this application must reside on the
same absolute path on each specific server. For example, if a program appears under C:\Program
Files\Microsoft Office\ <anything>. exe on one computer in a team, it must appear under this same
path for all computers in that team.
Application Information
Start Menu Location
This field can hold two types of values, a blank value, and a literal value.
• The literal value (folder path name), places the shortcut folder at the location of the literal path on
the Windows Start menu on a client. When you select this option, if an administrator changes the
team’s name, Propalms Terminal Services Edition does not manage the path’s modification. For
example, if you specify the path as Propalms Terminal Services Edition Team\Marketing in this
field, the shortcuts are created in the Start>Programs>Propalms Terminal Services Edition
Team>Marketing folder.
• A blank value permits Propalms Terminal Services Edition to manage the location of the folder
and Propalms Terminal Services Edition places the folder under the Propalms Terminal Services
Edition Team’s name on the user’s Windows Start menu. When you select this option, if an
administrator changes the team’s name, Propalms Terminal Services Edition automatically
manages the path’s modification. For example, if the team name is Propalms Terminal Services
Edition Team Marketing, and this field is left bank, the shortcuts are created in Start>Programs>
Propalms Terminal Services Edition Team Marketing folder.
To disable shortcuts, select Options>User>Update Options and from the Shortcuts list, choose
None.
Application Status
In Propalms TSE v7.0 administrators can temporarily disable one or more published applications
for maintenance purpose, without having to remove and re-publish the application.
To disable an application, Select one or multiple applications and click on Update Application. In
the Application Information section, go to the Application Status drop down menu select Disabled
and click on Update.
To re-enable an application, Select the disabled Applications and click on Update Application. In
the Application Information section, go to the Application Status drop down menu select Enabled
and click on Update.
Application Server Host Drive
When publishing applications on TSE for load balancing, it is required that the application install
directory and path be the same on all the TSE App servers for it to work.
There is a common problem of publishing x32 applications on TSE x32 and x64 App servers,
where the install path for x32 apps on x64 server is ..\program files(x86)\.. whereas on x32 server
it is ..\Program Files\.. .
In TSE v7.0 , publishing the same app on x32 and x64 is possible without worrying about
%program files(x86)% directory for x64 servers. The application is loaded from the correct
program files directory based on the server being x32 or x64. In some instances, Applications are
installed on different drives or the default system drive letter is different. To accommodate such
scenarios, TSE Admin can use the new Application Host Drive option in v7.0.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 202

Using the Console
Management Console Manage tab

There are 3 options available;

a) Default: It launches the app from the exact path specified in the Application
path field
b) System Drive: Here TSE during actual app launch will retrieve the default system drive of the
target app server and accordingly change the application launch path.
c) Find Run time: Here TSE scans all local drives of App server for the application path and once
found, launches the application

Folder Information
There are two options present to provide the folder information.
Create New
Use this option when you wants to create a folder and want to add application inside that folder.
Select From
Use this option when you want to add application inside any one of existing folders.
Launch Settings
Connection Setting
This parameter governs the way an application connects to Propalms Terminal Services Edition.
Refer to "Connection Settings", for more information on this concept. You can specify the
Connection Settings as:
• Unspecified
• Default
• Any other Connection Settings defined in the system
Limit Total Concurrent Sessions
This places a maximum boundary on the number of sessions of this application that can run
concurrently, on this Propalms Terminal Services Edition team. This is particularly useful for
applications where you are using specific application licenses rather than site licenses.
Limit Concurrent Sessions per Server
This places a maximum boundary on the number of sessions of this application that can run
concurrently, on any one Propalms Terminal Services Edition application server. This is
particularly useful for applications that exhibit high overhead or high resource-utilization profiles.
Allow Single instance of App per User
This feature allows TSE admin to restrict users to launch single instance of published app.
Application Defaults
This area sets the default location for shortcuts. Propalms Terminal Services Edition uses the
default location an administrator sets here. However, an administrator can permit users to change
these defaults individually, for their own user name.
Favorites
This parameter places a shortcut to this application on the Favorites page on the user’s Propalms
Terminal Services Edition Application Launch Pad.
Start Menu Shortcut
This parameter places a shortcut to this application on the user’s Windows Start menu.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 203

Using the Console
Management Console Manage tab

Desktop Shortcut
This parameter places a shortcut to this application on the user’s Desktop.
File Association
Please update each application individually to enable File Association.
Click Next to proceed to the Select Servers page
Note : As multiple apps are being added, they will be added with identical settings like desktop
shortcuts, Connection Setting and others. After the apps are added, they can be individually edited
to have custom settings.
Select servers
The Select Servers page allows you to select the Application Servers that will host the application.
Select the Application Servers and click Next to proceed to the File Associations page.
You can also add applications to Application Servers later from Manage>Applications>Add
Servers page.
Select groups
The Select Groups page retrieves a list of the domain groups in the Propalms Terminal Services
Edition system and allows you to select the groups that will be able to access the application. You
may add a group to the system from the Manage>Groups>Add Group page. Select the groups and
click Next to proceed to the Select OUs page.
You can also add applications to domain groups later from Manage>Applications>Add Groups
page.

Select OUs
The Select OUs page retrieves a list of the OUs in the Propalms Terminal Services Edition system
and allows you to select the OUs that will be able to access the application. You may add an OU to
the system from the Manage>OUs>Add OU page. Select the OUs and click Next.
You can also add applications to OUs later from Manage>Applications>Add OUs page.
The Add Common Applications page displays the choices you make in the sequence. Review the
information and click Add to add the application to the Propalms Terminal Services Edition system.

Add Multiple applications to Propalms Terminal Services Edition

This feature Allows publishing of multiple applications simultaneously, with identical settings. The
6 applications at a time may be added and published to users, saving Admin time. A new Action
menu “Add Multiple Applications” is available on the Manage>Applications page of TSE Console.
To add Multiple applications :
1. On the Manage>Applications page, click Add Multiple Applications.
2. The Add Multiple Applications page opens. While adding an application you need to:
"Add Multiple Applications Information"
"Application Setting and information For Multiple Applications"
"Select servers"
"Select groups"
"Select OUs"

Propalms Terminal Services Edition Administrator Guide--1 March 2013 204

Using the Console
Management Console Manage tab

After adding the application, you can make it available to individual users from the
Manage>Applications>Add Users page. If a domain user does not exist in the Propalms Terminal
Services Edition system, you can add the user from the Manage>Users>Add User page.
The sections that follow explain each step in detail. Select/Enter the relevant information on each
page.
Add Multiple Applications Information
Use the Start buttons to browse the apps to be published, there are 6 start browse buttons
available.
If you need to add only 3 Apps, you may do so leaving the other Browse forms empty and moving
to the next page, the other sequence remains same as when adding a single app.
If you are planning to use copies of this application on more than one Application Server in the
Propalms Terminal Services Edition team, all instances of this application must reside on the same
absolute path on each specific server. For example, if a program appears under C:\Program
Files\Microsoft Office\ <anything>. exe on one computer in a team, it must appear under this same
path for all computers in that team.
The following text explains the other fields that appear on this page. The fields marked with an
asterisk (*) are mandatory fields.
Application Information
Application Name*
This application name will display on the Management Console. You may want to browse the
applications on a specific server using the navigation tools on this page to select the starting
information for this application’s name. Once the application data appears on this page, you may
customize the name that appears in this field. You do not have to use the name that the program
provides.
Description
This is a free-form description of the application. You may want to add identifying information such
as who uses this application.
Application Path*
This element must be a fully qualified path with the . exe file extension. When the browse utility
completes this name, you must not change the application path. Furthermore, if more than one
server in the same team will run this application, then the application must be loaded on all of the
affected servers on this specific path. All instances of one application on all members of one team
must appear on one consistent path.
Working Directory
Propalms Terminal Services Edition generally selects a working directory name, however, if this
property is blank, then Propalms Terminal Services Edition assigns a default working directory
path.
Command Line Parameters
This field has no effect when the field is blank. If you enter a command line, Propalms Terminal
Services Edition will launch the application using the information on that command line.

Application Setting and information For Multiple Applications

The Add Multiple Applications page allows you to add common applications information, the
launch settings, and the application defaults for shortcuts.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 205

Using the Console
Management Console Manage tab

Application Information
Start Menu Location
This field can hold two types of values, a blank value, and a literal value.
• The literal value (folder path name), places the shortcut folder at the location of the literal path on
the Windows Start menu on a client. When you select this option, if an administrator changes the
team’s name, Propalms Terminal Services Edition does not manage the path’s modification. For
example, if you specify the path as Propalms Terminal Services Edition Team\Marketing in this
field, the shortcuts are created in the Start>Programs>Propalms Terminal Services Edition
Team>Marketing folder.
• A blank value permits Propalms Terminal Services Edition to manage the location of the folder
and Propalms Terminal Services Edition places the folder under the Propalms Terminal Services
Edition Team’s name on the user’s Windows Start menu. When you select this option, if an
administrator changes the team’s name, Propalms Terminal Services Edition automatically
manages the path’s modification. For example, if the team name is Propalms Terminal Services
Edition Team Marketing, and this field is left bank, the shortcuts are created in Start>Programs>
Propalms Terminal Services Edition Team Marketing folder.
To disable shortcuts, select Options>User>Update Options and from the Shortcuts list, choose
None.
Application Status
In Propalms TSE v7.0 administrators can temporarily disable one or more published applications
for maintenance purpose, without having to remove and re-publish the application.
To disable an application, Select one or multiple applications and click on Update Application. In
the Application Information section, go to the Application Status drop down menu select Disabled
and click on Update.
To re-enable an application, Select the disabled Applications and click on Update Application. In
the Application Information section, go to the Application Status drop down menu select Enabled
and click on Update.
Application Server Host Drive
When publishing applications on TSE for load balancing, it is required that the application install
directory and path be the same on all the TSE App servers for it to work.
There is a common problem of publishing x32 applications on TSE x32 and x64 App servers,
where the install path for x32 apps on x64 server is ..\program files(x86)\.. whereas on x32 server
it is ..\Program Files\.. .
In TSE v7.0 , publishing the same app on x32 and x64 is possible without worrying about
%program files(x86)% directory for x64 servers. The application is loaded from the correct
program files directory based on the server being x32 or x64.
In some instances, Applications are installed on different drives or the default system drive letter is
different. To accommodate such scenarios, TSE Admin can use the new Application Host Drive
option in v7.0.
There are 3 options available;
a) Default: It launches the app from the exact path specified in the Application path field
b) System Drive: Here TSE during actual app launch will retrieve the default system drive of the
target app server and accordingly change the application launch path.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 206

Using the Console
Management Console Manage tab

c) Find Run time: Here TSE scans all local drives of App server for the application path and once
found, launches the application

Propalms Terminal Services Edition Administrator Guide--1 March 2013 207

Using the Console
Management Console Manage tab

Note : As multiple apps are being added, they will be added with identical settings like desktop
shortcuts, Connection Setting and others. After the apps are added, they can be individually edited
to have custom settings.

Select servers
The Select Servers page allows you to select the Application Servers that will host the application.
Select the Application Servers and click Next to proceed to the File Associations page.
You can also add applications to Application Servers later from Manage>Applications>Add
Servers page.
Select groups
The Select Groups page retrieves a list of the domain groups in the Propalms Terminal Services
Edition system and allows you to select the groups that will be able to access the application. You
may add a group to the system from the Manage>Groups>Add Group page. Select the groups and
click Next to proceed to the Select OUs page.
You can also add applications to domain groups later from Manage>Applications>Add Groups
page.
Select OUs
The Select OUs page retrieves a list of the OUs in the Propalms Terminal Services Edition system
and allows you to select the OUs that will be able to access the application. You may add an OU to
the system from the Manage>OUs>Add OU page. Select the OUs and click Next.
You can also add applications to OUs later from Manage>Applications>Add OUs page.
On the last Added Applications Summary page displays the summary of applications being added
and choices you make in the sequence. Review the information and click Add to add the
applications to the Propalms Terminal Services Edition system.

Update application properties

You can change properties such as that of the Limit Total Concurrent Sessions, Application Path,
Command Line Parameters, or any other property. When you select one application to update, all
of the currently assigned properties appear for editing.
You can update multiple applications by selecting multiple applications and clicking Update
Application on the Manage>Applications page. Select the properties you want to update, fill in
the appropriate information, and click Update. Propalms Terminal Services Edition updates all
selected properties for all selected applications. For a complete list of property definitions, see
"Add application to Propalms Terminal Services Edition".

Remove applications
This removes the application from use on the selected Propalms Terminal Services Edition
Application Servers. The application remains installed on the Application Server; it is simply
unavailable to the Propalms Terminal Services Edition users.
To remove applications:
1. From the Manage>Applications page, select the applications you want to remove and
click Remove Application.
2. Verify that the applications listed are the ones you want to remove and click Remove.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 208

Using the Console
Management Console Manage tab

Update file associations

You can associate applications with file extensions. When file associations are enabled, a user can
open a document in an application on an Application Server by double-clicking the file. You can
update the file associations made with an application.
To update the file associations for an application:
1. On the Manage>Applications page, select an application, click Update File
Associations, and then click Next. The system retrieves all the extensions you can
associate with the application from the Application Servers.
2. Select the extensions you want to associate with the application and click Update.

Update icon
When you add a application in Propalms TSE then the default icon of application is displayed on
Management Console, LaunchPad, desktop icons, and start menu shortcuts.
This feature enables you to define custom icon for applications.
To use this feature you need to follow the below steps:
1. On the Manage>Applications page, select an application, click Update Icon, and then click the
Next button.
2. Select a application server, and then click Next button.
3. The Path of Exe/Dll/Ico File is an optional field where you can specify the path of any .exe, .dll
or .ico file available at selected application server.
If you will specify the custom file then icon will be extracted from specified file, else the icon will be
extracted from Application’s .exe file.
Either specify the path of custom file and click Next or just click Next without specifying custom
file.
4. Select an icon and click the Update button.
The icon for application will be updated on Management Console, LaunchPad, desktop icons, and
start menu shortcuts.

Add applications to servers

You can add applications to servers that exist within a Propalms Terminal Services Edition team.
To add applications to servers:
1. From the Manage>Applications page, select an application, and then click Add Servers.
2. Select the servers that are to host this application, and click Add. The application will now
become available from these selected servers.

NOTE
You can add multiple applications to multiple servers at one time by selecting multiple
applications to add and selecting multiple servers to receive.

Remove applications from servers

To stop an application from being hosted by servers:

Propalms Terminal Services Edition Administrator Guide--1 March 2013 209

Using the Console
Management Console Manage tab

1. From the Manage>Applications page, select an application, and then click Remove
Servers.
2. Select the servers and click Remove. The application remains installed on the Application
Server; it is simply unavailable, on the selected servers, to the Propalms Terminal Services
Edition users.

Add applications to groups

You can add applications to groups that exist within Propalms Terminal Services Edition.
To add an application to groups:
1. From the Manage>Applications page, select an application and click Add Groups.
2. Select the groups that are to receive access to the applications, and click Add. This
provisions applications to the selected groups.

NOTE
If you want to add applications to groups that are not on this list, you must add these
groups to Propalms Terminal Services Edition from the existing domain from
Manage>Groups>Add Groups page. After you add a group to Propalms Terminal
Services Edition, you can add applications to it.

Remove applications from groups

You can add remove application availability to groups that have been assigned an application.
To remove an application from groups:
1. From the Manage>Applications page, select an application and click Remove Groups.
2. Select the groups that should no longer use this application, and then click Remove.
Propalms Terminal Services Edition will no longer provision the application to those
selected groups.

Add applications to OUs

You can add applications to OUs that exist within Propalms Terminal Services Edition.
To add an application to an OU:
1. From the Manage>Applications page, select an application and click Add OUs.
2. Select the OUs that are to receive access to the applications, and click Add. This
provisions applications to the selected OUs.

NOTE
If you want to add applications to OUs that are not on this list, you must add these OUs to
Propalms Terminal Services Edition from the existing domain from Manage>OUs>Add
OUs page. After you add an OU to Propalms Terminal Services Edition, you can add
applications to it.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 210

Using the Console
Management Console Manage tab

Remove applications from OUs

You can remove application availability to OUs that have been assigned an application.
To remove an application from an OU:
1. From the Manage>Applications page, select an application and click Remove OUs.
2. Select the OUs that should no longer use this application and click Remove. Propalms
Terminal Services Edition will no longer provision the application to those selected OUs.

Add applications to users

You can directly provision existing applications to existing users in the Propalms Terminal Services
Edition system.
To provision applications to a user that exists within Propalms Terminal Services Edition:
1. From the Manage>Applications page, select an application and click Add Users.
2. Select the Logon Name of the users that are to receive access to the application and click
Add.

NOTE
If you want to provision applications to users that are not on the list, you must first add the
users to Propalms Terminal Services Edition and then add applications to the users. For
more information, refer to Add a user.

Remove applications from users

You can remove application availability to users that have been assigned an application.
To remove applications from existing users in the Propalms Terminal Services Edition system:
1. From the Manage>Applications page, select an application and click Remove Users.
2. Select the Logon Name of the users that should no longer use this application and click
Remove.

Remove Folder
This removes the empty folder from the Propalms Terminal Services Edition team. To remove
folder(s) go to the Manage>Applications>Remove Folder page, select the folder(s) you want to
remove and click the Remove button.
Note: This page lists only empty folders.

Manage Servers
You access the Manage>Servers page to know about the servers, change server properties, run
diagnostics on a server, remove a server from a Propalms Terminal Services Edition team, add or
remove roles to or from a server, or add or remove applications to or from a server.
The summary page displays all of the servers of the Propalms Terminal Services Edition team. You
can use this page to see which servers are operating, what roles they hold, and whether they exist
online, installed, and enabled.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 211

Using the Console
Management Console Manage tab

In all cases, you can add, update, and remove properties for one object. In many cases, you can
add, update, or remove properties for many or for all of the instances of an object. For example, for
servers, you may want to update or delete a property for all servers at one time.
This section provides step-by-step procedures to do the following:
"Add a server"
"Update server profile"
"Change server status"
"Diagnose server condition"
"Remove a server"
"Add roles to a server"
"Remove roles from a server"
"Add applications"
"Remove applications"
“Add Tasks”
“Remove Tasks”
“Printer Driver Management“
“Virtual IP management”
“Update content redirection”

Add a server
The Add Server page allows you to add a remote server to the Propalms Terminal Services
Edition Team. Propalms Terminal Services Edition tries to install software remotely on the server
you want to add, so you must have administrative rights on the remote server. When you add a
server, you need to enter server information and the server administrator information required to
add the server.

NOTE
If the Console is running in secure mode (HTTPS), the Depot folder on the Web Server
has to have plain HTTP access, even if the other folders are secured as HTTPS.

These are the properties for the Add function. Where a field name holds an asterisk, the
associated property is mandator y.
Server Information
Server name*
This name is used to connect to the server.
This can be the distinguished name for the server (also known as the DNS name, interchangeably
written as FQDN name), or it is the IP address, or it is the NetBIOS name. If you use multiple
domains, it is important that you use the FQDN name format, serverX.domain.com. A NetBIOS
name such as <serverX> may not resolve correctly in a Propalms Terminal Services Edition
environment that serves multiple domains.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 212

Using the Console
Management Console Manage tab

Description
This provides free-form text that identifies the server or clarifies other information.
Published Address
When you specify a server IP address or fully qualified domain name (FQDN) in this field, a client
will use this address to connect to this server. If you do not specify an address in this field,
Propalms Terminal Services Edition routes the client connections to the Internal IP Address.

NOTE
If you specify a published address, be sure to specify an address that is available to a
client because a server may have several IP addresses and some of these addresses may
be unavailable for client connections.

Disable Best Internal Address Discovery

By default, Propalms Terminal Services Edition will discover the best address to use for its internal
communication. If you wish to specify a particular address, clear this check box to disable the
discovery mechanism and enter an Internal IP Address or DNS name in the Internal Address to
use field.
Internal Address to use
Members of the Propalms Terminal Services Edition Team use this address to communicate with
each other. Enter the internal IP address, NetBIOS name, or FQDN name in this field. If you do not
specify an Internal Address, Propalms Terminal Services Edition will use the address that best
communicates with your database server.
For more information, see "Add server fails".
Install Directory
This is the directory where Propalms Terminal Services Edition will place this server’s Propalms
Terminal Services Edition role software. If you place no value here, Propalms Terminal Services
Edition places the software in the Program Files directory.
Click Next to provide server administrator information.
Server Administrator Information
Logon Name*
To add a server to a Propalms Terminal Services Edition Team, Propalms Terminal Services
Edition remotely installs software on the server you are adding. To do that, it needs Administrative
privileges on the remote computer. Specify the Logon name that Propalms Terminal Services
Edition should use to connect to the remote server
Password
Specify the Password for the Logon Name specified above.
Domain Name*
Specify the name of the Domain for the Logon Name specified above.
The information entered here should be correct for Propalms Terminal Services Edition to be able
to connect to the remote server.
Click Next. The Add Server page displays the information you enter. Review the information and
click Add to add the server to the Propalms Terminal Services Edition team.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 213

Using the Console
Management Console Manage tab

Join Team Download

If you do not want to do a remote install on the server, you can add a server to the Propalms
Terminal Services Edition team in one of several ways.
• Take the Propalms Terminal Services Edition install CD to the server that is to join the team
and run an install.
• Log on to the Management Console from the server that is to join the team, and click
Home>Download. Then click the Propalms Terminal Services Edition (msi) link to
download the software to local disk.

Update server profile

Use the Update Server action to update a server’s properties. All of the properties that appear on
this page also appear on the Add Server page, for more information on these variables, refer to
"Add a server".
If the server is an Application server role, some more fields are available on the Server Update
page. For a list and description of these fields, refer to "Add roles to a server"

Change server status

Use the Change Status action to enable or disable a server. A server with an Enabled status is
ready and available. A server with a Disabled status is not available. You may want to disable a
server for maintenance.
TABLE 1. Enable/disable servers with server-specific behaviors
Role Enable Disable when safe Disable forcefully
Application Server Accepts new Does not accept new Kills all active
application launches launches and gets sessions and stops
disabled when accepting new
existing sessions are application sessions
closed
Load Balancer Used as master or Does not accept new Does not accept new
redundant load load balancing load balancing
balancer requests requests
Web Server Enabled User cannot access User cannot access
Launch Pad Launch Pad
Relay server Accepts new Does not accept new Kills all active
application launches launches and gets sessions and stops
disabled when accepting new
existing sessions are application sessions
closed

As soon as you choose the Disable when safe option, the server stops accepting any new
connections of
• Applications
• Single Port Relay
• Load Balancer election
Nevertheless, all lights on the Manage>Servers summary page stay green. As each session gets
over from the disabled server, within two minutes, that role is disabled and the lights go red,
indicating that the server is disabled.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 214

Using the Console
Management Console Manage tab

Diagnose server condition

Use the Diagnose Server action to run diagnostics. Propalms Terminal Services Edition provides
several one-click diagnostics that check the configuration of servers. It is good to run these tests
after you make server configuration changes. In this way, you can determine that the server is
stable and ready to run correctly. If the server is not stable, you can address any issues before you
attempt to move on to other tasks. From the Manage>Servers page, select the servers and click
Diagnose Server. From the Diagnose Server page, select the diagnostic tests you want to run on
the selected servers and click Diagnose.
If you receive a Settings Test failure, see "Settings Test failure".
For a complete explanation of diagnostics, see "Diagnostics".

Remove a server
Use the Remove Server action to remove a server from the Propalms Terminal Services Edition
team. All software installed by Propalms Terminal Services Edition is removed and the server no
longer remains a part of the Propalms Terminal Services Edition Team. The application software
you installed on that server remains on that server. Propalms Terminal Services Edition removes
only the software that it installed.
Some methods for removing a server are a little safer and others are a little quicker. You can
choose from the following options:
When safe
This indicates that you want Propalms Terminal Services Edition to manage the role/server
removal in a way that has no adverse impact on your environment. For example, you may want to
remove an Application Server role only when all connections are closed.
Now
This indicates that you are confident that an immediate update to roles/servers will have no
adverse impact on your environment; or, that you do not care if there is an adverse impact on your
environment. For example, you want to remove an Application Server, with this selection,
Propalms Terminal Services Edition drops any open client connections, and your users lose any
data that is in process on the Application Server at that time.
Only from database
This indicates that you want to remove this role/server from the database only. You might want to
do this when you cannot uninstall a role or the computer has crashed. This option removes the role
from the database but Propalms Terminal Services Edition does not attempt to uninstall the role
from the server.

Add roles to a server

Use the Add Roles action to add additional roles to one server, and you can use this to create
redundant configurations (by placing the same role on more than one server). You must set up the
required roles within the server team to run Propalms Terminal Services Edition, but once the team
holds an instance of each required role, you can begin to create redundant roles. Before you do
this, see "Propalms Terminal Services Edition — Basic Configurations".
When you are adding a Load Balancer role, or a Web Server role to a server, you will see no
properties. If you are adding a Relay Server role, you can view the Relay Server information such
as the relay port, whether SSL handshake is enabled or not, and the Server Certificate. You can
change these options from the Options>Relay Servers page.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 215

Using the Console
Management Console Manage tab

NOTE
If you change the relay port, the existing connections are disconnected. However, the user
can reconnect the disconnected sessions from the Launch Pad Connections page,
depending on the connection settings.

The port configured as Relay Port in the Propalms Terminal Services Edition system should be
available. The system does not allow pushing of the Relay Server role on a server on which the
port configured for single port relay is not available. If the port is not available on a server, the
Relay Server Role check box is disabled when you select the server to push a role on it.

NOTE
If the Console is running in secure mode (HTTPS), the Depot folder on the Web Server
has to have plain HTTP access, even if the other folders are secured as HTTPS.

However, if you are adding an Application Server role to a server, you will see the following server
information properties.
Terminal Services Listening port
Propalms TSE v7.0 has the option of changing the RDP Port at which the Client Connects. The
administrator can change the default RDP Port (3389) and specify a new Port in the Propalms TSE
Console for the application launch process to work.
This can be done on the Management console Update Server page. To do so, in the Server
Information Section change the Terminal Server's Listening Port to the required Port Number and
click on Update.

NOTE
How to change Terminal Server's listening port: http://support.microsoft.com/kb/187623

NOTE
How to change the listening port for Remote Desktop: http://support.microsoft.com/kb/
306759

NOTE
The Remote Desktop Connection Client for the Mac supports only port 3389.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 216

Using the Console
Management Console Manage tab

Set maximum TSE Session limit on TSE App servers to prevent session overload
TSE Admin can set a maximum limit for TSE sessions on each TSE App server. Once
the maximum session limit is reached, TSE LoadBalancer will no longer send App
launch request to that TSE App server.. This will prevent overloading of TSE servers
and also facilitate better distribution of sessions across online App servers.
Session Recording Information
Propalms TSE v7.0 now gives the power of recording user sessions. Administrators can use this
feature for auditing or troubleshooting purposes.
Session Recording Path
You can specify the path where the Session Recording is to be stored in this field. The recorded
sessions are stored in C:\Program Files\Propalms\RecordedSessions by default.
Maximum File Size For Session Recording
You can specify the maximum file size for a session recording in this field.
Policy
A Policy is a predefined or customized set of certain UI Access restrictions. Every Application
Server has a Lockdown Policy associated with it, which can be used to restrict the access to the
Application Servers, so that the users can only execute those applications that are provisioned to
them and thus cannot tamper with the Application Server. By default when you add the Application
Server Role to a Server, it has “No Restriction” Policy applied to it. If the system administrator
wants to restrict access to this application server, then it is advised to change this setting to
Highest, Medium or Low Restriction Policy according to needs. It is also possible to create a
customized Lockdown Policy. For More details regarding Lockdown Policy please refer feature
documentation here.
Install Vendor Drivers
This setting enables to Install the Driver provide by vendor when client printers get installed on the
server.
Uni-Driver to use
This setting enables to chose the appropriate Uni-Driver for application server.
These are the four uni-drivers provided:
- Standard NMUniDriver
- NMUniDriver with A3,B5 Paper size support
- NMUniDriver with 600 DPI resolution support
- NMUniDriver with 600 DPI resolution and A3,B5 Paper size support
Server Type
This identifies the function of the server. For example, for an Application Delivery Server, the type
may be WTS for Windows Server 2003 or Windows Server 2008.
Printer INF path
If the vendor supplied printer drivers reside in the INF directory, then use this location as the list of
supported printers and manufacturers. The default location is C:\WINNT\inf\ntprint.inf

Propalms Terminal Services Edition Administrator Guide--1 March 2013 217

Using the Console
Management Console Manage tab

Additional driver path

If the vendor-supplied printer drivers reside in a different directory, specify the other directories
here; for example, C:\ i386, or use this field to specify the network share where the printer drivers
exist. If you use a network share, the network share must have read rights set to All Users.
For more information, see "Web Server role", "Load Balancer role", "Relay Server role",
"Application Server role", and "Understanding feature considerations".

Remove roles from a server

Use the Remove Roles action to remove roles from a server.
Removing required roles
If you attempt to remove a required role that has only one instance on this team, you will receive a
warning such as:
One of the selected roles is the last role in the Team. If you remove this role, your system may
become unusable.

NOTE
If you click Remove at this point, the server may reboot.

Checking the location of roles

Before you remove any roles, click Manage>Servers to see where the roles are installed.
Propalms Terminal Services Edition runs when all of the required roles are present. If some of the
required roles are not present, Propalms Terminal Services Edition will not operate fully until you
reinstall the missing, required roles.

NOTE
If you remove the last Web Server role, your Propalms Terminal Services Edition
installation will be out of commission. After such an event, you must reinstall Propalms
Terminal Services Edition using the Propalms Terminal Services Edition CD. When you
run the new install, select the Create New Team option and provide the Propalms
Terminal Services Edition database server’s name. Do not Overwrite the database. The
database is the key to recreating the Propalms Terminal Services Edition team. When an
install rejoins your server to the database using the Create New Team option, Propalms
Terminal Services Edition can reconstruct your team.

Removing roles incorrectly

If you remove roles from a Propalms Terminal Services Edition team incorrectly, which could be by
using the Windows Add/Remove program, you will not remove the role from the Propalms
Terminal Services Edition database; consequently, when Propalms Terminal Services Edition lists
roles installed at a later time, it will continue to show the incorrectly removed role as installed.
Therefore, to preserve the integrity and consistency of your data, it is important to remove roles
correctly, using Manage>Servers>Remove Roles.
How to remove roles
There are two mode to remove a role:

Propalms Terminal Services Edition Administrator Guide--1 March 2013 218

Using the Console
Management Console Manage tab

1. When Safe: If administrator chooses this option then this role will be removed when no one will
be using selected role. i.e. a application server will be removed only if there is no active session
exists on that server
2. Now: If administrator chooses this option then this role will be removed immediately.
3. Only from Database: If administrator chooses this option then all related server entries will be
removed from various tables in the database only.

Add applications
You can add applications to servers that exist within Propalms Terminal Services Edition. When
you use this action, from the Manage>Servers page, select a server and click Add Application.
The application will now be available from your selected servers. You can add multiple applications
to servers in one operation too. To do this, choose multiple servers and click Add Application.
Select the applications that you want to add to these servers and click Add. All selected
applications will be available from the selected servers.

NOTE
With this function, Propalms Terminal Services Edition will overwrite any previous
application chosen to run on these servers. Only the newly selected set of applications will
remain.

Remove applications
When you use this action, from the Manage>Servers page, select the servers and click Remove
Applications. Select the applications you want to remove, and click Remove. Propalms Terminal
Services Edition will configure these servers to make these applications unavailable from the
selected servers. Propalms Terminal Services Edition does not remove the application from the
servers; it simply makes the application unavailable through the selected servers.

Add Tasks
The Add Tasks action allows you to add existing task(s) to selected Propalms TSE servers.
To add task(s) follow the below steps:
1. From the Manage>Servers page, select server(s) and click the Add Tasks link.
2. From the Add Tasks page, select the listed task(s) and click the Add button.

Remove Tasks
The Remove Tasks action allows you to remove existing task(s) from selected Propalms TSE
servers.
To remove task(s) follow the below steps:
1. From the Manage>Servers page, select server(s) and click the Remove Tasks link.
2. From the Remove Tasks page, select the listed task(s) and click Remove button.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 219

Using the Console
Management Console Manage tab

Printer Driver Management

The Printer Driver Management action allows you to launch Printer Driver Management utility. It
enables the administrator to find failed driver installations in the Propalms Terminal Services
Edition team and provides a way to map these failed drivers to an alternate driver.
In addition, the utility provides the following features:
1. Displays list of installed drivers in the Propalms Terminal Services Edition TSE server team.
Administrator can replicate the installed driver to all remaining application servers in the team that
have the same operating system.
2. Uninstall of drivers from all application servers having the same operating system.
3. Custom driver mapping: The administrator can map a client driver to a server driver without
having to wait for it to fail (and then do the mapping).
4. Delete and edit user defined driver mappings.
5. Create an allow-only or deny list of drivers. If the administrator creates an allow only list, then
only those drivers are allowed to install on the application server. If the administrator creates a
deny list, then all the drivers except those in the list are allowed to install onto the application
server.
6. Delete a driver from failed driver list.

Virtual IP management
The new Virtual IP Management Utility in Propalms TSE v7.0 enables a unique IP address from a
designated range to be assigned to each Propalms TSE session.
By enabling this feature, additional applications can utilize Propalms TSE Server v7.0 because the
IP address of the TSE Server is passed to back-end database by default, this feature enables
backend databases that require distinct IP address to see each TSE session as unique because a
secondary Virtual IP address is assigned.

These Virtual IP addresses are bound to the TSE Server NIC and can be readily observed via
IPCONFIG utility, as well as the user connection information with in the TSE Server Console.
The impact of Virtual IP can be best illustrated by a TSE Server environment which accesses a
Database Server.
The current Virtual IP solution provides two modes to dynamically assign unique IP Addresses to
the applications running inside a Propalms TSE session.
1. Pooling Mode - In this mode every new Propalms Session launched will acquire an IP
Address from a pool of IP Addresses specified in the IP Address Settings table under
Pooling Mode Operation. When the RDP session logs of this IP Address is reclaimed and
will be used for other Propalms sessions.
2. Static Mapping Mode - In this mode one can specifically set up a static mapping between
the client machine IP Address and the IP Address to be used for any Propalms session
launched from this client machine. The static mapping between client machine IP Address
and dynamic IP Address to use for all the RDP Sessions from this machine is maintained in
the IP Address Settings under Static Mapping Mode operation.
There is a provision to specify the Fail Over Mode for both these schemes individually.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 220

Using the Console
Management Console Manage tab

The Fail Over Mode determines the behavior of the system in case it is not able to acquire a
unique IP Address for a new session. The Mode (Pooling / Static Mapping) and Fail Over Support
Mode can be specified under the In Case of Failure option using the available drop down menus.
Pooling Mode supports the following Fail Over Modes
• Abort Launch
• Always Launch
Static Mapping Mode supports the following Fail Over Modes
• Abort Launch
• Acquire Unique IP from Pool
• User Terminal Servers IP
• Automatically Choose Best Option
User Interface
Use the Manage>Servers page of the Propalms Terminal Services Edition Management Console
to launch the Virtual IP Management (VIP) utility. The launch is through Propalms Terminal
Services Edition TSE.
The printer driver utility has two options with couple of sub options. This section explains their
usage in detail.
1. Pooling Mode
Select "Pooling Mode" from the Operation Mode, specify the desired Fail Over Mode option and fill
in the IP Address Settings.

In the IP Address Settings specify the IP Addresses that should be used dynamically for
Applications running under Propalms Sessions.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 221

Using the Console
Management Console Manage tab

We recommend that if your servers have IP Addresses in the range of 192.168.9.X then you have
a pool of IP Addresses in the range of 192.168.10.X. Note that the Subnet mask in this case must
be 255.255.0.0. In order to have TCP/IP connectivity between the application running with these
(192.168.10.X) IP Addresses the other machines in the 192.168.9.X subnet must also use the
same subnet mask as 255.255.0.0.

There is a possibility to even add a Range of IP Address by enabling the "Add IP Address Range"
checkbox.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 222

Using the Console
Management Console Manage tab

2. Static Mapping Mode

Select "Static Mapping Mode" from the Operation Mode, specify the desired Fail Over Mode option
and fill in the IP Address Settings.
Populate and Specify the IP Address Settings table by the IP Addresses of the Client machine and
the corresponding IP Address that must be used for any Propalms application launched from that
machine.

The Static Mapping Mode allows few more options in case of failure.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 223

Using the Console
Management Console Manage tab

In Case of Failure
The "In case of failure" field determines the behavior of the system when a unique IP Address
could not acquire from the Static Mapping Table (in other words all the IP Addresses in the IP
Address Settings table are already in use).

• Abort Launch: If the Fail Over Mode is set to Abort Launch then the system will prevent the
launch if the Static IP Address Mapping is not found.
• Acquire Unique IP from Pool: In this case of Fail Over Mode, if the system fails to get a
static IP from the pre defined IP Address list then it will try to acquire a unique IP Address
from the Pooling Mode table.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 224

Using the Console
Management Console Manage tab

NOTE

If in case the unique IP Address could not be acquired from the Pooling Mode IP
Addresses table then the application launch is not guaranteed. If a unique IP
address could not be acquired from the IP Pool then the launch will fail with an
appropriate error message.

• User Terminal Servers IP: In this case if no static mapping exists for this particular client IP
Address then it will always use the Terminal Servers IP Address and let the launch proceed
as if the Virtual IP Feature is disabled.
• Automatically Choose Best Option: Using this Fail Over Mode, if the system fails to get
static mapping for the client machine, it will first try to acquire a unique IP Address from the
Pooling Mode table. Even though if unique IP Address could not be acquired from the
Pooling Mode table still the application launch is always guaranteed in this case as then the
launch will proceed and use the "Use Terminal Servers IP" Fail Over Mode solution and
continue to behave exactly like it would have worked when the Virtual IP feature was not
present or it was disabled.
How to verify if the application is using a different IP Address than the on of the TSE Application
Server on which it is running?
1. Download and Install a third party application called "Putty" from the web. This is a popular
SSH/ Telnet Client.
2. Provision Putty through the Propalms TSE Console.
3. Copy the "Listen.EXE" file onto any other machine from the Propalms TSE Tools Package.
It is preferred to copy the EXE file onto a separate machine other than the Client or TSE
Server. This is a sample application which listens on a port that has been specified when
started and whenever any TCP/ IP connection is established, it displays the IP Address of
the connecting entity. This can be initially checked by simply running this EXE and using
the "Start Listening" button. Then TELNET to this machine on port 8888 and this EXE file
will display the IP Address of the connecting entity.
4. Now launch "Putty" via Propalms TSE launchpad site, keep the Listen.EXE file running on
a separate machine. In the User Interface of Putty, type the IP Address of the machine on
which the Listen.EXE is running, then specify the port as 8888 and press the "Open"
button.
5. The Listen.EXE will display an IP Address other than the IP Address of the TSE Server on
which it is running.

Update content redirection

The latest Propalms TSE v7.0 supports Server to Client content redirection; this makes it possible
to redirect certain types of content ( HTTP, HTTPS, PNM, RTSP) to the client machine instead of
opening these links on the server inside the Propalms TSE Session.
The latest Propalms TSE v7.0 now supports PDF content redirection.
For example if you have published an email client application like Outlook and you have launched
this application using Propalms and you receive an e-Mail that has an HTTP link to external web
site; in the absence of Content Redirection, when you click this link a browser will be launched on
the server inside the existing session in which Outlook is running. Then a browser which is running
inside a TSE session on the server will open the link using the server's Internet connection. If the
network settings such as the proxy etc are not properly configured on the server then it may not
even work. Content redirection helps mitigate such issues.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 225

Using the Console
Management Console Manage tab

When Content Redirection is enabled, the links invoked from within the applications running inside
a TSE session, will open a browser (or any other associated application like RealPlayer ) on the
client machine locally.
The Content Redirection Feature is available only when using Propalms Connection Manager.
Content redirection is not supported with Java Client, Native Client, Windows CE Clients and on
Linux or Mac OS X Platforms.
The Content redirection feature supports links of following types only HTTP, HTTPS, RTSP and
PNM. RTSP and PNM are proprietary protocols of RealNetworks and are supported by
RealPlayer for streaming audio data.
When Content Redirection is enabled for PDF files, PDF files in TSE sessions will be opened
using local client PDF reader.
To configure the Content Redirection settings, go to Manage> Servers> and select a server. Then
click on Update Content Redirection in the left menu.
You will be able to enable/disable content redirection and select the redirected content types
(HTTP/ HTTPS/ PNM/ RTSP/ PDF) on this page.
Configure the desired settings and click the Update button.

Native RDP to Server

TSE Admins can connect via RDP to all their TSE servers from Propalms Management Console-
Manage-Servers page. Simply select the server to connect to on the Manage-Server page and in
the Actions Menu click on “Connect via native RDP”. This will launch an RDP connection to the
selected server. Admin can select as many servers as needed from the Server list and start a RDP
connection to all simultaneously.

Manage content
Propalms TSE allows companies/ administrators to publish specific content via Propalms TSE. It
can be individual files or virtual locations on the Internet. This can be done using the local/ network
UNC path or the Web URL. This content will be accessible by the Propalms TSE users from their
TSE Launchpad from the Content tab. The published Content can even be managed in terms of
Domain Groups connectivity with Propalms TSE.
The Content page under Propalms TSE Console> Manage gives a detailed overview of all the
Content that has been added into Propalms TSE. It can be sorted by Title, Location or Description
and can even be searched in between content.This page enables you to do the following:
“Add content to Propalms TSE”
“Update content”
“Remove content”
“Add content to groups”
“Remove content from groups”
“Add content to OUs”
“Remove content from OUs”
“Add content to users”
“Remove content from users”

Propalms Terminal Services Edition Administrator Guide--1 March 2013 226

Using the Console
Management Console Manage tab

Add content to Propalms TSE

Propalms administrators can execute the following actions for Adding Content in Propalms
TSE:
Go to, Propalms TSE Console> Manage> Content> Click on Add Content and specify the
Content Name, Description and Location in the Content Information section. The Content Name
and Location are mandatory fields.
Once the Content Information is specified, click on Next. This will allow you to select the specific
Domain Group to which the Content should be available. Select the Domain Group name and click
on Next. It will show a confirmation message with the overview of the Content Published. You can
go back and edit the Content but if the Content is perfect, click on Add.

Update content
To Update (Edit) Content, go to Propalms TSE Console> Manage> Content and Click on Update
Content. Select the Content that needs to be updated and click on Next.
Update the Content as per your requirement and click on Update. This will be updated across all
TSE users.

Remove content
To Remove (Delete) Content, go to Propalms TSE Console> Manage> Content> and Click on
Remove Content. Select the Content that needs to be removed and click on Next.
The confirmation page will be displayed, click on Remove. The content will be removed for all TSE
users and the Job Status will be shown on the TSE Console Screen after completion.

Add content to groups

You can add content to groups that exist within Propalms Terminal Services Edition.
To add an application to groups:
1. From the Manage> Content page, select an application and click Add Groups.
2. Select the groups that are to receive access to the content, and click Add.
This provisions the content to the selected groups.

NOTE
If you want to add content to groups that are not on this list, you must add these groups to
Propalms Terminal Services Edition from the existing domain from Manage>Groups>Add
Groups page. After you add a group to Propalms Terminal Services Edition, you can add
content to it.

Remove content from groups

You can add remove content availability to groups that have been assigned some content.
To remove specific content from groups:
1. From the Manage>Applications page, select the content and click Remove Groups.
2. Select the groups that should no longer access this content, and then click Remove.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 227

Using the Console
Management Console Manage tab

Propalms Terminal Services Edition will no longer provision the content to those selected groups.

Add content to OUs

You can add content to OUs that exist within Propalms Terminal Services Edition.
To add some specific content to an OU:
1. From the Manage>Content page, select the content and click Add OUs.
2. Select the OUs that are to receive access to the content, and click Add.
This provisions the content to the selected OUs.

NOTE
If you want to add content to OUs that are not on this list, you must add these OUs to
Propalms Terminal Services Edition from the existing domain from Manage>OUs>Add
OUs page. After you add an OU to Propalms Terminal Services Edition, you can add
content to it.

Remove content from OUs

You can remove content availability from OUs that have been assigned some content.
To remove content from an OU:
1. From the Manage>Content page, select the content and click Remove OUs.
2. Select the OUs that should no longer be able to access this content and click
Remove.
Propalms Terminal Services Edition will no longer provision the content to
those selected OUs.

Add content to users

You can directly provision existing content to existing users in the Propalms Terminal
Services Edition system.
To provision content to a user that exists within Propalms Terminal Services Edition:
1. From the Manage>Content page, select the desired content and click Add Users.
2. Select the Logon Name of the users that are to receive access to the content
and click Add.
If you want to provision content to users that are not on the list, you must first add the users to
Propalms Terminal Services Edition and then add the content to the users. For more information,
refer to “Add a user”.

Remove content from users

You can remove content availability from users who have been assigned the content.
To remove content from existing users in the Propalms Terminal Services Edition system:

Propalms Terminal Services Edition Administrator Guide--1 March 2013 228

Using the Console
Management Console Manage tab

1. From the Manage>Applications page, select the content and click Remove Users.
2. Select the Logon Name of the users who should no longer access this content
and click Remove.

Manage groups
Use the Manage>Groups page to know about domain Groups, to add or remove Groups to or
from Propalms Terminal Services Edition; to synchronize the Propalms Terminal Services Edition
domain Groups with the corporate domain’s Groups; or to add or remove applications to or from
the purview of a Group.
The summary page displays all of the groups that are set up to use Propalms Terminal Services
Edition. You can use this page to see the subset of groups, from among all groups in the existing
domain, that can use Propalms Terminal Services Edition.
In all instances, you can add, update, and remove properties for one object. In many instances,
you can add, update, or remove properties for many or for all of the instances of an object. For
example, for groups, you may want to update or delete all groups at one time. You may also want
to synchronize several groups with the existing domain.
This section provides step-by-step procedures to do the following:
"Add a group"
"Remove a group"
"Synchronize a group"
"Add applications to a group"
"Remove applications from a group"
“Add Folder to assign applications”
“Remove Folder”
“Update Lockdown Policy to a group”

Add a group
Use the Add Group action to add a group to Propalms Terminal Services Edition. You would do
this if you wanted to provision an application to a group of users. To perform this add event, from
the Manage>Groups page, click Add Group. Propalms Terminal Services Edition reads all of the
groups in your selected domain and displays them in ascending order. Select groups you would
like to provision applications to, and click Next. Select the applications you would like to provision
to the selected groups and click Next. Verify that the displayed information is correct and click
Add. All the selected groups will have access to the applications you have selected. To add more
applications to a group, see "Add applications to groups".

Remove a group
Use the Remove Group action to remove a group from Propalms Terminal Services Edition. To
perform this, from the Manage>Groups page, select the group that you want to remove and click
Remove Group. Verify that the displayed information is correct and click Remove. When you
remove a group, anyone from that group who is using Propalms Terminal Services Edition can
continue and complete their current session. However, they will be unable to launch a new
session.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 229

Using the Console
Management Console Manage tab

Synchronize a group
The Synchronize Group action ensures that the group information in the Propalms Terminal
Services Edition domain remains synchronized with the group information in the corporate domain.
This ensures that any addition or removal of users to or from a corporate domain group also
appears in the corresponding Propalms Terminal Services Edition group. It is important that
information concerning these two groups remains synchronized. To perform this, from the
Manage>Groups page, select the group that you want to synchronize and click Synchronize
Group. Verify that the displayed information is correct and click Synchronize.

Add applications to a group

You can add applications to groups that exist within Propalms Terminal Services Edition. When
you use this action, from the Manage>Groups page, select a group and click Add Applications.
Select the folders that should be added to these groups and click Next. You can add multiple
applications to groups in one operation too. To do this, choose multiple groups and click Add
Applications. Select the applications that should be added to these groups and click Add.
Afterwards, the selected applications will be available from the selected groups.

NOTE
Propalms Terminal Services Edition will overwrite any previous selection of applications
for these groups with this newly selected set of applications.

Remove applications from a group

You can take applications away from groups that exist within Propalms Terminal Services Edition.
When you use this action, from the Manage>Groups page, select a group and click Remove
Applications. Select the folders to remove and click Next. Select the applications to remove and
click Remove. The selected applications will no longer be available to users in that group.

Add Folder to assign applications

The Add Folder action allows you to add existing folder(s) to assign all its applications to the
group(s) / OUs / users. You can reach this page from Manage>Groups>Add Applications /
Manage>OUs>Add Applications / Manage>Users>Add Applications page.
To add folder(s):
1. From the Manage>Groups / Manage>OUs / Manage>Users page, select groups / OUs /
Users and click Add Applications button.
2. From the Add Folder page, select the listed folders(s) and click Next button.

Remove Folder
The Remove Folder action allows you to remove existing folder(s) to remove all its applications
from the group(s) / OUs / users. You can reach this page from Manage>Groups>Remove
Applications / Manage>OUs>Remove Applications / Manage>Users>Remove Applications
page.
To remove folder(s):
1. From the Manage>Groups / Manage>OUs / Manage>Users page, select groups / OUs /
Users and click Remove Applications button.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 230

Using the Console
Management Console Manage tab

2. From the Remove Folder page, select the listed folders(s) and click Next button.

Update Lockdown Policy to a group

Link Lockdown policies to Groups, using the Update lockdown Policy, Action menu on the
Manage-Groups page in TSE Console.

Clicking on the TSE Groups in TSE Console – Manage- Groups page now shows the applications,
printers and lockdown policies assigned to the specific Group.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 231

Using the Console
Management Console Manage tab

Manage OUs
Use the Manage>OUs page to know about the domain’s OUs, to add or remove OUs to or from
Propalms Terminal Services Edition; to synchronize the Propalms Terminal Services Edition
domain OU with the corporate domain’s OU; or to add or remove applications to or from the
purview of an OU.
The summary page displays all of the OUs that are set up to use Propalms Terminal Services
Edition. You can use this page to see the subset of OUs, from among all domain OUs, which can
use Propalms Terminal Services Edition.
In all instances, you can add, update, and remove properties for one object. In many instances,
you can add, update, or remove properties for many or for all of the instances of an object. For
example, for OUs, you may want to update or delete all OUs at one time. You may also want to
synchronize several OUs with the existing domain.
This section provides step-by-step procedures for the following:
"Add an OU"
"Remove an OU"
"Synchronize an OU"
"Add applications to an OU"
"Remove applications from an OU"
"Update Lockdown Policy to an OU"

Add an OU
Use the Add OU action to add an OU to Propalms Terminal Services Edition. You would do this if
you wanted to provision an application to an OU. To perform this function, from the Manage>OUs
page, click Add OU. Propalms Terminal Services Edition reads all of the OUs in your selected
domain and displays them in ascending order. Select folders you would like to provision to those
OUs, and click Next. Select all the OUs to which you would like to provision applications. Click
Next. Select applications you would like to provision to those OUs, and click Next. Verify that the
information is correct, and click Add. Now all the selected OUs will have access to the applications
you have selected. To add more applications to an OU, see "Add applications to OUs".

Remove an OU
Use the Remove OU action to remove an OU from Propalms Terminal Services Edition. To
perform this action, from the Manage>OUs page, select the OU that you want to remove and click
Remove OU. Next, you verify that the OU you selected is the one you want to remove, and then
you click Remove. When you remove an OU, anyone from that OU who is using Propalms
Terminal Services Edition can continue and complete their current session. However, they will not
be able to launch a new session.

Synchronize an OU
The Synchronize OU feature ensures that the OUs in Propalms Terminal Services Edition are
synchronized with the OU information in the existing domain. This means that any addition or
removal of users to or from a corporate domain OU is reflected in the Propalms Terminal Services
Edition OU. It is important that you keep the Propalms Terminal Services Edition OUs in sync with
the existing domain OUs for proper functioning of Propalms Terminal Services Edition. To perform

Propalms Terminal Services Edition Administrator Guide--1 March 2013 232

Using the Console
Management Console Manage tab

this, from the Manage>OUs page, select the OU that you want to synchronize and click
Synchronize OU. Verify that the displayed information is correct and click Synchronize.

Add applications to an OU
You can add applications to servers that exist within Propalms Terminal Services Edition. When
you use this action, from the Manage>OUs page, select an OU and click Add Application. Select
the folders that should be added to these OUs and click Next. The application will now be available
from your selected OUs. You can add multiple applications to OUs in one operation too. To do this,
choose multiple OUs, click Add Application, and select the applications to add to these OUs, and
click Add. Afterwards, the selected applications will be available from the selected OUs.

NOTE
Propalms Terminal Services Edition will overwrite any previous selection of applications
for these OUs with this newly selected set of applications.

Remove applications from an OU

You can take applications away from OUs that exist within Propalms Terminal Services Edition.
When you use this action, from the Manage>OUs page, select an OU and click Remove
Applications. Select the folders to remove, and click Next. Select the applications to remove, and
click Remove. Afterwards, the selected applications will no longer be available to users in that OU.

Update Lockdown Policy to an OU

Link Lockdown policies to OUs, using the Update lockdown Policy, Action menu on the Manage-
OU's page in TSE Console.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 233

Using the Console
Management Console Manage tab

Clicking on the TSE OU under TSE Console – Manage- OU page now shows the applications,
printers and lockdown policies assigned to the specific OU.

Manage users
You access this page to know about the domain’s Users of Propalms Terminal Services Edition; to
add or remove Users to or from Propalms Terminal Services Edition; or to add or remove
applications to or from the purview of User.
The summary page displays all of the users that are set up to use Propalms Terminal Services
Edition. You can use this page to see the subset of users, from among all domain users, who can
use Propalms Terminal Services Edition.
In all instances, you can add, update, and remove properties for one object. In many instances,
you can add, update, or remove properties for many or for all of the instances of an object. For
example, for users, you may want to update or delete many users at one time.
This section provides step-by-step procedures to do the following:
"Add a user"
"Remove a user"
"Add applications to a user"
"Remove applications from a user"
"Add Folder to assign applications"
"Remove Folder"

Add a user
Use this option to add a user to Propalms Terminal Services Edition. You would do this if you
wanted to provision an application to a specific user or users. To perform this function, from the
Manage>Users page, click Add User. Propalms Terminal Services Edition reads all of the users in
your selected domain and displays the full name and logon name of each user in ascending order.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 234

Using the Console
Management Console Manage tab

Select all the users you would like to provision applications to and click Next. Select applications
you would like to provision to those users and click Next. Verify that the information is correct, and
click Add. Now all those users will have access to the applications you have selected. To add more
applications to a user, see "Add applications to users".

NOTE
You cannot add a user, whose First Name or Last Name has more than 60 characters, to
the Propalms Terminal Services Edition system.

Remove a user
Use this option to remove a user from Propalms Terminal Services Edition. To perform this
remove, from the Manage>Users page, select the user that you want to remove and click
Remove User. Verify that the information is correct, and click Remove. When you remove a user,
if that user is using Propalms Terminal Services Edition, that user can continue and complete the
current session. However, that user will not be able to launch a new session.

Add applications to a user

You can provision applications to users that exist within Propalms Terminal Services Edition. When
you use this action, from the Manage>Users page, select the user that will receive additional
applications and click Add Applications. Select the applications that you want to provision and
click Add. The selected applications will now be available to the user.

NOTE
You can provision application to individual users; however, you should generally provision
applications at the Group or OU level. In this way, you can provision, with only one action,
to all users who belong to a Group or OU.

If you have one user in a group or OU who needs access to one additional program, a
program that the others users should not use, that would be a perfect opportunity to use
this function to provision that one application to that one user.

Remove applications from a user

You can take one or more applications away from users that exist within Propalms Terminal
Services Edition. When you use this action, from the Manage>Users page, select a user and click
Remove Applications. Select the applications you want to remove and click Remove.
Afterwards, the selected applications will no longer be available to that user through provisioning at
a user level.
Meanwhile, if the user inherits use of the same applications from a group or OU, then that user will
continue to have use of that application until you remove the application from that Group or OU or
until you remove the User from the Group or OU that inherits these applications.

Add Folder to assign applications

Propalms Terminal Services Edition Administrator Guide--1 March 2013 235

Using the Console
Management Console Manage tab

To add folder(s):
1. From the Manage>Groups / Manage>OUs / Manage>Users page, select groups / OUs /
Users and click Add Applications button.
2. From the Add Folder page, select the listed folder(s) and click Next button.

Manage domains
Use the Manage>Domains page to add or remove Domains to or from Propalms Terminal
Services Edition, or to synchronize the Propalms Terminal Services Edition Domains with the
corporate Domain.
In all instances, you can add, update, and remove properties for one object. In many instances,
you can add, update, or remove properties for many or for all of the instances of an object. For
example, for domain, you may want to update or delete several domains at one time. You may also
want to synchronize several Propalms Terminal Services Edition domains with the existing
domains.
This section provides step-by-step procedures to do the following:
"Add a domain"
"Remove a domain"
"Synchronize a domain"

Add a domain
Use this option to add a domain to Propalms Terminal Services Edition. To perform this addition,
from the Manage>Domains page, click Add Domain. Type the name of the domain you wish to
add, and click Next. Review the domain information and click Add. After you add a new domain to
your system, you must add OUs, groups, and users from that domain to Propalms Terminal
Services Edition and provision applications to these entities.

NOTE
If you want to add an Active Directory domain running on Windows Server 2003 to a
Propalms Terminal Services Edition team, make sure that the computer where Propalms
Terminal Services Edition Web Server role is installed is a part of the same an Active
Directory domain running on Windows Server 2003, or is a part of one of the domains in
the same Windows Server 2003 forest. You cannot add a trusted an Active Directory
domain running on Windows Server 2003 to a Propalms Terminal Services Edition team in
an Active Directory domain when the two domains are in different forests.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 236

Using the Console
Management Console Manage tab

For Active Directory synchronization to take place for users at logon, you need to give the required
permissions to the Propalms Terminal Services Edition Identity account to access information from
the Active Directory in the new domain. For information on how to do this, refer to "Prerequisites".

Remove a domain
Use this option to remove a domain from Propalms Terminal Services Edition. To perform this
function, from the Manage>Domains page, select the domain that you want to remove and click
Remove Domain. Verify that the domain listed is the one you want to remove and click Remove.

Synchronize a domain
Use this option to synchronize a domain that resides in Propalms Terminal Services Edition with
the current view of the corporate domain. This will synchronize all users, OUs, and groups from
that domain. This synchronization may result in application assignment changes because of users
moving from one department or division to another, which might result in a user appearing in a
different domain group or OU; one which uses different applications. To perform this
synchronization function, from the Manage>Domains page, click Synchronize Domain, verify
that you selected the domain you intended to select and click Synchronize.

Manage Client Groups

Use the Manage>Client Groups page to add, remove, or update a Client Group; to update filter
criteria; or to add or remove applications, printer, or clients to existing Client Groups.
This section provides step-by-step procedures to do the following:
"Add Client Group"
"Update Client Group"
"Update filters"
"Remove Client Group"
"Add applications to a Client Group"
"Remove applications from a Client Group"
"Add printers"
"Set default printer"
"Remove printers"
"Add clients"
"Remove clients"

Add Client Group

To add a Client Group:
1. On the Manage> Client Groups page, click Add Client Group.
2. The Add Client Group page opens. While adding a Client Group you need to:
• "Add Client Group information"
• "Add filters"
• "Select applications"
• "Select printers"

Propalms Terminal Services Edition Administrator Guide--1 March 2013 237

Using the Console
Management Console Manage tab

• "Select clients"
The sections that follow explain each of these in detail. Select/Enter the relevant information on
each page.
Add Client Group information
The Add Client Group page allows you to specify the Client Group information, launch settings,
and restrictions on clients.
Client Group Information
Name*
This Client Group name appears on the Propalms Terminal Services Edition reports. You should
specify a meaningful name for a Client Group.
Description
This provides free-form text that identifies or clarifies other information.
Launch Settings
Connection Setting
The connection setting object determines the properties of the connection between the client
computer and the Propalms Terminal Services Edition application server. It contains a number of
parameters that affect the security of the connection. For more information, see "Manage
connection settings" and "Connection settings".
Restrictions on Clients
Do Not Allow Save Password
Select this check box to prohibit the users from saving their passwords. If you do not select this
option, then the users will see the Automatically Log On From This Computer check box on the
Propalms Terminal Services Edition Application Launch Pad.
Do Not Allow Creation Of User Shortcuts
Select this check box to prohibit users from adding shortcuts to their Start Menu or to their
desktops. If you do not select this check box, users can use the Options page on their Launch Pad
to configure shortcuts. If you select this option, then the users will not see this option on their
Propalms Terminal Services Edition Application Launch Pad.
Disable Propalms Terminal Services Edition File Associations
Select this check box to disable file associations on the clients for the Client Group applications
that belong to this Client Group.
Hide Propalms Connection Manager Tray Icon
Select this option to hide the Propalms Connection Manager Tray Icon. In this case, the users will
be able to launch applications only from the user shortcuts if the administrator has not disabled
shortcuts, or from the Launch Pad.
Click Next to go to the Add Filters page.
Add filters
The system sorts clients into Client Groups based on the Client Group filters. The Add Filters
pages allow you to specify filters based on many criteria such as client Private IP & Public IP
address, NetBIOS name, operating system, or OU.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 238

Using the Console
Management Console Manage tab

Client Private IP Range

In the IP From and To fields, enter the start and end of the client Private IP address range to be
sorted to this Client Group. The client Private IP range filter allows you to specify up to 10 IP
ranges for each Client Group.
Client Public IP Range
In the IP From and To fields, enter the start and end of the client Public IP address range to be
sorted to this Client Group. The client Public IP range filter allows you to specify up to 10 IP ranges
for each Client Group.
Client NetBIOS Name
In the Starts With, Contains, and Ends With fields, enter the relevant strings for the criteria based
on the letters in the NetBIOS name of the client. The client NetBIOS name filter allows you to
specify up to ten criteria for each Client Group.
Client OS
Select the relevant operating systems.
Click Next to specify the OU filter.
OU Name
Select the OUs you want to add to the Client Group.
Click Next to proceed to the Select Applications page.
Select applications
The Select Applications page allows you to select applications that will be available to the clients
that are sorted to the Client Group. The page displays all the applications in the Propalms Terminal
Services Edition system. When a user launches a Client Group application, the authentication
dialog box opens and the user has to enter valid credentials to launch the application.
Select the applications and click Next to proceed to the Select Printers page.
Select printers
The Select Printers page allows you to select printers that will be available to the clients that are
sorted to the Client Group. All the members of the Client Group can print on the Client Group
printers in addition to the client printers and the Application Server printers. By default, the page
does not display any printers. Click Find to display all the printers in all the domains in Propalms
Terminal Services Edition. Select the printers that you want to add and click Next to proceed to the
Select Clients page.
Select clients
The Select Clients page allows you to add existing clients to the Client Group. The client is
removed from the Default Client Group and is sorted to the selected Client Group. Dynamic
Sorting should be OFF for this. The page displays all the clients from the Default Client Group.
Select the clients you want to add to the selected Client Group, and click Next.
The Add Client Group page displays the choices you make in the Add Client Group sequence.
Review the information and click Add to add the Client Group to the system.

Update Client Group

Use the Update Client Group page to update Client Group information, connection settings, and
restrictions on the client group. To update a Client group, from the Manage>Client Group page,
select a Client Group and click Update Client Group. Change the relevant information and click

Propalms Terminal Services Edition Administrator Guide--1 March 2013 239

Using the Console
Management Console Manage tab

Update. All of the properties that appear on this page also appear on the Add Client Group page;
for more information on these variables, refer to "Add Client Group".

Update filters
You can sort the clients into Client Groups based on many criteria such as client IP address,
NetBIOS name, operating system, or OU. Any client that satisfies even one of these conditions
can be sorted to the Client Group. You can even add individual clients from any other Client Group
to the selected Client Group. The selected clients are removed from the earlier Client Group and
moved to the selected Client Group. Dynamic Sorting has to be OFF for this. For more information
on sorting to Client Groups, refer to "Use case analysis".
To update filters for a Client Group, on the Manage>Client Groups page, select the Client Group
you want to modify, and click Update Filters. Enter information in the following fields:
Client IP Range
In the IP From and To fields, enter the start and end of the client IP address range. The client IP
range filter allows you to specify up to ten IP ranges for each Client Group.
Client NetBIOS Name
In the Starts With, Contains, and Ends With fields, enter the relevant strings for the criteria based
on the letters in the NetBIOS name of the client. The client NetBIOS name filter allows you to
specify up to ten criteria for each Client Group.
Client OS
Select the relevant operating systems.
Click Next to set the OU Name filter.
OU Name
Select the OUs you want to add to the Client Group.
Click Next to set the Client Name filter.
Client Name
Select the Client Names from Default Client Group you want to add to the Client Group.
Click Next. Verify the displayed information and click Update.

Remove Client Group

Use this option to remove a Client Group from Propalms Terminal Services Edition. To perform this
function, from the Manage>Client Groups page, select the Client Groups you want to remove and
click Remove Client Group. Verify that the client groups listed are the ones you want to remove
and click Remove.

Add applications to a Client Group

You can provision applications to Client Groups that exist within Propalms Terminal Services
Edition. From the Manage>Client Groups page, select the Client Groups that will receive
additional applications and click Add Applications. Select the applications that you want to add
and click Add. Those applications will now be available to the selected Client Groups.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 240

Using the Console
Management Console Manage tab

Remove applications from a Client Group

You can take one or more applications away from client groups that exist within Propalms Terminal
Services Edition. When you use this action, from the Manage>Client Groups page, select the
Client Groups and click Remove Applications. Select the applications you want to remove and
click Remove. Afterwards, the selected applications will no longer be available to the Client
Groups through provisioning at a Client Group level.
Meanwhile, if the user inherits use of the same applications from a group or OU, then that user will
continue to have use of that application until you remove the application from that Group or OU or
until you remove the User from the Group or OU that inherits these applications.

Add printers
You can add printers to a Client Group. All the members of a Client Group can print on the Client
Group printers in addition to the client printers and the Application Server printers. To add printers
to Client Groups, from the Manage>Client Groups page, select the Client Groups and click Add
Printers. By default, the page does not display any printers. Click Find to display all the printers in
all the domains in Propalms Terminal Services Edition. Select the printers that you want to add and
click Add. The selected printers will now be available to the selected Client Groups.

Set default printer

You can set the default printer for a client group. The default Client Group printer overrides the
default printer set on the client for applications launched through Propalms Terminal Services
Edition. To set the default printer for a Client Group, from the Manage>Client Groups page, select
the Client Group and click Set Default Printer. The page displays all the printers that have been
added to the Client Group. Select the printer that you want to set as default and click Update.

Remove printers
You can remove the printers assigned to a Client Group. The removed printer will then not be
available to the members of the Client Group through the Client Group assignment. To remove
printers assigned to Client Groups, from the Manage>Client Groups page, select the Client
Groups and click Remove Printers. The page displays all the printers that have been assigned to
the Client Groups. Select the printers that you want to remove, and click Remove.

Add clients
You can add existing clients to a Client Group. The client is removed from its current Client Group
and is sorted to the selected Client group. Dynamic Sorting should be OFF for this. To add clients
to a Client Group, from the Manage>Client Groups page, select the Client Group and click Add
Client. The page displays all the clients that exist in the Propalms Terminal Services Edition
system. Select the clients you want to add to the selected Client Group, and click Add.

Remove clients
You can either move clients sorted to a Client Group to the default Client Group or you can remove
them from Propalms Terminal Services Edition. Dynamic Sorting should be OFF for this. To
remove clients from a Client Group, from the Manage>Client Groups page, select the Client
Group and click Remove Client. From the Remove Clients Option list, select one of the following
and click Next:
• Move to Default Client Group

Propalms Terminal Services Edition Administrator Guide--1 March 2013 241

Using the Console
Management Console Manage tab

• Remove from Propalms Terminal Services Edition

The page displays all the clients that are sorted to the selected Client Group. Select the clients you
want to remove from the Client Group and click Remove.

Manage connection settings

Connection Settings define the manner in which applications are launched in Propalms Terminal
Services Edition. An administrator can update properties of a connection setting or create new
connection settings and apply them to applications. If the administrator permits, the end user
(using the Propalms Terminal Services Edition Launch Pad) can choose a connection setting to
use from among any predefined connection settings.
In all instances, you can add, update, and remove properties for one object. In many instances,
you can add, update, or remove properties for many or for all of the instances of an object. For
example, for connection settings, you may want to update all connection settings or to delete
several connection settings at one time.
This section provides step-by-step procedures to do the following:
"Add setting"
"Update setting"
"Remove setting"
"Select default"

Add setting
The Add Setting action allows you to add a new connection setting to the Propalms Terminal
Services Edition system. To add connection settings, you first need to choose a template, and then
specify the settings. For detailed information on templates, refer to "Connection settings
templates".
To add a set of connection settings:
1. From the Manage>Connection Settings page, click Add Settings.
2. Choose a template and click Next.
3. Select/Enter the relevant terminal service settings and click Next.
4. Select the Propalms Terminal Services Edition feature settings and click Next.
5. The Add Setting page displays the choices you make in Steps 3 and 4. Review the
information, and click Add.
Following are the fields you need to specify while adding connection settings.
Information
Name
This name identifies this profile.
Description
This description is a free-form field where you can enter information about who requested this
profile or who will use this profile.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 242

Using the Console
Management Console Manage tab

Allow Users to Select This Connection Setting

Select this check box to make this connection setting available to users. When you select this
check box, the users can use the Launch Pad Options page to choose this setting for launching
applications.
TSE Terminal Settings
Screen Size
This is the size of the WTS screen in pixels.
Color Depth
This is the number of distinct colors that Propalms Terminal Services Edition displays for
applications running under Propalms Terminal Services Edition. Color depth is associated with bit
depth as it relates the number of bits used for each pixel.

The color depth of an 8-bit setting is 28, that is, 256 colors. Propalms Terminal Services Edition
offers these color depth settings: 8 bit, 15 bit, 16 bit, 24 bit.
Bitmap Caching
This enables an area in the memory of a user's computer where bitmaps can be temporarily
stored.
Enable Compression
This enables you to turn off or to turn on a second level of compression, final bit stream
compression. RDP provides the first level of compression. This second level compression does
not affect the fundamental RDP compression algorithm.
Enable Serial Ports
This enables you to make your local serial port available in a session. Depending on the policies of
your network, local serial port mapping might be disabled for some or all remote connections.
Desktop Composition
This setting is used to turn On/Off the Vista desktop composition feature.
The new Windows Vista desktop composition feature enables visual effects on the desktop as well
as various features, such as glass window frames, 3-D window transition animations, Windows
Flip and Windows Flip3D, and high resolution support. Now Propalms allows its users to benefit
from the latest Windows 2008/ Vista specific Desktop Composition feature along with Propalms
TSE. Propalms TSE Team can be configured to fundamentally change the way applications
display pixels on the screen on Vista Client Machines.
Desktop Background
This enables encryption of data during transmission.
Show Contents of Windows While Dragging
This allows you to enable a window to show its entire contents even while you are dragging it
across the desktop.
Menu and Windows Animation
This allows you to turn on or turn off menu and Windows animation.
Themes
This enables you to turn on or turn off a feature that influences the appearance of a desktop by
providing components that support a specific theme such as a nature theme or a space theme.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 243

Using the Console
Management Console Manage tab

The components that may reflect this theme include desktop images, screen savers, cursors,
icons, or sounds.

TSE Client Settings

Launch Full Screen
This mode launches a Propalms Terminal Services Edition application session using the full area
of a display screen.
Connection Bar in Full Screen
This setting is used to enable or disable the appearance of connection bar for the sessions
launched in full screen mode.
Reconnect if connection is dropped
If there are active sessions and the connection get dropped from server due to some network
problem then in this case you can enable auto reconnect using this feature. If you set this setting
“ON” then when connection lost it automatically try to reconnect it.
Enable Sound
Audio redirection enables the client to receive locally any sounds that a remote session generates.
Smooth Scroll
This toggles between smooth scroll, which shows a continuous page of information, and paging,
which provides a page-by-page view.
Enable Smart Sizing For Non Seamless Launch
This allows Smart Sizing for Non Seamless Application Launch for User.
Multiple Monitor Support (for 2K8 R2 / 2k12)
New extended desktop (True Multiple monitor) features included in RDC 7.0 support multi-head
video cards across multiple monitors.
Enable RemoteFX (for 2K8 R2 / 2k12)
RemoteFX is an new technology included in Windows Server 2008 R2/ Windows 7 SP1 designed
to improve visual capabilities of Windows 7 RDC. Improvements include 3D Graphics capabilities,
OpenGL, full motion video and USB redirection for devices like webcam, scanner etc.
Font Smoothing
TPropalms TSE now supports the latest Windows 2008 Server feature of 32-bit Color and Font
Smoothing across Propalms TSE user sessions. Use this setting to turn this feature Off/ On.
Enable Virtual Channel Client DLL's
This setting determines whether users can use custom virtual channel facility provisioned by RDP
protocol. To use virtual channels, user must provide the server-side and client-side components of
a virtual channels application. The server component can be a user-mode application or a kernel-
mode driver. The client component must be a DLL.
Enable Redirect SmartCard
This connection setting will enable the redirection of Smartcards on the Client-side for
authentication of the published applications through Propalms TSE.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 244

Using the Console
Management Console Manage tab

Client Resource Redirection

This setting enables administrator to choose which type of drives to be mapped in the TSE
session. This will add to application launch time improvement and security.
Enable Client File System Sharing
This setting enables to TURN ON and TURN OFF the Client Drive sharing.
Compression
This setting dictates whether IFS data will be compressed or not. This field can have values: ON,
OFF or UNSPECIFIED. By default, it’s OFF.
Removable Drive
This setting determines whether removable drive like floppy Disk, USB Drives etc. should be
mapped in the TSE session.
Fixed Drive
This setting determines whether fixed drive should be mapped in the TSE session.
Network Drive
This connection setting determines whether network drives should be mapped in the TSE session.
CDROM Drive
This connection setting determines whether CDROM drive should be mapped in the TSE session.

NOTE
IFS data is always transmitted in encrypted form.

Allow Client Printer Redirection

This connection setting will enable the redirection of Printer on the Client-side.
Propalms Terminal Services Edition Features
Seamless Windows
This enables the seamless window feature, which hides the Terminal Server Frame from around
your remote applications.
Disable MS Seamless
This disable the Miicrosoft Seamless feature.

System Tray Seamless

With this new Seamless enhancement, published apps through TSE that create system tray icons
when run (eg: Skype Or GTalk), a similar system tray icon will be created in Clients system tray,
giving users the feel of the app being run locally. The system tray icon will also the app control
menus available on it, By default this feature is disabled in Propalms TSE Connection settings.
Enable TS Gateway Server
This setting allows the administrator to enable/ disable the TS Gateway feature after the TS
Gateway Server details have been specified in the TSE Options page.
TS Gateway server is a type of gateway that enables authorized users to connect to remote
computers on a corporate network. These authorized users can connect from any computer by
using an Internet connection.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 245

Using the Console
Management Console Manage tab

TS Gateway uses the Remote Desktop Protocol (RDP) together with the HTTPS protocol to help
create a more secure, encrypted connection. A TS Gateway server uses port 443.
Now Propalms allows its users to benefit the latest Windows 2008 TS Gateway feature along with
Propalms TSE. Propalms TSE team can be configured to work along with a pre-existing TSE
Gateway Server. The administrator will have to specify certain details and the Propalms user
sessions will be launched via TSE Gateway Server.
To enable the integration of TS Gateway with Propalms TSE, the TSE Gateway Server
will have to be configured in Propalms TSE Console> Options> TS Gateway.
Launch in Existing Connections
This indicates preference to launch new applications in existing connections. Since each terminal
connection has a certain amount of overhead associated with it, enabling this feature reduces the
amount of resources consumed on the server. It also significantly reduces the application launch
time due to the elimination of a second logon.
Reconnect
This allows users to launch new sessions in the same application’s disconnected sessions.
Enable Single Port Relay
This enables you to turn off or to turn on the use of a Single Port Relay server for communication.
Enable DMZ Single Port Relay
This enables you to turn off or to turn on the use of a DMZ Single Port Relay server for
communication.

NOTE
Note: Only one of Enable Single Port Relay or Enable DMZ Single Port Relay settings can
be turned on.

Logoff Disconnected Connections

This time determines the amount of time a session is allowed to stay in disconnected mode before
being logged off.
Logoff Idle Connections
This time determines the amount of time a session is allowed to stay idle (no keyboard or mouse
movements) before being logged off.
Install Printers Asynchronously
This setting allows you to make setting that client printers will be installed asynchronously on
server. It makes the application launch fast.
When a user launch a session then the client printers get installed on server(if printer sharing is
ON) and it may take some time. If “Install Printers Asynchronously” is OFF the when all printer get
installed the application get launched and if it is ON then application is launched independently
and printer get installed asynchronously.
TSE File Saving and Printing Encryption
This setting dictates whether IFS/printing data will be encrypted or not. This field can have values:
ON, OFF or UNSPECIFIED. By default, it’s OFF.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 246

Using the Console
Management Console Manage tab

Enable Proxy Server for RDP Traffic

This new setting, when enabled, allows the RDP traffic generating from the Client Workstation to
Bypass the Local Proxy Server.
Printer Naming Scheme ( for Propalms TSE Printing only)
In Propalms TSE v7.0 administrators have an option to choose out of 3 different Printer Naming
Schemes in the Propalms TSE Connection Settings.
The default naming scheme is the Default TSE Scheme (Printer Name_IFS Token) naming
scheme.In this the redirected printer displays the Printer Name along with the IFS Token number
which is a number generated as per the session number. For example; (HP LaserJet 3380 PCL
6_1). The second is the Use Hostname (Printer Name_Client Machine Name) naming scheme. In
this the redirected printer displays the Printer Name along with the Machine Name or the
Hostname of the Client workstation. For example; (HP LaserJet 3380 PCL 6_USMANVISTA02).
And the last is the Use Username (Printer Name_Username) naming scheme. In this the
redirected printer displays the Printer Name along with the Username under which the launched
session is running. For example; (HP LaserJet 3380 PCL 6_USMANS).
Note that this feature is only available if you are using the Propalms TSE mode of Printing in the
Connection Settings. For Native mode of Printing this feature will not work.
Monitor Spanning
Propalms TSE v7.0 has multi-monitor capabilities, and allows its users to launch session on
multiple monitors. Switching this setting to on would disable multi-monitor support.
Session Recording
Propalms TSE v7.0 now provides the feature of recording user sessions. Administrators can use
this feature for auditing or troubleshooting purposes. This feature is Application Server specific; so
depending on the Propalms TSE environment, the administrator has to enable/ disable this
feature.
Virtual IP
This enables the assigning of an IP address to a session at runtime. It is used for one client one
request for a particular application.

Return Internal or External IP to connect

Force client to connect on Internal or External IP address of App server through Connection
settings.
Hide App server IP address during App launch
This feature shows Application name in connection box instead of IP address of connecting
server.

Removal of User Lockdown when is removed for TSE APP server

Clean-up of User profile lockdown after has been disabled for the App server. The clean-up can
be enabled /disabled from Connection settings.
Propalms TSE Printer Settings
Windows 2003
This enables you to turn on or to turn off printer sharing, which permits an instance of Propalms
Terminal Services Edition that is running on a Windows 2003 server, to print to a user’s local or
network printer.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 247

Using the Console
Management Console Manage tab

Windows 2008 / 2008 R2 / 2012

This enables you to turn on or to turn off printer sharing, which permits an instance of Propalms
Terminal Services Edition that is running on a Windows 2008 / 2008 R2 / 2012 server, to print to a
user’s local or network printer.

NOTE
For Windows 2003 servers, client drive sharing and printer sharing work on CE clients
when you select Native as the option in connection settings, otherwise they are off.

UniDriver (for Propalms Terminal Services Edition printing only)

We recommend that you set this feature to “If vendor driver not available” except in certain special
circumstances. Refer to the "Propalms Terminal Services Edition printing" for a complete
explanation of this feature.

NOTE
Printing data is always transmitted in encrypted form.

Limiting Bandwidth
This setting enables administrator to choose the bandwidth limit for printer data.
Compression
This connection setting dictates whether printer data will be compressed or not. This field can have
values: ON, OFF or UNSPECIFIED. By default, it’s OFF.
Allow printer properties to be remoted
This setting determines whether the per-user DEVMODE properties of printer should be remoted
in the TSE session. On client printers user can set properties like paper size, orientation, copy
count etc. When client printers are redirected, user may want to retain these properties as it is in
redirected printers.
The properties remoted are :
- orientation,
- paper size,
- paper length,
- paper width,
- factor by which the printed output is to be scaled,
- number of copies to be printed,
- paper source,
- print quality(printer x-resolution),
- color (monochrome or true color),
- duplex printing,
- y-resolution of printer,
- TrueType fonts option,
- whether collation should be used when printing multiple copies,

Propalms Terminal Services Edition Administrator Guide--1 March 2013 248

Using the Console
Management Console Manage tab

- name of the form to use,

- number of pixels per logical inch,
- color resolution,
- whether the NUP is done,
- frequency,
- ICM method,
- ICM color matching method,
- type of media being printed on,
- how dithering is to be done.
Select printers to remote to server
This connection setting enables administrator to choose which client-side printers should be
allowed to be redirected in the TSE session. This field can have values: Local printers only,
Network printers only, All (both local and network) printers or UNSPECIFIED. By default, it’s All
Printers.

Propalms HyperPrint
TSE Admin can prevent user access to HyperPrint printer in user session by enabling / disabling
this option in Cinnection setting.

Set HyperPrint as default printer in Session

TSE Admin can force the HyperPrint printer as the default printer for TSE user session.

Save HyperPrint pdf files on Server

Useful for thin client printing, print to file option, or saving a copy of printed document. The pdf files
are saved in Users profile "My Documents\App Data\PdfFiles" folder.

Update setting
The Update Setting action permits you to change individual values of the properties associated
with connection settings.
To update connection settings:
1. From the Manage>Connection Settings page, select a connection setting and click
Update Settings.
2. Change the relevant fields and click Update.
3. If you change the Propalms Terminal Services Edition Drive Sharing property by enabling
or disabling it, you must restart the Propalms Terminal Services Edition Monitor services
manually. To do this, select Start>Settings>Control Panel>Administrative
Tools>Services>Propalms Terminal Services Edition Monitor, and then select
Action>Start.
For a description of the fields that appear on this page, refer to "Add setting".

Remove setting
The Remove Setting action permits you to delete existing connection settings. If you remove the
existing connection settings associated with a user or application, Propalms Terminal Services

Propalms Terminal Services Edition Administrator Guide--1 March 2013 249

Using the Console
Management Console Manage tab

Edition changes the connection settings back to the Propalms Terminal Services Edition default
settings. You can delete more than one connection settings at a time.
To remove connection settings:
1. From the Manage>Connection Settings page, select the Connection Setting you want to
remove and click Remove Settings.
2. The Remove Settings page displays the settings you choose. Click Remove to remove
the displayed settings.

NOTE
You cannot remove the default connection settings. To remove a connection setting that
has been set as default, you must first set another connection setting as default.

Select default
The Set as Default action permits you to choose the default connection settings.
To set the default connection settings:
1. From the Manage>Connection Settings page, select a connection setting and click Set
As Default.
2. The Set As Default page displays the connection setting you choose. Click Update.

Manage Admin Roles

Administrative Roles define the scope of Propalms Terminal Services Edition functions and the
scope of active directory domains, OUs, or groups that are within the purview of members of the
named Admin Role.
In all instances, you can add, update, or remove Admin Roles. In many instances, you can add,
update, or remove properties for many or for all of the instances of an admin role. You can also
change delegation to alter the group or users who are delegated an admin role. You can also
change the groups and OUs the members can control.
This section provides step-by-step procedures to do the following:
"Add role"
"Remove role"
"Update role"
"Update delegated admin group"
"Add delegated admin users"
"Remove delegated admin users"
"Add groups to be controlled"
"Remove groups to be controlled"
"Add OUs to be controlled"
"Remove OUs to be controlled"

Propalms Terminal Services Edition Administrator Guide--1 March 2013 250

Using the Console
Management Console Manage tab

Add role
To add an Admin Role:
1. On the Manage>Admin Role page, click Add Role.
2. The Add Role page opens. While adding an Admin Role you need to:
• "Add role information"
• "Add delegated admin group"
• "Add delegated admin users"
• "Add groups to be controlled"
• "Add OUs to be controlled"
The sections that follow explain each of these in detail. Select/Enter the relevant information on
each page.
Add role information
The Add Admin Role page permits you to add individual values of the properties associated with
an Admin Role.
Select/Enter the relevant information.
Role Information
These are the role information properties.
Name
This name identifies this Admin Role. Try to make this name descriptive of its responsibilities.
Description
This free-form field permits you to describe information such as the responsibilities or
organizational duties of members of this role.
Tasks to Delegate
These are the tasks that you can delegate to an Admin Role.
Monitor Sessions and Servers
Select this check box to assign the monitoring task to the Admin Role.
Provision applications
Select this check box to assign the application-provisioning task to the Admin Role.
Click Next to proceed to the Add Delegated Admin Group page.
Add delegated admin group
The Add Delegated Admin Group page displays the names of all the groups that exist in
Propalms Terminal Services Edition system and the names of the domains to which these groups
belong. You can delegate an Admin Role to only one group. However, you can delegate an Admin
Role to many users.
To add a delegated group, select the group and click Next. To add a user instead of a group, click
Next to proceed to the Add Delegated Admin User page.
Add delegated admin users
The Add Delegated Admin Users page displays the logon name, domain name, and other details
of the users that exist in Propalms Terminal Services Edition system. To add users, select the
users and click Next to proceed to the Add Groups to be Controlled page.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 251

Using the Console
Management Console Manage tab

Add groups to be controlled

This page displays the names of all the groups that exist in Propalms Terminal Services Edition
system and the names of the domains to which these groups belong. Select the groups you want
the members of this Admin Role to control and click Next to proceed to the Add OUs to be
Controlled page.
Add OUs to be controlled
This page displays the names of all the OUs that exist in Propalms Terminal Services Edition
system and the names of the domains to which these groups belong.

NOTE
The Add OUs To be Controlled page is skipped if no OUs exist in the Propalms Terminal
Services Edition system.

Select the OUs you want the members of this Admin Role to control and click Next to proceed to
the Add Admin Role page.
The Add Admin Role page displays the choices you have made in the Add Admin Role sequence.
Review the information and click Add to add the Admin Role to the system.

Remove role
The Remove Role action allows you to remove existing Admin Roles from the Propalms Terminal
Services Edition system.
To remove Admin Roles:
1. From the Manage>Admin Roles page, select the roles you want to remove and click Next.
2. The Remove Role page lists the roles you choose. Review the information and click
Remove.

Update role
The Update Role action allows you to change role information and the tasks assigned to a role.
To update an Admin Role:
1. From the Manage>Admin Roles page, select the role you want to update and click Next.
2. Change the relevant fields and click Update. For more information on the fields on this
page, refer to "Add role information".

Update delegated admin group

The Update Group action allows you to delegate an Admin Role to a different group. The page
lists all the groups in the Propalms Terminal Services Edition system and the group that is a
member is selected by default.
To update delegated admin group:
1. From the Manage>Admin Roles page, select an admin role and click Update Group.
2. From the Update Delegated Admin Group page, choose a group and click Change.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 252

Using the Console
Management Console Manage tab

NOTE
To remove a group without delegating the admin role to any other group, choose No
Member Group in Step 2.

Add delegated admin users

The Add Users action allows you to make existing Propalms Terminal Services Edition users,
members of an Admin role.
To add delegated admin users:
1. From the Manage>Admin Roles page, select an admin role and click Add Users.
2. From the Add Delegated Admin Users page, select the users and click Add.

Remove delegated admin users

The Remove Users action allows you to take away control from delegated admin users.
To remove delegated admin users:
1. From the Manage>Admin Roles page, select an admin role and click Remove Users.
2. From the Remove Delegated Admin Users page, choose the users and click Remove.

Add groups to be controlled

The Add Groups action allows you to add groups that will be controlled by the members of an
Admin Role.
To add groups to be managed by an Admin Role:
1. From the Manage>Admin Roles page, select an admin role and click Add Groups.
2. From the Add Groups to be Controlled page, select the groups and click Add.

Remove groups to be controlled

The Remove Groups action allows you to remove the groups that are managed by an Admin
Role.
To remove groups to be managed by an Admin Role:
1. From the Manage>Admin Roles page, select an admin role and click Remove Groups.
2. From the Remove Groups to be Controlled page, select the groups and click Remove.

Add OUs to be controlled

The Add OUs action allows you to add OUs that will be managed by the members of an Admin
Role.
To add OUs to be managed by an Admin Role:
1. From the Manage>Admin Roles page, select an admin role and click Add OUs.
2. From the Add OUs to be Controlled page, select the OUs and click Add.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 253

Using the Console
Management Console Manage tab

Remove OUs to be controlled

The Remove OUs action allows you to remove the OUs that are managed by an Admin Role.
To remove OUs to be managed by an Admin Role:
1. From the Manage>Admin Roles page, select an admin role and click Remove OUs.
2. From the Remove OUs to be Controlled page, select the OUs and click Remove.

Manage Tasks

Automated Administrator Tasks

This feature adds simple, but common and important tasks like Reboot Server, Synchronize
Backup database and Synchronize Database with domain to servers in the Propalms Terminal
Services Edition team. These tasks can be scheduled to run at a specified time and on the
specified server(s).
Propalms Terminal Services Edition ships with two System Defined Tasks:
1. Synchronize Backup Database Task - This task will synchronize the backup database
with the primary database. This task is scheduled to run daily at 4 AM.
2. Synchronize Domain Task – This task will synchronize domain objects like users, groups,
OU and their memberships in the Propalms Terminal Services Edition database with actual
domain objects. This will run daily at 3 AM.

NOTE
System defined tasks cannot be removed. You cannot add or remove servers to System
Defined tasks. You can only change the schedule of these tasks.

Use Manage->Tasks tab to add, update or remove tasks.

This section provides step-by-step procedures to do the following:
• "Add Task"
• "Remove Task"
• "Update Task"
• "Update Schedule"
• "Add Servers"
• "Remove Servers"

Add Task
To add a new task:
1. On the Manage>Tasks page, click Add Task.
2. The Add Task page opens. While adding an Admin Role you need to define the “Task
Information”.
Task Information
These are the Task information properties.
Name

Propalms Terminal Services Edition Administrator Guide--1 March 2013 254

Using the Console
Management Console Manage tab

This name identifies this task. Try to make this name descriptive of its responsibilities.
Description
This free-form field permits you to describe information about the new Task.
Task Settings
These are the Task settings:
Write Task status to application event log:- If this check box is selected, then whenever the task
runs on a server it will make an event log entry specifying information if the task ran successfully or
not.
Enabled:- If this check box is unchecked then the Task will not run on assigned servers.
Task Actions
These are the action settings for the Task:
Action to be performed:- Currently only one action is supported for a Task, which is Reboot
Servers.
Run Only if No Active Session:- If this check box is checked then the Task will run on assigned
Propalms Terminal Services Edition TSE application servers only if there are no active sessions
running on that server.
Time To Give Active Session To Logoff:- If “Run Only If No Active Session” is not selected
then before the rebooting of the application server starts, the Task will automatically logoff active
sessions on that server. To specify the time interval to log off active sessions use this setting.
Select one of the intervals from the drop down box.
Click Next to proceed to the Select Servers page.
Select Servers
The Select Servers page allows you to select the Servers on which this Task will run. Select the
Servers and click Next to proceed to the Set Schedule page.
Set Schedule
This page will allow you to schedule this new Task.
Run This Task:- You can choose the Task to run daily or weekly depending on your needs. If you
choose the Task to run weekly then the day selection page will appear only after you click Next.
Start Time (hh:mm):- Specify the start time (hh:mm) to run the Task on the servers. Click Next to
go to day of week selection page if you have chosen to run the Task weekly, else Next will take you
to the confirmation page.
Day of Week:- This page will allow you to select the day(s) of the week on which you want to run
the Task. Click Next to go to the confirmation page, verify all the details about the new Task and
then click Add to add the Task.

Remove Task
The Remove Task action allows you to remove an existing Task from the Propalms Terminal
Services Edition TSE system.
To remove a Task:
From the Manage>Tasks page, select the Tasks you want to remove and click Next.
The Remove Task page lists the roles you choose. Review the information and click Remove.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 255

Using the Console
Management Console Manage tab

NOTE
You cannot remove system defined Tasks (see above) from the system.

Update Schedule
The Update Schedule action allows you to change the Task Schedule.
To update the Task Schedule:
From the Manage>Tasks page, select the Task for which you want to update the schedule and
click Next.
On Update Schedule page change the current schedule to the new schedule to run the Task and
click Next.
Review the task schedule information and then click Update.
For more information on the fields on this page, refer to "Set Schedule".

Add Servers
You can add servers from the Propalms Terminal Services Edition team for existing Tasks to run.
To add servers to the Task:

NOTE
You can add multiple tasks to multiple servers at one time by selecting multiple tasks to
add and selecting multiple servers to receive.

Remove Servers
To stop Tasks from running on servers:
1. From the Manage>Tasks page, select a Task, and then click Remove Servers.
2. Select the servers and click Remove.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 256

Using the Console
Management Console Manage tab

Manage Network Printers

Overview
In TSE v7.0, TSE admin can create a list of Network printers that are available on the network
where TSE is installed and assign these network printers to AD groups, OUs and client groups in
TSE.
This eliminates the headache for admins to create custom login scripts that map network print
queues to a user’s terminal server profile at logon.
Network printers can be assigned based on AD Group and OU membership and also client groups
based on IP address, hostname and other criteria’s. Wherever possible, it is t recommended to
have all printing done through Network printers mapped directly to users TSE App session running
on TSE App server. It eliminates re-direction of client side printers on server, saving server
resources, print driver management efforts and network bandwidth as all print jobs go directly to
the network print queue instead of TSE client machine.
In TSE Console – Manage, a new option Network Printers is available.
From here network printers can be added, removed and assigned to Groups,OUs and Client
Groups that already exist in TSE.

Add Network Printers

Select the desired printers to be Added and click ADD.

NOTE
In Add network printers, only printers that are shared on the network and have the
necessary permissions to access it our discoverable by the TSE Add Network printer’s
page. Once Added, use the Add Group, OU, Client group action item to assign these
printers to specific Groups,OUs and Client groups. If the end user launching TSE
Apps, belongs to more than one AD Group or OU, network printers from all Group/OU
membership for the user will be created in TSE session.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 257

Using the Console
Management Console Monitor tab

Remove Network Printers

Select the desired printers to be Removed and click Next.

NOTE
Network Printers can be Removed assing to Client Group or Group/ OU.Once
Network Printer is removed, they won't be created in respective Group,OU or Client
Group

Management Console Monitor tab

This Monitor tab has a some objects and the overview page, which the section considers.

Overview page
You view this page when you click the Monitor tab. This page identifies the types of objects that
you can monitor and it provides links to the following pages that monitor each object type.
"Connections"
"Load Balancer"
"Database Connections"
"Relay Server"
"Job Status"

Connections
You access this page to monitor the active RDP connections. From this page, you can trigger four
actions.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 258

Using the Console
Management Console Monitor tab

Disconnect
When you disconnect a connection, the session persists on a server in an active state even though
it is no longer active on a client. A user can reconnect to a disconnected session, continue with the
session, and the session will appear as if there were no interruptions.

NOTE
A disconnected session continues to use server resources including one Propalms
Terminal Services Edition license.

For more information, see "Session disconnect and reconnect".

Logoff
When you log off from a session, the session terminates on both the server and the client. This
type of session termination is immediate, so any work in progress that has not been saved is lost.
You may want to attempt to use the send message function to encourage users to log off before
you perform a forced logoff.
Shadow
When you shadow a session, you can view a user's session and share control of the session with
the user. You can do this from a remote location. You do this by watching an image of the session
from your Web-based Management Console. Session shadowing is a useful troubleshooting tool.
Send message
Use this to send a message to active users.
View session details
Use this to view the effective connection settings for any specific connection. For any connection
the connection setting depends on many factors. This page enumerates values for connection
setting fields applied to that connection.

Load Balancer
You access this page to view the status of servers that are members of the Propalms Terminal
Services Edition team.
The Load Balancer page displays the following information.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 259

Using the Console
Management Console Monitor tab

NOTE
You can change the Load Balancer settings from the Options>Load Balancer page.

Master Load Balancer Server

Shows the Current active Master Load-Balancer in TSE team.
Master Load Balancing Scheme
Shows the TSE Load-Balancing scheme in use.
Application Server
This is the server name.
Running Status
This indicates whether the Application Server is operating. A True value indicates that the
Application Server is running.
Server Ranking
This reflects the availability of an Application Server to accept new session loads from the Load
Balancer. The ranking value relates to the amount of CPU and memory available, the ranking
values are natural numbers, and the Load Balancer prefers to place new sessions on those
servers that have the best server ratings, where a server with server ranking of 1 is considered the
best. Two or more servers can have the same rating. If all the criteria for ranking servers are
cleared from the Options>Load Balancer>Update Options page, the Server Ranking of each
server becomes 1.
Load Balancer Server
This is the Master Load Balancer.
Available Memory in MB
This shows the difference between the total memory and the memory in use by active processes.
Total Memory in MB
This field shows the total memory on the server.

Available Memory in Percentage (%)

This field shows the total available memory on server in percentage (%).
Available CPU Cycles in MHz
This shows the difference between the total CPU cycles and the cycles in use by active processes.
Total CPU Cycles in MHz
This shows the total CPU cycles available on the server.

Total CPU in Percentage (%)

This field shows the total available CPU on server in percentage (%).
Server Version
This shows the Operating System.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 260

Using the Console
Management Console Monitor tab

Number of processors
This shows the number of processors used by the Application Server.
Free Page Table Entries (PTEs)
This shows the availability of the memory page table entries (PTEs). PTEs identify pages of
memory called pageframes and the number of PTEs in a system is typically a fixed number. An
average PTE count would be in the range of 150,000, so if you see a count that is near 1,000 or
near 1,000,000, then you are viewing counts that are out of the expected range.
Page Swaps per Second
This shows the number of memory pages that swap in and out of virtual memory to physical
memory. In general, it is positive to swap fewer pages out of the pagefile.
Context Switches per Second
This measures the number of context switches that occur when the kernel or core of the operating
system, switches the processor from one thread to another. It is better to have fewer context
switches. IIS 5.0 and above sets the default value for switches per processor and the number of
switches can scale proportionately to the number of processors; so, if the ratio of context switches
between a single and dual processor were 1:2, this is an acceptable ratio. This does not rule out
the possibility of both values being too high.
Processor Queue Length
This measures the length of a processor queue in units of threads, and it helps you identify any
bottlenecks. In general, faster CPUs can handle longer queue lengths than slower CPUs.
VD Servers
All servers with a Virtual Desktop (VD) role that are online and registered with the master load
balancer are displayed on this page This page displays the current load on each of these VD
servers.

Database Connections
You access this page to view the status of the database connections with all the servers in the
Propalms Terminal Services Edition team.

NOTE
You can change your database server settings from the Options>Database Server page.

The Database Connections page displays the following information.

Server Name
This shows the name of the servers in the Propalms Terminal Services Edition team.
Primary Database Status
This reflects success or failure for a server in connecting to the Primary Database Server. If there
is failure in connecting to the Primary Database Server, you can promote the Secondary Database
Server from the Options>Database Server>Promote Backup DB page.
Secondary Database Status
This reflects success or failure for a server in connecting to the Secondary Database Server. The
page displays this field only if a Secondary Database Server exists in the Propalms Terminal
Services Edition system.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 261

Using the Console
Management Console Monitor tab

Relay Server
You access this page to view the load on the Relay Servers in the Propalms Terminal Services
Edition team. This is an optional role, so you may see no information if you have no Relay Server.

NOTE
You can change your Relay Server settings from the Options>Relay Server page.

You can view the current load in the following ways

• "View By Server"
• "View By Client"
View By Server
This is the default view. This displays the following information:
Relay Server
This displays the name of the Relay Server.
Number of Connections
This reflects the number of connections made through this port.
Relay Speed (BPS)
This reflects total throughput from all the clients to the Application Servers through the Relay
Server. The throughput speed has an inverse relation to the Number Of Connections value. The
value appears as bytes per second (BPS).
Available Memory (MB)
This shows the difference between the total memory and the memory in use by active processes.
When the Available Memory becomes low on a continuous basis, you may want to consider
adding another Relay Server role to one of the servers on your Propalms Terminal Services Edition
team.
Available CPU Cycles (MHz)
This shows the difference between the total CPU capacity and the capacity in use by active
processes.
Number Of Web Server Connections
This reflects the number of HTTP connections made through relay server port.
Number Of Application Server Connections
This reflects the number of RDP and IFS connections made through relay server port.
View By Client
This is the alternate view and it displays the following information:
Client Name
This shows the NetBIOS name of the client computer.
Client IP Address
This shows the IP address of the client computer.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 262

Using the Console
Management Console Monitor tab

Source Address
This shows the NAT IP address. If there is no NAT, this displays the client IP address.
Relay Server
This shows the name of the Relay Server.
Connection Speed
This reflects throughput from each client to the Application Server. The throughput speed has an
inverse relation to the Number Of Connections value. The value appears as bytes per second
(BPS).

DMZ Relay Server

You access this page to view the load on the DMZ Relay Servers in the Propalms Terminal
Services Edition team. This is an optional role, so you may see no information if you have no DMZ
Relay Server.
You access this page to view the load on the DMZ Relay Servers in the Propalms Terminal
Services Edition team. This is an optional role, so you may see no information if you have no DMZ
Relay Server.

NOTE
You can change your DMZ Relay Server settings from the Options>DMZ Relay Server
page.

You can view the current load in the following ways

• "View By Server"
• "View By Client"
View By Server
This is the default view. This displays the following information:
DMZ Relay Server
This displays the name of the DMZ Relay Server.
Number of Connections
This reflects the number of connections made through this port.
Relay Speed (BPS)
This reflects total throughput from all the clients to the Application Servers through the DMZ Relay
Server. The throughput speed has an inverse relation to the Number Of Connections value. The
value appears as bytes per second (BPS).
Available Memory (MB)
This shows the difference between the total memory and the memory in use by active processes.
When the Available Memory becomes low on a continuous basis, you may want to consider
adding another DMZ Relay Server role to one of the servers on your Propalms Terminal Services
Edition team.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 263

Using the Console
Management Console Reports tab

Available CPU Cycles (MHz)

This shows the difference between the total CPU capacity and the capacity in use by active
processes.
Number Of Web Server Connections
This reflects the number of HTTP connections made through DMZ Relay server port.
Number Of Application Server Connections
This reflects the number of RDP and IFS connections made through DMZ Relay server port.
View By Client
This is the alternate view and it displays the following information:
Client Name
This shows the NetBIOS name of the client computer.
Client IP Address
This shows the IP address of the client computer.
Source Address
This shows the NAT IP address. If there is no NAT, this displays the client IP address.
Relay Server
This shows the name of the DMZ Relay Server.
Connection Speed
This reflects throughput from each client to the Application Server. The throughput speed has an
inverse relation to the Number Of Connections value. The value appears as bytes per second
(BPS).

Job Status
The Jobs page shows the status of jobs submitted. For each Job, the page displays the job ID, the
object and the corresponding action, the time when the job was submitted, and the status of the
job. You can click a Job ID to view the details of the job.

Management Console Reports tab

This Reports tab shows several objects on the overview page. You access this page to view the
status of these objects in Propalms Terminal Services Edition. To access reports on any one of
these objects, use the hyperlink.
Most of the reports that you will review have similar operational attributes. For example, a time
parameter defines the search period for your query, and to define the search period, you use the
Completed drop-down list box to select pre-defined time intervals to view. While most of the time
intervals concern past sessions, you have one option to query Still Active sessions.

NOTE
When you try to download a large-sized report, the download may time-out and an error
may be displayed.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 264

Using the Console
Management Console Reports tab

On many of these reports, you have an option to filter the reports based on predefined periods.
Examples of these options follow:
• Still active: Use this to retrieve information on sessions that are running. This is the only
classification that shows active sessions. All other options show completed sessions.
• Last xx hour: Use this to retrieve information on sessions that completed during that interval.
For example, use the Last 12 Hours option to see those sessions that completed during the
last 12 hours.
• Last xx days: Use this to retrieve information on sessions that completed during the last
specified number of days.
• Last week: Use this to retrieve information on sessions that completed during the week. By
default, the week is defined as Sunday through Saturday. Alternatively, you can reset this
value using the SQL Server Week option.
• Last quarter: Use this to retrieve information on sessions that completed during the last
quarter. By default, the quarter is defined by standard calendar quarters such as January
through March, April through June, July through September, and October through
December.

Overview page
You view this page when you click the Reports tab and this summary page provides links to the
various report pages.
"Sessions report"
"Applications report"
"Users report"
"Clients report"
"Servers report"
"Audit Log report"
"Product Key report"

Sessions report
This report shows current sessions and past sessions.
All sessions
You can summarize session data by object property (server name, server address, client address,
application name, logon name, time started or stopped, application exit status and recording
status). An administrator can create and use these views to see data and to reveal information to
answer object-specific questions. You can download the Propalms Terminal Services Edition data
to one of many management information systems where you can perform customized data
analysis.
Duration
From this page, you can analyze the duration of sessions. You can answer many interesting
questions by sorting, filtering, and selecting on the presented properties.
To use this page, you must first complete the boxes on the top of the page to indicate a Minimum
(session) Duration, a Maximum (session) Duration, and the time interval to search (for example,
during the last week).

Propalms Terminal Services Edition Administrator Guide--1 March 2013 265

Using the Console
Management Console Reports tab

To identify applications that are not being used, set the Minimum Duration and the Maximum
Duration value to zero, set the time interval to an appropriate period (such as last 24 hours or last
90 days), and click Find.
To determine which applications are used most during a single session, set the Minimum Duration
variable to an arbitrarily high value and set the Maximum Duration to another arbitrary but higher
value, insert the time interval to search, and click Find. Next, you can sort the table data to
aggregate information by entity; for example, you can sort this data by client computer to see how
frequently one specific client used a Propalms Terminal Services Edition sessions of this duration.
Such information might reveal that the longest sessions used over the last 24 hours were X
number of minutes each, and it might further indicate that Jane Z and Sumita Y are the only users
who regularly use sessions of this duration.
Recorded Sessions Playback
This feature works per application server and per Connection setting. Once you record any
session of a client then you can see that recorded video of that client. To watch the recorded video
go to Reports>Sessions page. On this page you can click the “Play” link for all those sessions
that have been recorded other wise you will see “Not Recoded” as plain text (without hyperlink).
An Administrator can change the recording files directory and file size. For selecting it go to
Manage>Servers and select the respective application severs whose path you want to update. If
you click on the play link to see video it opens another session on server and plays in any
associated player on that application server.

Printer Drivers
Failed Drivers
This shows a list of failed drivers for the Propalms Terminal Services Edition TSE team.
Server Name
This shows the name of the application server on which the printer driver is installed.
Server Operating System
This shows the name of the operating system installed on the application server.
Driver Name
This shows the name of the failed printer driver.
Installed Drivers
This shows a list of installed drivers for the Propalms Terminal Services Edition TSE team.
Server Name
This shows the name of the application server on which the printer driver is installed.
Server Operating System
This shows the name of the operating system installed on the application server.
Driver Name
This shows the name of the installed printer driver.
Driver Mappings
This shows a list of client printer driver mappings for the Propalms Terminal Services Edition TSE
team.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 266

Using the Console
Management Console Reports tab

Client Driver
This shows the name of the printer driver for which alternative printer driver mapping is given.
Driver for Windows 2003 Server
This shows the name of the alternative printer driver that should be used on Windows 2003 server
for the client driver.

Applications report
This report shows application usage data. You can use the Completed drop-down list box to select
different time intervals to view, and while most of the time intervals concern past sessions,
Propalms Terminal Services Edition offers one option to query Still Active sessions.
Total time
You can analyze the demand for an application using this report by viewing the number of sessions
and the total session time. Because each instance of an application must have a unique name, this
report provides information on instances of an application one-by-one. For example, you may have
three copies of Microsoft Word (called Word1, Word2, and Word3), so you can see each of these
instances individually and assess the discrepancy in the ways they are used. It is important to
know that if you see different use profiles it is probably because different user groups or OUs use
each instance when the same users are using the same applications
Users
You can see how many users use a specific application. This is meaningful when used with the
Total Time report, as you can see a profile where 332 sessions were operated for 10 hours by 1
person, or maybe you would see that 332 sessions were operated for 10 hours by 300 persons.
This can help you determine the application usage profiles of the users, and it can help you
determine ways to distribute applications that will improve system performance.
Client computers
You can see how many client computers use a specific application. This is meaningful when you
use this with the Total Time report, as you can see a profile where 332 sessions were operated for
10 hours by 1 person from 30 different terminals, or maybe you might see a profile where 332
sessions were operated for 10 hours by 300 persons from 1 terminal. This report can help you spot
application usage by specific clients.
Peak Usage
This report shows you, during a set amount of time, how many concurrent sessions of the
application have run. It also tells you how many times that the application hit that peak number.
The Average Daily Session Count actually displays the mean of the daily peak session counts in
the chosen period. This number varies with the size of the period. If you choose a long duration,
such as 90 days, then the rounded average number produced could be very small, but it could still
be mathematically correct.

Users report
This report shows the number of sessions run by each user during the selected period. It also
displays the total time used on Propalms Terminal Services Edition Application servers by all the
sessions running in that specified period for each user. You can use the Completed drop-down list
box to select different time intervals to view, and while most of the time intervals concern past
sessions, you have one option to query Still Active sessions.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 267

Using the Console
Management Console Reports tab

Clients report
This report shows the number of sessions run by each client that connected to Propalms Terminal
Services Edition during the selected period. It also displays the total time used on Propalms
Terminal Services Edition Application servers by all the sessions running in that specified period
for each client. You can use the Completed drop-down list box to select different time intervals to
view, and while most of the time intervals concern past sessions, you have one option to query
Still Active sessions.

Servers report
This report shows the number of sessions each server hosted during the selected period. It also
displays the total time used by all the sessions running on each server. You can use the
Completed drop-down list box to select different time intervals to view, and while most of the time
intervals concern past sessions, you have one option to query Still Active sessions.

Audit Log report

This report displays all the changes/updates made to the Propalms Terminal Services Edition
system.
Overview
The overview page, the one you see when you select Reports>Audit Log permits you to sort
columns to find data patterns and it permits you to do a direct access search where you select a
time interval, the object type, and the instance’s identity. This page displays the audit ID, change
type, object type, object name, parameters, logon name, and the log date for each audit log. The
audit ID is a unique number that identifies an audit transaction.
Change Type
Use this page to see how the Propalms Terminal Services Edition database is changing. During
initial deployment, you might expect to see many Add actions and fewer Update and Delete
actions.
If a change type displays and you want more information, select Reports>Audit Log to display the
Audit Log overview page. From the In list, select Change Type; in the Look for field, type the
appropriate change value; from the Completed list, select a time period and click Find.
Object Type
Use this page to see a list of changed object types. If Propalms Terminal Services Edition displays
a change record for an object that concerns you and you want more information, select
Reports>Audit Log to display the Audit Log overview page. From the In list, select Object Type;
in the Look for field, type the appropriate object type; from the Completed list, select a time
period; and click Find.
Object Name
Use this page to see a list of changed objects. If Propalms Terminal Services Edition displays a
change record for an object that concerns you and you want more information, select
Reports>Audit Log to display the Audit Log overview page. From the In list, select Object Name;
in the Look for field, type the appropriate object name; from the Completed list, select a time
period; and click Find.
Made By
Use this page to see if a specific user has made a change to the database during the selected time
interval. If Propalms Terminal Services Edition displays a change record and you want more

Propalms Terminal Services Edition Administrator Guide--1 March 2013 268

Using the Console
Management Console Options tab

information, select Reports>Audit Log to display the Audit Log overview page. From the In list,
select Made By; in the Look for field, type the appropriate user name; from the Completed list,
select a time period; and click Find.

Product Key report

This report identifies the maximum number of people who use Propalms Terminal Services Edition
concurrently over the time interval you specify. The Peak Reached Count reflects the number of
times the Propalms Terminal Services Edition users reached the Peak Concurrent Usage value.
The Concurrent User Limit reflects the existing Propalms Terminal Services Edition concurrent
user licenses.
Sometimes, on the product keys report, the Daily Peak Usage appears as 0 and the Peak
Reached Count appears as 1. This means that there were no application launches in the specified
period. The minimum number that Propalms Terminal Services Edition displays in the peak
reached count filter is 1.
The setting made by the administrator to purge the Propalms Terminal Services Edition affects the
Peak Concurrent Usage report displayed on the Reports>Product Key page. For example, if the
administrator sets purging for logs older than 30 days, and sets the find filter for the Peak
Concurrent Usage on the Reports>Product Key page to Last 90 Days, the report displays the
result only for last 30 days. This is because all the logs older than 30 days are purged.

Management Console Options tab

Two actions govern all these settings except Database Servers settings, reset options and update
options. Use the reset option to set the object properties back to the software manufacturer’s
default values. These default values reflect a generically optimized value set. This reset capability
is important because it allows you to adjust some parameters without placing you in a position
where you might irrevocably impair your system. Use the update option to customize and tune
your system.

Overview page
You view this page when you click the Options tab. This is a navigation page, with the following
links:
"User options"
"Administrator options"
"Load Balancer options"
"Database Servers options"
"Relay Servers options"
"TS Gateway options"
"System options"
“Lockdown Policies”
“TSE Notifications”

User options
Use this page to customize the user interface with Propalms Terminal Services Edition.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 269

Using the Console
Management Console Options tab

Launch Pad Web Site

Style
This field governs the way the Propalms Terminal Services Edition Application Launch Pad will
appear on a user’s desktop. This simply affects the initial look of the Propalms Terminal Services
Edition Application Launch Pad. Choose an option depending on the required look of the Launch
Pad. For more information about styles, see "Launch Pad".
Show Team Name in Banner
Select this check box to display the Propalms Terminal Services Edition Team name in the banner
on the Propalms Terminal Services Edition Application Launch Pad. You can change the team
name. To do this, select Options>System>Update Options and type the new name in the Name
field in Propalms Terminal Services Edition Team.
Support URL
Enter the Propalms support URL in this field. The Support link on the Launch Pad links to this
URL. Users use this URL to obtain technical support.
Session Timeout
This property is for the Propalms Terminal Services Edition Application Launch Pad and it is used
to automatically time out a browser session that has been without keyboard or mouse input from
the user for the time specified. The default value is 24 hours. In Internet Explorer 5.5 and higher,
after a session times-out, the browser window, the Help window, and the support window (if those
are open), close automatically. For other browsers, the user receives a prompt to continue.
SSL Available
Select this check box if you have an SSL certificate. When you set the URL for the Propalms
Terminal Services Edition Propalms Terminal Services Edition Application Launch Pad, you can
use either an HTTP or an HTTPS address, but the latter works only when you have an SSL
certificate. If you have an SSL certificate and you provide a URL of HTTP, Propalms Terminal
Services Edition will still use the HTTPS protocol to process passwords. If SSL Available is not
selected, Propalms Terminal Services Edition assumes your site has no security certificate. If you
choose HTTPS, Propalms Terminal Services Edition processes everything using HTTPS.
Show "Use Native Client" button on Launch Pad
Select this checkbox to display the "Use Native Client" button on the TSE launchpad page.
Show "Use Java Client" button on Launch Pad
Select this checkbox to display the "Use Java Client" button on the TSE launchpad page.
Allow MSI download from the Launch Pad
This setting decides whether users can download MSI of Client Manager from launchpad.
Features
Favorites Page
Use this to permit users to use, or to prohibit users from using the Favorites feature of the
Propalms Terminal Services Edition Application Launch Pad. The Favorites feature permits users
to aggregate applications that they use frequently in one special area, which is separate from the
area where they store a list of all applications available to them.
Connections Page
Use this to permit Launch Pad users to view the connection page. From the connection page, a
user can disconnect or logoff from or reconnect to a session.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 270

Using the Console
Management Console Options tab

Shortcuts
Use this to permit users to use, or to prohibit users from using shortcuts on their desktop.
File Associations
Use this to permit users to use, or to prohibit users from using file associations for their files.
Connections Settings
Use this to permit the users to change Connection Settings through the Launch Pad Web site,
Options page.
Allow Change Password
This setting decides whether users can change their password from launchpad.

Disallow simultaneous logon from multiple clients with same user name
With this setting, TSE admin can restrict a user from launching apps simultaneously from multiple
clients . This will prevent users from opening sessions on multiple clients without closing the initial
session. It will also help in preventing sharing of user names for accessing TSE apps from multiple
client machines.
This setting is a Global setting and once enabled , applies to all TSE users and Client machines.

Re-sort Client into Client Group on each connect

Select this check box to turn Dynamic Sorting ON. When you select this check box, every time the
user connects to the Propalms Terminal Services Edition system, the user is sorted into a Client
Group based on the filters on the current Client Groups.

Control user access to TSE App list from PCM system tray icon
In 7.0 users app list is also accessible by clicking the PCM system tray icon.TSE admin can
disable this from Console-Options-User page. By default it is enabled.
Control user access to TSE App list from PCM system tray icon
In 7.0 users app list is also accessible by clicking the PCM system tray icon.TSE admin can
disable this from Console-Options-User page. By default it is enabled.
Control user’s ability to configure, ‘Save HyperPrint PDF’ files on clients.
In TSE 7.0 Propalms client, a user can enable the option to save HyperPrint Pdf files on the client
machine. By default this option is disabled through TSE Console. TSE admin can enable this, to
allow users to save HyperPrint pdf files, on client machines.
Auto Refresh Client
The Auto Refresh client setting in TSE client will work only if TSE Admin enables this setting in
TSE Console – User settings. If set to disable (default), client side Auto refresh setting will have
no effect.
AD Single Sign On
TSE Admin can enable or disable the client side AD Single Sign On feature by this setting.
Client Upgrade
Force Client Upgrade
If “Force Client Upgrade” is checked, all Propalms Client below the listed version will be forced to
download and upgrade the Propalms Client software. If not they will only see an “Upgrade Client”
option in their PCM system tray right-click menu and PCM system tray icon will change its color to

Propalms Terminal Services Edition Administrator Guide--1 March 2013 271

Using the Console
Management Console Options tab

pale green from its usual Blue color.

Available Client Version to upgrade
TSE admin can set the latest version of client that are available for upgrade.
Note: TSE Admin will have to manually replace the latest Propalms Client install files(msi & exe)
on the Propalms Web server \Depot directory with the latest Client install files, keeping the file
name same as the original one.
Client Upgrade Notification
This will hide client upgrade notifications to end user when a newer client is available for
download. This setting can be used when TSE Admin does not want end user to be notified of a
client upgrade available.
Log on
Allow save password on Client Computers
Select this check box to permit users to use the password save function. If you do not select this
check box, then the users will not see the Automatically Log On From This Computer check
box on the Propalms Terminal Services Edition Application Launch Pad Log On page and on the
authentication dialog box.
Allow Launchpad password to be automatically passed on to the Linux TSE Client
As the name suggests checking this option allows the password to be automatically passed on to
the Linux TSE Client, so that whenever the RDP Session is established the user need not type the
password again. Automatically passing on the password is in most cases certainly convenient for
users, but highly Security Conscious System Administrators may decide not to allow such a thing
by not checking this checkbox.
Reconnect on Launch
Reconnect on launch
Use this to permit users to reconnect to a disconnected session during an application’s launch.
The disconnect function leaves the session running on the Application Server and terminates it on
the client’s computer. This behavior permits a user to stop working on a session for a while. If you
choose the Always option, then the user will be automatically reconnected to the disconnected
session, the next time the user launches that application.
Allow user to change this option
Select this check box to give the user the control to set the reconnect on launch preference.

Administrator options
Use this page to customize the Propalms Terminal Services Edition administrator interface with
Propalms Terminal Services Edition.
Console Web Site
Session Timeout
Use this to automatically time-out a console session that has been without data or mouse input
from the console for the time specified. Valid values appear in the drop-down list box. The default
value is 24 hours. After a session times out, the browser window and help and support windows (if
those are open), will close automatically in IE 5.5 and above.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 272

Using the Console
Management Console Options tab

For other browsers, the administrator receives a prompt to continue. Propalms Terminal Services
Edition uses this security feature to shut down a terminal session when it appears that no one is
using this session.
Page Row Count
Use this to designate the maximum number of data rows that appear on the Management
Console. Valid values appear in the drop-down menu. The default value is 20 rows.
Page Refresh (in seconds)
Use this to specify the interval between updates to real-time data. This feature permits you to view
changes to data, automatically, as the changes occur without clicking some sort of update/refresh
button. The default value is 30 seconds.
SSL Available
Select this check box if you have an SSL certificate. When you set the URL for the Application
Management Console, you can use either an HTTP or an HTTPS address, but the latter works
only when you have an SSL certificate. If you have an SSL certificate and you provide a URL of
HTTP, Propalms Terminal Services Edition will still use the HTTPS protocol to process the user’s
password processing. If SSL Available is not selected, Propalms Terminal Services Edition
assumes that your site has no security certificate. If you choose HTTPS, Propalms Terminal
Services Edition performs all processing using HTTPS protocol.

TSE Admin can set the Console Home Page

TSE admin can set the home page for the Console site on Logon. Can be set to Dashboard,
Summary, Server, Connection or LoadBalancer page.
Propalms Terminal Services Edition Administrator Group
Propalms Terminal Services Edition Administrator Group
This specifies the group of users that are Propalms Terminal Services Edition Administrators. This
could be any regular domain group. Only the users of this group can log on to the Management
Console.
Domain
This identifies the domain in which the administrator group resides.
Domain Type
This identifies a domain as either Active Directory or NT Domain. This value is automatically
displayed by Propalms Terminal Services Edition system based on the name of the Domain of the
administrator group.
Date and Time Settings
Propalms TSE v7.0 has an option to set the Date Format for its Reports as per USA, British and
European Date Formats.
To set the required Date Format, go to Propalms TSE Console> Options> Administrator and
click on Update Options.
In the Date and Time Settings section, go to the Date Format option and from the drop down
menu select one of the three options (i.e. USA, British and European) Date Format

Load Balancer options

Use this page to:
• Set thresholds for the Application Server properties.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 273

Using the Console
Management Console Options tab

• Specify which properties you want Propalms Terminal Services Edition to consider when
Propalms Terminal Services Edition computes the availability rating of different servers.
The Load Balancer first considers the threshold limits to eliminate the Application Servers that do
not meet the lower limits. Then the Load Balancer calculates the availability rating of the short-
listed Application Servers based on the criteria you select. Use the reset option to set the object
properties back to the software manufacturer’s default values. These default values reflect a
generically optimized value set.
Resource Based Load Balancing
Propalms Load Balancer computes a rank for each online App server based on the available
resources.
Performance Counter
You can set lower limits on each of the properties. Additionally, you can indicate if Propalms
Terminal Services Edition should consider each of these properties in the availability rating
calculation for the Application Servers.
Available CPU Cycles
Use this to specify the CPU capacity that must be available for additional tasks. CPU capacity is
equal to the total capacity minus the capacity used by active processes. This value appears in
MHz.
Available Memory (MB)
Use this to specify the difference between the total memory and the memory in use by active
processes that must be available for additional tasks. When the available memory falls to that
threshold, Propalms Terminal Services Edition adds no more new sessions to that server until
more memory becomes available.
Memory Page Table Entries Available
Use this to specify the minimum number of page table entries (PTEs) that must be available for
additional tasks. PTEs identify pages of memory called pageframes; and the number of PTEs in a
system is typically a fixed number.
Memory Page Swaps
Use this to specify the minimum number of memory pages that swap in and out of virtual memory
to physical memory. In general, it is positive to swap fewer pages out of the pagefile.
Processor Queue Length
Use this to specify the minimum length of a processor queue in units of threads. In general, faster
CPUs can handle longer queue lengths than slower CPUs. Additionally, identifying an acceptable
queue length is a subjective judgment that may vary significantly with variations in the Propalms
Terminal Services Edition environment.
Processor Context Switches
Use this to specify the minimum number of context switches that occur when the kernel or core of
the operating system, switches the processor from one thread to another. It is better to have fewer
context switches. IIS 5.0 sets the default value for switches per processor and the number of
switches can scale proportionately to the number of processors; so, if the ratio of context switches
between a single and dual processor were 1:2, this is an acceptable ratio. This does not rule out
the possibility of both values being too high.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 274

Using the Console
Management Console Options tab

Percent Utilisation Based Load Balancing

Propalms Load Balancer computes a rank for each online App server based on % utilization of
resources available on it. Therefore at any time the % of available resources utilized on each
server, will be the same. This scheme should be used when App servers are of different Memory
and CPU specs. It will help in even distribution of sessions across servers that are of different
hardware specification.
Performance Counter
You can set lower limits on each of the properties. Additionally, you can indicate if Propalms
Terminal Services Edition should consider each of these properties in the availability rating
calculation for the Application Servers.
Percent(%) CPU Available
Use this to specify the CPU capacity that must be available for additional tasks in percentage.
Percent(%) Memory Available
Use this to specify the Memory capacity that must be available for additional tasks in percentage.
Limit Servers to
Defines the lower threshold level for servers. On reaching the threshold level set ,servers will be
excluded from Load balancing. For eg: if set to 10%, that would imply that the server will be
excluded from participating in loadbalancing if its % availability of resources falls below 10% .
Weight- age Factor
This can be used to influence server ranking if availability of any one resource type is of more
importance than the other. For eg: if % availability of Memory is more significant then % availability
of CPU, admin may give more weight-age or points to Memory as compared to CPU. This will help
a server with more Memory availability, to rank upper in the server ranking scheme of
LoadBalancer.

NOTE
Note : On changing the LB scheme, Propalms LoadBalancer service should be restarted
to enforce the change.

Database Servers options

Use this page to add or remove a Backup Database Server, and synchronize or promote it when
required. If the Primary Database Server goes down, the system continues to function in read-only
mode. Existing users can still launch applications, though you cannot update the Propalms
Terminal Services Edition system. You can let the system continue in read-only mode or promote
the Backup Database to make it the Primary Database and restore normal functionality. For more
information, refer to "Achieving database redundancy".
The page displays the Database Server Name and the Database Type. Other properties include a
database synchronization trigger, a synchronization interval, and a remove backup database
trigger.
Add Backup DB
You can add a backup database to the Propalms Terminal Services Edition system to achieve
database redundancy.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 275

Using the Console
Management Console Options tab

To add a backup database:

1. From the Options>Database Servers page, click Add Backup DB.
2. In the Server Name field, enter the name of the database server.
3. From the Session Table Sync Time list, choose an interval for synchronization and click
Next.
4. Enter the account details to access the database server and click Next.
5. The Add Backup Database Server page displays the choices you make. Review the
information and click Add.
Promote Backup DB
This page displays the name of the Backup Database Server and offers you the option to promote
it to the status of primary database. If the Primary Database is online, we recommend that you first
synchronize the Backup Database before you promote the backup database. In addition, all the
servers in the Propalms Terminal Services Edition system should be online when you promote the
backup database. For more information, refer to "Promoting the Backup Database Server".
Synchronize DB
The backup database is automatically synchronized periodically with the primary database
depending on the synchronization interval. This page allows you to synchronize the backup
database with the primary database dynamically. For more information, refer to "Synchronization
of the Backup Database Server".
Change Sync Interval
This page allows you to change the database synchronization interval that governs the automatic
database synchronization process. For more information, refer to "Synchronization of the Backup
Database Server".
Remove Backup DB
This page allows you to remove the current backup database server from the Propalms Terminal
Services Edition team. This removes the Backup Database Server information from the Primary
Database Server.

Relay Servers options

Use this page to customize the Relay Server properties. To add the Relay Server role on a server
that is a Web Server, you should disable the SSL port on the IIS or change the IIS port.
Additionally, you may want to place the Relay Server role on more than one server. For more
information on adding roles to servers, refer to "Add roles to a server".
Relay Port
This is where you assign the relay port. In general, you might want to use port 443 (SSL) if you
have no specific objection to using it as it is generally open for communication in most server-client
environments. However, if you cannot use port 443, this port assignment is configurable.

NOTE
If you change the relay port, the existing connections are disconnected. However, the user
can reconnect the disconnected sessions from the Launch Pad Connections page,
depending on the connection settings.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 276

Using the Console
Management Console Options tab

Enable SSL Handshake

The SSL protocol generally begins with a handshake phase that negotiates an encryption
algorithm, checks the keys (public and private), and authenticates the server to the client.

NOTE
If you reset options, the relay port is set to 443 and SSL handshake is enabled.

DMZ Relay Configuration

Relay Port
This is where you assign the relay port for DMZ SPR. In general, you might want to use port 443
(SSL) if you have no specific objection to using it as it is generally open for communication in most
server-client environments. However, if you cannot use port 443, this port assignment is
configurable.
If you change the relay port, the existing connections are disconnected. However, the user can
reconnect the disconnected sessions from the Launch Pad Connections page, depending on the
connection settings.
Enable SSL Handshake
The SSL protocol generally begins with a handshake phase that negotiates an encryption
algorithm, checks the keys (public and private), and authenticates the server to the client.
If you reset options, the relay port is set to 443 and SSL handshake is enabled.

Cascaded Relay Configuration

Enable Cascaded Relay
This setting is used to enable the cascading between DMZ-SPR and SPR.
Enable Http Routing
This setting is used to enable Routing of HTTP traffic between DMZ-SPR and SPR.
Enable RDP / IFS Routing
This setting is used to enable Routing of RDP/IFS traffic between DMZ-SPR and SPR.

TS Gateway options
Now Propalms allows its users to benefit the latest Windows 2008 TS Gateway feature along with
Propalms TSE. Propalms TSE Team can be configured to work along with a pre-existing TSE
Gateway Server.
Update options
To enable the integration of TS Gateway with Propalms TSE, do the following:
Go to Propalms TSE Console> Options> TS Gateway
Click on Update Options and specify the TS Gateway Server Configuration using the following
fields:
• Server Name (a FQDN – Fully Qualified Domain Name is required)

Propalms Terminal Services Edition Administrator Guide--1 March 2013 277

Using the Console
Management Console Options tab

• Server Logon Method (select from ask for password (NTLM) or Smart Card or allow me
to select later)
• Bypass TS Gateway Server for Local Address (Enable/ Disable depending on the existing
• configuration)
Once done, click on Update; the details of the TS Gateway Server will be saved for Propalms TSE.
Reset options
You can revert back all the changes made in the TSE Gateway Server options using the Reset
option within the Reset TS Gateway Server Options page.

System options
Use this page to customize the system configuration values in Propalms Terminal Services Edition.
Propalms Terminal Services Edition team
Name
This is the name of the Propalms Terminal Services Edition Team. This field must not have any
special characters. Propalms Terminal Services Edition uses this field as the Start menu folder on
user desktops. If you delete the Propalms Terminal Services Edition Team name, a user cannot
launch any applications from the Propalms Connection Manager tray icon. You can do this to
prevent the users on public terminals from using the Launch Pad.
Description
This is a free-form description of the team.

Current HotFix version

Admin can enter the hot fix version applied to Propalms Web server in Console –Admin page. This
will be shown in the Home-About page.

Application Servers
First Letter for Drive Sharing
This shows the first letter, for a list of sequential alphabetical letters, that Propalms Terminal
Services Edition should use for mapping additional drives. Ensure that these drives are not being
used by the Application Servers or for logon scripts.
If you change the First Letter for Drive Sharing property, you must restart the Propalms Terminal
Services Edition Monitor service manually or reboot the Application Servers. To Propalms Terminal
Services Edition Monitor service, select Start>Settings>Control Panel>Administrative
Tools>Services>Propalms Terminal Services Edition Monitor, and then select Action>Start.
Last Letter for Drive Sharing
This shows the last letter, for a list of sequential alphabetical letters, that Propalms Terminal
Services Edition should use for mapping additional drives. Ensure that these drives are not being
used by the Application severs or for logon scripts.
If you change the Last Letter for Drive Sharing property, you must restart the Propalms Terminal
Services Edition Monitor service manually or reboot the Application Servers. To Propalms Terminal
Services Edition Monitor service, select Start>Settings>Control Panel>Administrative
Tools>Services>Propalms Terminal Services Edition Monitor, and then select Action>Start.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 278

Using the Console
Management Console Options tab

NOTE
You can turn off client drive sharing by specifying the first and last letter for drive sharing
such that the last letter specified comes before the first letter specified in the alphabetical
order. For example, you can specify the first letter as "Q" and the last letter as "M". In this
case, none of the client drives will be available to the user in Propalms Terminal Services
Edition.

Tracing
Log To
Propalms Terminal Services Edition can write error, warning, and information messages. This
identifies the destination of the message tracing output. You can send the trace messages to the
output debugger or the application event log. By default, the trace messages are written to the
application event log, and your selection is exclusive. If you use an application event log and you
are having a problem, you might want to truncate your application event logs to make room for the
output. To view output from output debugger, use a debugger such as Debug View. To view output
from Propalms Terminal Services Edition to the application event log, you must go to
Start>Settings>Control Panel>Administrative Tools>Event View>Application Log.
Level
This identifies the type of the logged output. You can choose to log information, warnings, or
errors. Each of these parameters will operate correctly with either the output debugger or the
application event logs.
Purge Logs
This identifies the destination of the Propalms Terminal Services Edition database add, change,
and delete actions. You can set up a scheduled event to purge old Propalms Terminal Services
Edition database logs automatically. Propalms Terminal Services Edition can automatically
accommodate your log retention requests. The data from these logs appears in reports; therefore,
the longer you retain logs, the more information you can collect in reports. However, the data you
keep stays in the database; hence, more data occupies more space.

NOTE
The setting made by the administrator to purge the Propalms Terminal Services Edition
affects the Peak Concurrent Usage report displayed on the Reports>Product Key page.
For example, if you set purging for logs older than 30 days, and set the find filter for the
Peak Concurrent Usage on the Reports>Product Key page to Last 90 Days, the report
displays the result only for last 30 days. This is because all the logs older than 30 days are
purged.

Sessions Log
These logs track session-level events such as adds, changes, and deletes. Specify a time option
for deleting old logs.
Audit Log
These logs track system-level events such as adds, changes, and deletes. Specify a time option
for deleting old logs.
Usage Log
These logs track user-, client-, server-, and Propalms Terminal Services Edition-level events such
as adds, changes, and deletes. Specify a time option for deleting old logs.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 279

Using the Console
Management Console Options tab

Job Records
These logs track the outcome of events that cause a job to run. Other logs show the trigger for
these jobs, but the outcome of the jobs appears here. Specify a time option for deleting old logs.
Load Balancer
Load Balancer Server Authentication
In the Propalms TSE System, whenever a user tries to launch an application, the Propalms TSE
System selects the best available server through an elaborate Load Balancing mechanism. Users
are also authenticated at this Load Balancer stage. This setting can turn on or turn off this
additional authentication that happens before an actual RDP session is initiated. If this
authentication is enabled then it may cause a problem for some authentication mechanisms which
do not use the domain credentials like user name and password, but instead use some other
authentication mechanism like smartcards, biometric devices etc. This type of authentication
mechanisms are usually supported by Terminal Server by replacing the GINA on Windows 2003
Servers. Since these mechanism are not generic enough Load Balancer may not be able to use
this authentication mechanism. Hence if you want to use some other authentication mechanism
that may interfere with the Propalsm TSE Launch then you can turn off this authentication.
To enable/ disable the Load Balancer Server Authentication, go to Options> System> page and
click on Update Options. This option will then be found under "Load balancer".

Lockdown Policies
Lockdown Policy is a set of UI restrictions that you can apply on a server. By configuring different
settings you can customize the windows explorer and other common dialog box's user interface.
Use the Options>Lockdown Policies page of the Propalms Terminal Services Edition Management
Console to view, add, update, or remove lockdown policies. You can apply the policies you add
here to the Application Servers from the Manage>Servers>Update Server page of the Console.
You cannot modify or delete the below predefined lockdown policies:
• No Restrictions
• Low Restrictions
• Medium Restrictions
• Highest Restrictions
Add Lockdown Policies
The Add Policy action allows you to add a new lockdown policy to the Propalms Terminal Services
Edition system.
To add a set of lockdown policy restrictions:
1. From the Options>Lockdown Policy page, click Add Policy.
2. On the Add Policy page, select/enter the relevant information and click Next.
3. The Add Policy page displays the choices you make. Review the information, and click Add.
Following are the fields you need to specify while adding a lockdown policy.
Policy Name
This Lockdown Policy name appears on the Propalms Terminal Services Edition Console. You
should specify a meaningful name for a Lockdown Policy.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 280

Using the Console
Management Console Options tab

Description
This is a free-form description of the lockdown policy that identifies the policy or provides other
clarification.
Policy Settings
Select the relevant restrictions you want to include in the lockdown policy.
After you add a lockdown policy, you can apply it to a server from the Manage>Servers>Update
Server page of the console.
Remove Lockdown Policies
The Remove Policy action permits you to remove the selected lockdown policies. You cannot
remove a lockdown policy template.
You cannot remove a built-in lockdown policy.
To update a set of lockdown policy restrictions:
1. From the Options>Lockdown Policy page, select a lockdown policy and click Remove Policy.
2. The Remove Policy page displays the lockdown policies you choose. Click Remove to remove
the displayed lockdown policies.
When you remove a lockdown policy that is applied to an Application Server, the server
reverts to the default setting of no restrictions.
Update Lockdown Policies
The Update Policy action permits you to change the restrictive properties of the selected lockdown
policies.
You cannot update the properties of a built-in lockdown policy.
To update a set of lockdown policy restrictions:
1. From the Options>Lockdown Policy page, select a lockdown policy and click Update Policy.
2. Change the relevant fields and click Update.
View Lockdown Policies
You can view all the policies configured in the Propalms Terminal Services Edition system from the
Options>Lockdown Policies page of the Console. To view the details of a particular policy, click
the Policy Name of the relevant policy. The Console displays the lockdown policy details such as
the name and description of the policy and the lockdown policy settings.
Click Show All Policies to return to the Lockdown Policies page.

TSE Notifications
TSE v7.0 introduces TSE Notification feature that allows TSE Administrators to enable
Email Notification Alerts based on certain TSE System Events. An email notification will be sent to
the specified Email accounts, notifying the occurrence of certain TSE System Events.
TSE Notifications can be enabled and configured in TSE Management Console, under
Options – TSE Notifications page.Notifications are part of the TSE WEB server configuration. If
there are more than one TSE WEB server in the team, only one TSE WEB server is responsible for
sending TSE notifications.In the event of a Web server going down, another TSE WEB server
takes up the Notifications job. If there is only one TSE WEB configured in the team,
notifications will not be sent if the only TSE WEB server goes offline TSE checks for its system/
components status every 5 minute.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 281

Using the Console
Management Console Options tab

In case a TSE system or component state changes and reverts back to its original state between
the 5 minute intervals, it can go undetected by the TSE Notification System. This is likely when
TSE Services are restarted which usually only takes less than a minute. Verify the entered smtp
settings by clicking the ‘Test SMTP Settings’ button.

Update SMTP Settings:

Propalms Terminal Services Edition Administrator Guide--1 March 2013 282

Using the Console
Management Console Options tab

TSE Role for Server goes down:

This event is raised when any TSE Role (App, Web,LB, SPR or DMZ-SPR) goes down or
Red in the TSE Console – Manage- Servers page.

Sample mail:

TSE Server goes offline:

Event is raised if a TSE Server running status goes offline in TSE Management Console.
This is common when a TSE server is rebooted or TSE Services being restarted.

Active license count over 90 percent:

Database communication failure:

This event is raised when an online TSE Server in the team fails to connect with
the SQL server hosting the Propalms Database.

TSE Scheduled task failure:

This event is raised when one of the in-built scheduled TSE Tasks (Domain Synch,
Backup DB Synch, Reboot Server) fails to complete.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 283

Using the Console
Management Console Options tab

Job completion failure:

This event is raised when a TSE Job like, Adding application, Server, removing or
Adding Apps fails.

App Server reaches Max Session Limit:

Reset SMTP Settings:

Use the Reset SMTP Settings option in case you need to revert to the default TSE SMTP
settings.
Do not enter the SMTP Password, leave it blank.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 284

Troubleshooting
What’s in this chapter?

Troubleshooting

What’s in this chapter?

This chapter presents information about situations you may encounter and it also explains how to
work with any related issues.

Troubleshooting Propalms Terminal Services Edition

This section deals with issues related to the following.
"Application-specific issues"
"User-specific issues"
"SSL enabled"
"Propalms Terminal Services Edition version"
"Client download"
"Client problems"
"Configuration"
"Diagnostics"
"Disconnect"
"Installation"
"“Join Team” installation fails"
"Domain-specific issues"
"Ports"
"Product keys"
"Local file saving and printing"
"Seamless windows"
"Server problems"
"Server roles"
"Shadowing"
"Shortcuts"
"File associations"
"Windows Terminal Services settings and seamless windows"
"Launch Pad"

Propalms Terminal Services Edition Administrator Guide--1 March 2013 285

Troubleshooting
Application-specific issues

"Event Log"

Application-specific issues
This section addresses application-specific issues.

Office XP application remains running after closing it

Issue
You cannot exit your Propalms Terminal Services Edition Applications Manager after exiting from
an XP application.
Symptom
If you run certain Microsoft Office XP applications through Propalms Terminal Services Edition in
seamless mode, the application session may not exit after you close the application.
Cause
This is because the Ctfmon.exe program stays running in the session (Ctfmon.exe monitors the
active windows and provides text input service support for speech recognition, handwriting
recognition, keyboard, translation, and other alternative user input technologies).
Resolution
Microsoft provides an article on how to prevent Ctfmon.exe from running. Excerpts from this article
appear below, and you can read the original article on http://support.microsoft.com/support/kb/
articles/Q282/5/99.ASP.
To prevent Ctfmon.exe from running, follow these steps.
Step 1. Uninstall Alternative User Input
To uninstall the alternative user input feature, set the installation state to Not Available in Office XP
Setup.
For Microsoft Windows Millennium Edition (Me), Microsoft Windows 98, or
Microsoft Windows NT 4.0:
1. Quit all Office programs.
2. Select Start>Settings>Control Panel>Add/Remove Programs.
3. On the Install/Uninstall tab, click to select the Microsoft Office XP product, where Office
XP product is the name of the specific Office product that is in use. If you are using a
standalone version of one of the Office programs, click to select the appropriate product in
the list. Click Add/Remove.
4. In the Maintenance Mode Options dialog box, select Add or Remove Features, and then
click Next. This displays the Choose installation options for all Office applications and
tools dialog box.
5. Expand Office Shared Features.
6. Click the icon next to Alternative User Input, and then select Not Available.
7. Click Update.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 286

Troubleshooting
Application-specific issues

NOTE
If you have multiple Office XP products installed, for example, Office XP Professional and
Publisher 2002, you must repeat the preceding steps for each installed product.

For Microsoft Windows 2003:

1. Quit all Office programs.
2. Select Start>Settings>Control Panel>Add/Remove Programs.
3. In the Currently installed programs list, click to select the Microsoft Office XP product,
where Office XP product is the name of the specific Office product in use. If you are using a
standalone version of one of the Office programs, click to select the appropriate product in
the list. Click Change.
4. In the Maintenance Mode Options dialog box, select Add or Remove Features, and then
click Next. This displays the Choose installation options for all Office applications and
tools dialog box.
5. Expand Office Shared Features.
6. Click the icon next to Alternative User Input, and then select Not Available.
7. Click Update.

NOTE
If you have multiple Office XP products installed, for example, Office XP Professional and
Publisher 2002, you must repeat the preceding steps for each installed product.

Step 2. Remove alternative user input services from Text Services

1. Select Start>Settings>Control Panel>Text Services.
2. Go to the Installed Services section, and, one by one, select each input item listed, and
then click Remove to remove the item. Remove most items, all items except the following
input service:
English (United States)- default Keyboard United States 101
Step 3. Run Regsvr32 /U on the Msimtf.dll and Msctf.dll files
1. Select Start>Run.
2. In the Run dialog box, type the following command:
Regsvr32.exe /u msimtf.dll
3. Click OK.
4. Repeat Steps 1 to 3 for the Msctf.dll file.
Alternatively, you can perform one of the following procedures:
• You can end the session explicitly using the Log Off option in the Propalms Connection
Manager.
• You can enable Office XP applications in non-seamless mode.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 287

Troubleshooting
User-specific issues

User-specific issues
Add user fails
Issue
Add user with long names fails.
Symptom
On the Console, when you try to add to the Propalms Terminal Services Edition system, a user
with First Name or Last Name longer than 60 characters, the operation fails and the Console
displays an error.
Cause
This is due to the Propalms Terminal Services Edition database design.
Resolution
Limit the length of First Name and Last Name of users to 60 characters each in the Active
Directory.

User logon fails with “null” error

Issue
Logon to Launch Pad fails with “null” error.
Symptom
The Launch Pad displays “null” error when a user tries to logon to the Launch Pad.
Cause
One of the reasons this happens is when a user tries to logon to the Launch Pad after the
administrator deletes the user and then adds a user with the same logon name to the domain.
Resolution
Do one of the following:
• Synchronize the domain
• Delete the appropriate user from the console

NOTE
Synchronizing the domain may take a considerable amount of time, so we recommend the
second option.

Logon fails
Issue
Logon fails for users with long names.
Symptom
A user with First Name or Last Name longer than 60 characters is unable to logon to the Console
and the Launch Pad.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 288

Troubleshooting
SSL enabled

Cause
This is due to the Propalms Terminal Services Edition database design.
Resolution
Limit the length of First Name and Last Name of users to 60 characters each in the Active
Directory.

SSL enabled
Internet Explorer on Windows 95 client
Issue
If SSL is enabled, Internet Explorer on Windows 95 client fails.
Symptom
When SSL is enabled and a user tries to access the Launch Pad from Internet Explorer on
Windows 95 computer, “Launch Pad ID is missing” error is displayed.
Cause
This is because of the way Internet Explorer handles the certificate.
Resolution
1. After enabling SSL on server and adding proper certificate on server, when you try to visit
the Launch Pad in browser on the client you will get a dialog box asking for certificate
authority.
2. Click View Certificate.
3. On the Certificate dialog box you will have the option for adding this certificate to the Root
authority. By selecting that add certificate to the root authority.
4. Access the Launch Pad after adding the certificate to the root authority.

Propalms Terminal Services Edition version

Locating the version number for the Propalms Terminal Services Edition
software
Issue
A user would like to find the version number for his Propalms Terminal Services Edition software.
Symptom
N/A
Cause
N/A
Resolution
When the user places the cursor on the Propalms Connection Manager tray icon and there are no
active connections, the tool tip displays the version next to the program name.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 289

Troubleshooting
Propalms Terminal Services Edition version

Within the browser interface to Propalms Terminal Services Edition, there is an “About” link. This
link is available on both the Propalms Terminal Services Edition Application Launch Pad and the
Management Console. The resulting page contains the following information:
• Company name for which the product is registered
• Product Key
• Build
• Version
• Technical Support contact number
• Sales Support Center contact number

NOTE
In the event that you need the product version information and the browser interface to
Propalms Terminal Services Edition is not available, you may retrieve the version
information from Propalms Terminal Services Edition’s SQL Database.

1. From your SQL server, launch the SQL Enterprise Manager.

2. Expand the view so you can see the list of databases.
3. Expand the view for the CanaveralDb database.
4. Select Tables.
5. Right-click the table named GBLConfiguration.
6. Select Open Table, and then the option to Return all rows.
7. Scroll down, and look at the Value for the record labeled VersionNumber.

Locating the server-side Propalms Connection Manager version

Issue
The systems administrator would like to determine the Propalms Connection Manager version that
his Propalms Terminal Services Edition system is delivering to the end user.
Symptom
N/A
Cause
N/A
Resolution
1. From the SQL server, launch the SQL Enterprise Manager.
2. Expand the view to see the list of Databases.
3. Expand the view for the CanaveralDb database.
4. Select Tables.
5. Right-click the table named GBLConfiguration, select Open Table, and select Return all
rows.
6. Scroll down, and look at the Value for the record labeled “ClientManagerSetupVersion”

Propalms Terminal Services Edition Administrator Guide--1 March 2013 290

Troubleshooting
Active directory

Active directory
Application list refresh based on group membership
Issue
Application list not refreshed correctly on Launch Pad after change in group membership across
domains.
Symptom
If a user’s group membership is changed across domains and the refresh application list link is
clicked, the application list does not display the correct application list according to the changed
membership.
Cause
This is due to the AD Replication latency across domains. Universal Groups are updated first in
Global Catalog (GC) and then the changes replicated to each domain. The time to replicate
depends on topology as well as the replication schedule set by the system administrator. Typically,
the time taken would be about 15 minutes.
Resolution
Due to the AD architecture, the updated application list will be displayed after replication takes
place as per the replication schedule set by the system administrator and the topology. The system
administrator can also do manual synchronization. The change in group membership is then
reflected immediately.

Client download
Considering administrative rights for the client computer
Issue
Does a user need to have administrator privileges on the client computer in order to launch
Propalms Terminal Services Edition applications?
Symptom
N/A
Cause
N/A
Resolution
No, to launch applications a user need not have administrative rights on the client computer.
A user must have administrative rights on the client computer to install Propalms Terminal Services
Edition’s client software. However, after the installation is complete, no user operations require
administrative rights.

Understanding the contents of the client computer’s download

Issue
What files will a user download to a Propalms Client computer?

Propalms Terminal Services Edition Administrator Guide--1 March 2013 291

Troubleshooting
Client download

Symptom
N/A
Cause
N/A
Resolution
The user downloads Propalms-TSE-Client650.exe. It shows up as Propalms Connection Manager
in the Add\Remove programs.

Understanding the size of Client components

Issue
How large is the Propalms Client?
Symptom
N/A
Cause
N/A
Resolution
The Propalms Client is about 5 MB.

Understanding why a user cannot log on to the Propalms Terminal Services

Edition Launch Pad
Issue
A user who does not have administrative privileges goes to the Propalms Terminal Services
Edition Launch Pad and downloads the Propalms Client software; however, this user is unable to
install the software on the Client.
Symptom
When attempting to download and install the Client from the Propalms Terminal Services Edition
Applications Launch Pad, the process fails and the user receives a warning.
Cause
The user does not have the administrative privileges that are required to install the client.
Resolution
To install the Propalms Client software, the user must have administrative privileges on the client
computer. If you cannot grant administrative privileges to the user of the client computer, you have
these options:
• You may logon to the client computer as an administrator and install the client
• You may push the Propalms Terminal Services Edition install to the client using a program
such as the Windows 2000 IntelliMirror.
After you install the software on the Client computer, the user can log on to the client computer and
perform all normal user operations using the Propalms Terminal Services Edition Launch Pad Web
pages. For normal operations, a user does not need administrative privileges.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 292

Troubleshooting
Client problems

Corrupt installation detected error

Issue
User gets Install error while downloading client software.
Symptom
When attempting to download and install the Client from the Propalms Terminal Services Edition
Applications Launch Pad, the process fails and the user gets an Install error sometimes.

Cause
This may happen if the user tries to run the program from its current location.
Resolution
The user should download the software by saving it on the client computer and then run Propalms-
TSE-Client650.exe to install the client software.

Client problems
Application Server’s screen saver appears on the client computer
Issue
A screen saver appears on the client computer during an active session.
Symptom
The client computer that is both connected to an Application Server and has an active session
running on it, displays a screen saver.
Cause
There is a screen saver set on the Application Server.
Resolution
Do not set a screen saver on any Application Server.

Client OS support
Issue
What client operating systems do you support?
Symptom
N/A
Cause
N/A

Propalms Terminal Services Edition Administrator Guide--1 March 2013 293

Troubleshooting
Client problems

Resolution
Propalms Terminal Services Edition supports Microsoft Windows ® Terminal Services clients that
run the following operating systems:
• Windows XP
• Windows Server 2003
• Windows Vista and above
Propalms Terminal Services Edition supports Terminals clients that run the following operating
systems:
• Windows NT Embedded 4.0
• Windows CE 2.12
• Windows CE 4.x (CE .NET)
• Linux

Application launch hangs at Connecting to Application Server message

Issue
Client cannot launch applications.
Symptom
When launching an application, the client hangs at the message box stating “Connecting to
Application Server…”
Cause
Sometimes, the system directs an error message or information message to the desktop before an
application launches. If the user is running Propalms Terminal Services Edition with seamless
windows enabled for this application and an administrator has disabled the “Show Logon Dialog
During Seamless Windows Launch” option from the Management Console, the message will not
be visible to the user and user’s application appears to hang.
Resolution
To test if a user is experiencing the described behavior, disable seamless windows for the
application in question, and ask the user to attempt the application launch again. If the application
launches successfully without seamless windows enabled, do one of the following:
Re-enable the Show Logon Dialog During Seamless Windows Launch as one of the Launch Pad
properties in the Management Console. Do so by clicking the Manage>Connection
Settings>Update Connection Options. Scroll down Seamless Windows drop-down list box and
select Except During Logon for the Seamless Windows option. This action will cause an error or
message dialog box to be visible to the user before an application launch and the application can
still run in seamless windows mode.
If a user still receives an error message before an application launch, have the user correct the
error, and launch again.

Support for dial-up connections

Issue
Will an application launch if a user connects via a dial-up connection?
Symptom
N/A

Propalms Terminal Services Edition Administrator Guide--1 March 2013 294

Troubleshooting
Client problems

Cause
N/A
Resolution
Yes, Propalms Terminal Services Edition does support dialup connections.

Launch Pad Favorites page is not displayed

Issue
Launch Pad Favorites page is not displayed after logon.
Symptom
Using Internet Explorer 6.0 on Windows 2003, when a user accesses the Launch Pad Web site,
the following window appears.

The user clicks Close and is able to access the Log On page. However, after logon, the Favorites
page appears blank.
Cause
This is due to the Internet Explorer Enhanced Security Configuration setting.
Resolution
Remove the enhanced security setting from the client computer. To do this:
1. Close the browser window.
2. Select Start>Control Panel>Add/Remove Programs>Add/Remove Windows
Components.
3. Clear the Internet Explorer Enhanced Security Configuration check box.
4. Click Next.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 295

Troubleshooting
Client problems

5. Log on again to the Launch Pad.

Alternatively, if the Internet Explorer Enhanced Security Configuration setting is in accordance with
the organizational policy, click Add on the window that appears when the user accesses the
Launch Pad Web site to add the site to the Trusted Sites list.

NOTE
This problem also occurs when a user launches a provisioned Internet Explorer
application, on an Application Server with Internet Explorer Enhanced Security
Configuration setting. You should then implement the resolution on the Application
Servers.

Painting issue with Microsoft’s Office Assistant

Issue
Microsoft’s Office Assistant does not behave properly for an application launched through
Propalms Terminal Services Edition when the Client is running in seamless windows mode.
Symptom
When using an application from Microsoft’s Office suite, the Office Assistant may launch correctly;
however, if you move the Office Assistant, the system will not repaint it.
Cause
We are aware that this is an issue and are currently working on a resolution.
Resolution
Please disable Microsoft’s Office Assistant. You can do this by uninstalling the Office Assistant
from the Application Servers.

Application launch fails with Server Not Available error

Issue
Users are not able to launch any applications through Propalms Terminal Services Edition.
Symptom
When attempting to launch applications through Propalms Terminal Services Edition, users
receive the following error message: “No application servers are available to process this request”.
Cause
The application delivery servers may not be talking to the Load Balancer or the load limits on your
application servers may be hitting a threshold.
Resolution
1. Check the status of the Application Server.
2. Check to see if the Application Server is available by logging on to the Management
Console.
3. Select Monitor>Load Balancer. Look for the Application Server in question. Does it exist?
Are all of the values are set to zero? Did the Propalms Terminal Services Edition Services
Monitor service stop or hang?

Propalms Terminal Services Edition Administrator Guide--1 March 2013 296

Troubleshooting
Client problems

4. Restart the Propalms Terminal Services Edition Services Monitor service on the Application
Server.
5. If the Monitor service does not restart, then reboot the computer.
6. Attempt to launch an application.
7. If the same error occurs, restart the Load Balancer and Load Balancer Assistant services,
which are located on the Web Server, and attempt to launch an application once more. If
you have installed the Load Balancer role on other computers, restart the aforementioned
services on those computers as well.
8. Check the load limits for that server. By default, Propalms Terminal Services Edition
enables load limits on the Propalms Terminal Services Edition system.
9. Check to see if the server is at its load limits. To do this, select Monitor>Load Balancer,
and then select Options>Load Balancer. Note the values for the limits in both areas and
compare the values. If the server is running at the available memory or CPU capacity
threshold, applications will not launch until more resources become available. To affect a
change immediately, you can disable or change the load limits. However, you may want to
monitor this server intermittently to see that these changes have not adversely affected this
server’s ongoing performance.

Copy and paste large files or bitmaps

Issue
An application may fail if you copy and paste a large bitmap or a large file or bitmap to an
application run by Propalms Terminal Services Edition.
Symptom
The application that receives the pasted data may fail.
Cause
This is an RDP issue.
Resolution
Check the Microsoft site to see if a patch is available.

Desktop Windows commands and seamless windows mode

Issue
Some Menu items, such as Minimize All / Tile, do not have any effect on sessions that are running
under Propalms Terminal Services Edition Seamless Windows.
Symptom
If a user invokes the Taskbar's Context menu by performing a right click on the Windows shell’s
taskbar, then Windows generally launches the Windows arrangements menu, which shows the
following types of item/actions: Cascade windows, Tile Windows Vertically, Tile Windows
Horizontally, Minimize All windows, and Undo Tile.
However, the above Menu Item has no effect on a window that is created as a Seamless Propalms
Terminal Services Edition session.
Cause
This is by design.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 297

Troubleshooting
Client problems

Resolution
N/A.

Removing user name and domain from Wyse terminals

Issue
User name and domain information appears on all terminals.
Symptom
When pushing a Wyse terminal configuration to multiple devices using Rapport, the user name
and domain used to configure the master device is replicated to all the devices.
Cause
The Rapport software is configured to retrieve all the settings from the Wyse device. This provides
the administrator with the utmost flexibility in what gets pushed down to the other devices. As pa
art of this retrieval, the connection setting information is also pulled out. As a result, when an
unedited configuration is pushed to other devices, the device inherits the settings of the master
device.
Resolution
Remove the domain and user information from the file that gets pushed to the terminals. This is a
one-time step that you have to follow for all connections before you push all the connection
information to the terminals.
1. Retrieve the terminal configuration from the master Wyse terminal using Rapport.
2. Backup the file, settings.reg located in the GetCECFG folder.
3. Edit the settings.reg file.
4. Scroll down to the section beginning with
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBT\Clients\Registration\Canaveral\Co
nnections.
5. In the parameters section, you will see tags called UserName= and DomainName=.
6. Edit these entries for all the connections. If you want to remove the user name just delete
the username (until the ;). Repeat for the Domain. Alternatively, you can enter a different
username/domain combination.
7. After you have completed this for all the connections, save the file to the SendCECFG
folder on the Rapport server.
8. Push the setup file to the devices using Rapport.

Non-existent printer issue

Issue
Series of error messages.
Symptom
When an application is launched, a series of message boxes may be displayed on the Application
Server before the application opens.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 298

Troubleshooting
Configuration

Cause
The client computer may have such printers installed that are not currently available or are non-
existent.
Resolution
Delete the printers that do not exist and verify that all other printers are available.

Second application launch from CE device

Issue
Second application launch fails on CE device.
Symptom
An application launch from a CE client fails if there is already a Propalms Terminal Services Edition
session launched through SPR.
Cause
This is due to the limited memory of CE devices.
Resolution
Launch Windows Desktop from the CE device as the first application and then launch other
applications from the launched Windows Desktop session.

Configuration
Specifying a command parameter for an application
Issue
You need to specify an argument, or command parameter for the application.
Symptom
To launch successfully, an application requires a special launch command.
Cause
N/A
Resolution
Specify the argument in the Command Line Parameters section of the Launch Settings section for
the application in question. To do this, select Manage>Applications, select the relevant
application, click Update, enter the command string in the Command Line Parameters box, and
click Update.

Disconnecting a user versus logging off a user

Issue
Is there a difference between disconnecting a user and logging off a user?
Symptom
Yes, there is a difference. From the Management Console you can enable a user to disconnect
from a session and permit that user to reconnect to a previously disconnected session. Associated

Propalms Terminal Services Edition Administrator Guide--1 March 2013 299

Troubleshooting
Configuration

with this function is the ability for a Propalms Terminal Services Edition administrator to disconnect
or log off users who use Windows Terminal Services. An administrator may want to terminate an
inactive session for the following reason; when a user disconnects a session, that user may forget
to reconnect or log off from the session. This persistent connection continues to use Propalms
Terminal Services Edition resources; it uses one Propalms Terminal Services Edition and one
WTS license.
Cause
Disconnecting a user keeps the application running on the server so that the user can re-connect
to his or her previous session. If you log off the session, the application terminates on both the
Client and the server, and the session releases any licenses that it held.
Resolution
To maximize the use of existing licenses, the Propalms Terminal Services Edition administrator
may wish to prohibit users from disconnecting sessions. To do this, a Propalms Terminal Services
Edition administrator should select Options>User>Update Options, and set the Reconnect On
Launch property to Never, and clear the Allow User To Change This Option check box.

Configuring published addresses for use with private/public networks

Issue
The customer wishes to have client computers on both private and public networks use the same
set of Propalms Terminal Services Edition Servers.
Symptom
Client computers are not able to connect to Propalms Terminal Services Edition when using a
private or public IP address for the Published Address entry (for the Application Server in the
Management Console).
Cause
This is consistent with how most network devices work when dealing with a network that is using
Network Address Translation (NAT) devices (for example, Cisco Pix Firewalls).
Resolution
Configure the Published Address to use a DNS name instead of an IP address. To do this, perform
the following:
1. Identify two DNS Servers that you want to use: one public DNS Server and one private
DNS Server.
2. Identify the public IP addresses to use. This number depends on the number of Propalms
Terminal Services Edition servers.
3. On any network device (for example, firewall), validate that the required inbound TCP ports
are open for the public IP addresses identified.
4. Identify the DNS names for the public IP addresses that were identified in Step 2 (for
example, canapp_server1.<company>.com).
5. On the public DNS server, create an “A” record for each DNS name and relate it the public
IP address reserved for the Propalms Terminal Services Edition server. Repeat this
process for any other servers.
6. On the private DNS Server, create a Primary DNS zone that relates to the public zone used
in Step 4 (for example, <company>.com).
• For the Forward Lookup Zones, right click and select New Zones.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 300

Troubleshooting
Configuration

• Check Standard Primary Zone and click Next.

• Type in the zone name and click Next.
• Click Next again, and then click Finish.
7. On the private DNS server create an “A” record for each DNS name and relate it the private
IP address of the Propalms Terminal Services Edition Server.
• Click on the New Zone that you created.
• Right click and select New Host.
• Enter in the name (e.g. canapp_server1) and the private IP address.
• Create an “A” record for all the other Propalms Terminal Services Edition servers in the
same manner.
• Configure your Propalms Terminal Services Edition Server to use the Published
Address by logging on to the Management Console to do the following:
• Select Manage>Servers, select the server you wish to modify, and click
Update Server.
• In the Published Address field, enter the DNS name for this server (e.g.
canapp_server1.<company>.com).
• Click Update.
• Repeat the process for any other servers.

Running Propalms Terminal Services Edition with an ISA server

Issue
When running Propalms Terminal Services Edition behind an ISA server, it appears that data move
to the internal address only.
Symptom
A user cannot download the ActiveX Client and this prevents the user from logging onto the
Launch Pad. In addition, if the user is able to log on, that user accesses a URL that uses the
internal address.
Cause
You need to configure ISA and Propalms Terminal Services Edition to use the correct address.
Resolution
You need to configure the following:
1. You should use a Fully Qualified Domain Name (FQDN) as your published address for your
server. Externally, this name resolves to your outside IP address, and internally, this name
resolves to your inside IP address.
2. You need to configure your ISA server to “Send original host header instead of internal
name.”
• Here are the steps to configure this. Please refer to the ISA documentation if you have
any questions about setting this up.
• Open up the ISA console.
• Under publishing, create a new web publishing rule
• Under the Action tab, select Send Original Host Header.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 301

Troubleshooting
Configuration

3. You need to configure your ISA Server to have our required ports open, so you need to
setup server publishing rules for the following ports 80, 4660, and 3389.

Cannot locate application executable when launching an application

Issue
The system cannot find the executable for the application the user is attempting to launch.
Symptom
When launching an application, the user receives the error statement “Cannot find the file
‘<path>\<application name>.exe’ (or one of its components). Make sure the path and
filename are correct and that all required libraries are available.”
Cause
The application’s executable path is not correct for the server you have chosen.
Resolution
Modify the application path in the Management Console so that the application has the correct
path. Make sure that the path specified corresponds to the server you have selected for this
application. For example, if you have chosen c:\temp\my.exe as the application path and
server1 as your server, then make sure that c:\temp\my.exe is physically located on server1.

Installing Propalms Terminal Services Edition on a domain controller

Issue
Domain controllers have different security settings.
Symptom
When installing all the roles on a Propalms Terminal Services Edition server, you can only run an
application as a Domain Administrator.
Cause
Domain Controllers do not allow Log On Locally rights; you need to give users Log on Locally
rights in order to use Terminal Services on a Domain Controller.
Resolution
To allow a user to log on locally to a domain controller:
1. Select Start>Programs>Administrative Tools>Domain Controller Security Policy.
2. Expand Windows Settings>Local Policies.
3. Click User Rights Assignment.
4. Give Log on Locally rights to the groups you want to have access.
To have this policy to take affect immediately:
You will need to type in the following command at a command prompt:
secedit /refreshpolicy machine_policy /enforce

Propalms Terminal Services Edition Administrator Guide--1 March 2013 302

Troubleshooting
Configuration

After installing the Application Server role, the server “blue screens”
Issue
The Application Server reserves some default drives to use for client drive mapping.
Symptom
After installing of the Application Server Role, the server “blue screens”.
Cause
Propalms Terminal Services Edition Application Server Role, by default, reserves drives I through
Q for use with client drive mapping. If your operating system is on those drives, then the server will
“blue screen” when the Propalms Terminal Services Edition Monitor Service starts up.
Resolution
1. Boot into Safe Mode.
2. Change the Propalms Terminal Services Edition Services Monitor to start manually and
then reboot.
3. Log on to the Management Console.
4. Select Options>System>Update Options.
5. Change the Propalms Terminal Services Edition Drive Sharing: First Letter for Drive Map
and Last Letter For Drive Map to drives that your server is not already using, such as “Q”
for the first letter and “W” for the last. This is assuming that you are not using these letters
for your drives already. If you are using any of these drives, select a different, unused drive
sequence.
6. Start the Propalms Terminal Services Edition Monitor Service.
7. If the system does not blue screen again, change your service to start up automatically.

Time-outs when using the Management Console

Issue
In large domains, it can take a while to return all the information. The default settings of the
Propalms Terminal Services Edition time-out variables are 90 seconds for ASP pages and 60
seconds for COM+ components.
Symptom
When using the Console, you get a time-out error.
Cause
When you have large domains, the administrator’s request could time-out, as the default time-out
for the ASP pages is 90 seconds and 60 seconds for the COM+ components.
Resolution
To resolve this, increase the time-outs for the ASP pages and COM+ components:
1. Select Start>Settings>Control Panel>Administrative Tools>Internet Services
Manager.
2. Expand the Default Web Site, right-click on the Console entry and select Properties.
3. Click the Directory tab on the Console Properties window, and click Configuration.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 303

Troubleshooting
Configuration

4. Click the Application Options tab.

5. Increase the value of ASP Script Timeout, and click OK. Try 120 seconds, and if time-out
behavior still occurs increase once again.
To increase the time-out for the COM+ components:
1. Select Start>Settings>Control Panel>Administrative Tools>Component Services.
2. Expand Component Services>Computers>My Computer>COM+
Applications>Propalms Terminal Services Edition Management
Engine>Components.
3. Right click on CuDataAccess.Modifier.1 and select Properties. Click the Transactions
tab.
4. For the Transaction time-out, increase the time (to say, 120). Do this for each of the
following and set each of the following to the same time value:
• CuLogic.ApplicationManager.1
• CuLogic.ConfigManager.1
• CuLogic.DomainManager.1
• CuLogic.LicPolicyManager.1
• CuLogic.MaintenanceManager.1
• CuLogic.OrgManager.1
• CuLogic.ProdKeyMgr.1
• CuLogic.ServerManager.1
• CuLogic.UserManager.1
To manage more than 1000 users:
When you manage more than 1000 users in a domain, you may time-out for because the process
exceeds the time-out limit or the query exceeds the page selection limit. When you must select
more than 1000 users, consider selecting these users by proxy. To do this, select the groups to
which these users belong and make the application assignments at the group level.

Cannot add groups from other domains

Issue
Propalms Terminal Services Edition exists in an NT 4.0 Master/Resource Domain configuration.
However, the administrator is unable to add users and groups from the Master Domain into the
Propalms Terminal Services Edition system.
Symptom
N/A
Cause
The reason that you cannot add users from the Master Domain is because the Propalms Terminal
Services Edition Service account does not have rights to read objects from the Master Domain.
Resolution
To correct this problem, you have these options:
• You can establish a one-way trust
• You can establish a two-way trust

Propalms Terminal Services Edition Administrator Guide--1 March 2013 304

Troubleshooting
Configuration

• You can deploy Propalms Terminal Services Edition so that the Propalms Terminal Services
Edition Service account exists in the Master Domain.

FIGURE 1. Establish a one-way trust

NOTE
The Propalms Terminal Services Edition Service account must have administrative rights
on Propalms Terminal Services Edition servers in the Resource Domain, and users in the
Master Domain must have logon rights on the Application Servers in the Resource
Domain.

Changing the User Profiles storage location on an Application Server

Issue
The location for user profiles in Windows 2000 is, by default:
%SystemDrive%\Documents and Settings
Underneath this folder, each user will have a sub-folder that contains desktop items, Start Menu
items, temp folders, etc. In some cases, in order to keep users from accessing the system drive,
administrators may want to change the location for user profiles.
Symptom
N/A
Cause
N/A
Resolution
Two registry entries determine the path for the local Default User profile.
The following registry entry sets the name of the directory into which the system stores the Default
User profile:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\DefaultUserProfile Reg_Sz Default value
="Default User"
The following registry entry sets the path in which the Default User folder is stored:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

Propalms Terminal Services Edition Administrator Guide--1 March 2013 305

Troubleshooting
Configuration

NT\CurrentVersion\ProfileList \ProfilesDirectory Reg_Sz Default value

="%SystemDrive%\Documents and Settings"

Configuring SSL for the Management Console and Launch Pad sites
Issue
Configuring the Management Console and Launch Pad sites for SSL.
Symptom
When viewing the Management Console or Launch Pad sites, the user will get the following error
message.
“You're about to be redirected to a connection that is not secure."
Cause
This is normal behavior when an SSL Web site is about to redirect you to a non-https URL.
Resolution
You need to update the CanaveralDB to support SSL. You do this from the Management Console.
In the Management Console, click Options>Administrator and select the SSL Available check
box and click Update. Next, click Options>User and select the SSL Available check box and click
Update.

Supporting multiple domains

Issue
The network in which you deploy Propalms Terminal Services Edition contains multiple domains.
How can users access Propalms Terminal Services Edition if the Propalms Terminal Services
Edition install was to another domain?
Symptom
The Management Console only displays users, groups, servers, or OUs from one domain, the
domain used for the Propalms Terminal Services Edition install.
Cause
You need to add other domains to the Propalms Terminal Services Edition system.
Resolution
Verify or create a trust between the Propalms Terminal Services Edition domain and the new
domain that you will add to the Propalms Terminal Services Edition system. This trust can be one
way or two ways.
• If the domain exists in the same Active Directory Forest, the trust already exists as a
transitive trust.
• You may need to change the lmhosts, WINS, or DNS entries to establish trusts properly
across networks that consist of multiple subnets.
The COM+ user account that was set during the Propalms Terminal Services Edition installation
must have Administrator rights within the domain.
Adding another domain into the Propalms Terminal Services Edition system:
1. Log on to the Management Console.
2. Click Manage>Domains>Add Domain.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 306

Troubleshooting
Diagnostics

3. In the Domain Name field, enter the domain NetBIOS name. Propalms Terminal Services
Edition will add the Domain Type and Domain DNS, as appropriate.
4. Click Next, and then click Add.
You can now add Domain information (pertaining to objects such as groups and OUs) from the
second Domain, and you can provision applications.

Diagnostics
Settings Test failure
Issue
Terminal Server selects the Use connection settings from user settings check box by default.
Symptom
You may receive the following error message:
Propalms Client unable to test the settings correctly.
Cause
If you have cleared this check box, you may receive an error when you run a Settings Test from the
Management Console (Manage>Servers (select a server)>Diagnose Server>Settings Test).
Resolution
1. Click Start>Settings>Control Panel>Administrative Tools>Terminal Server
Configuration>Connections.
2. Right click RDP-Tcp and select Properties from the shortcut menu.
3. Click the Client Settings tab and then under the Connection area, select the Use
connection settings from user settings check box.
4. Click OK to save your settings.

Disconnect
Reconnecting a session after a client loses its network connection
Issue
A client computer with Propalms Terminal Services Edition sessions running loses a network
connection to the Application Server, and the user wishes to reconnect to the disconnected
sessions.
Symptom
The sessions do not show up in the Disconnected Sessions list in the Launch Pad Connections
page.
Cause
This problem can occur after an abnormal connection loss. For example, WTS may take some
time to disconnect a session when the network cable is pulled. However, once the WTS server
notifies Propalms Terminal Services Edition of the disconnected session, Propalms Terminal
Services Edition will change the session status and reflect the new state to the user.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 307

Troubleshooting
Installation

Resolution
It is not possible to change the current behavior. The user must wait a few minutes, and the user
can reconnect to his or her previous session. Users can contact a Propalms Terminal Services
Edition administrator, the administrator can watch for the session status change
(Monitor>Sessions and see Session State), and then notify the user when the session state
changes to disconnect.

Installation
Cannot upgrade Propalms Terminal Services Edition
Issue
A systems administrator cannot upgrade an existing Propalms Terminal Services Edition
installation.
Symptom
When you are upgrading the Propalms Terminal Services Edition software, installation fails to run
and aborts displaying the following message box.

Cause
The administrator has logged on to the server computer as a non-domain user.
Resolution
The user who is performing an upgrade must log on to the computer where Propalms Terminal
Services Edition is installed as a domain user. Additionally, the user who is installing Propalms
Terminal Services Edition, at minimum, must have administrative rights on the local computer.

“Join Team” installation fails

Issue
The Join Existing Team installation sequence fails.
Symptom
The Join Existing Team installation sequence displays “Logged in user is not part of the Propalms
Terminal Services Edition Administrator group” error and fails.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 308

Troubleshooting
Load balancing

Cause
This happens if the Propalms Terminal Services Edition Administrator Group name contains
double byte characters.
Resolution
The administrator can add servers to the Propalms Terminal Services Edition team using the
Console. It does not affect the Console functionality in any way.

Load balancing
Explaining load balancing
Issue
How does Load Balancing work?
Symptom
N/A
Cause
N/A
Resolution
We use the available CPU and memory in our load-balancing algorithm to determine the Server
Rating. The better the Rating, the more likely it is that the particular server will receive the next
application session. Rating=1 is the best rating.
You can view this rating by clicking Monitor>Load Balancers and viewing the Server Rating
column.
If you would like to disable or change the default settings for the load-balancing scheme, click
Options>Load Balancer. Select Update Options and change the number of Processor Available
Cycles and/or one or more of the Memory values that Propalms Terminal Services Edition uses in
its algorithm. Alternatively, you may wish not to use load limits, and you would do this from the
same by clearing the relevant check boxes.

NOTE
Currently, load limits can be set system wide. They are not set on a per application server
basis.

All application sessions are being sent to one server

Issue
Propalms Terminal Services Edition is sending all application sessions to the same server.
Symptom
N/A
Cause
The other servers may be offline or that server may have a higher server rating than the other
servers.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 309

Troubleshooting
Domain-specific issues

Resolution
Look at the server rating. Click Monitor>Load Balancer. Look at the Online Status for the server,
and if a server is offline, then look at the server and either restart the Propalms Terminal Services
Edition Monitor Services service or reboot the computer.
If the rating is higher on the server that is receiving the application delivery requests, then this is
the expected behavior.

Explaining load limits

Issue
How does an administrator use load limits?
Symptom
In the Management Console, if a Propalms Terminal Services Edition administrator clicks Options
and then Load Balancer, entries exist for six types of load limits.
Cause
N/A
Resolution
If a systems administrator wants an Application Server to stop serving out applications when its
available load hits some threshold, then the administrator can use this feature. Use these limits to
ensure that no server becomes too busy to provide good service to the users.

Launching spawned applications

Issue
Applications can spawn other applications. Where do these new applications run?
Symptom
N/A
Cause
N/A
Resolution
The spawned applications run on the server where the original application runs.

Domain-specific issues
Add Active Directory domain running on Windows Server 2003 from a
different forest fails
Issue
Unable to add trusted Active Directory domain running on Windows Server 2003 from 2K domain.
Symptom
Unable to add a trusted Active Directory domain running on Windows Server 2003 to a Propalms
Terminal Services Edition team in an Active Directory domain when the two domains are in
different forests.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 310

Troubleshooting
Ports

Cause
Even when there is two-way trust between domains, an Active Directory domain running on
Windows Server 2003 does not allow any information to be read by a computer that belongs to a
domain in a different forest. This is the result of the default security settings on a Windows Server
2003 domain controller.
Resolution
If you want to use an Active Directory domain running on Windows Server 2003 in a Propalms
Terminal Services Edition team, make sure that the computer where Propalms Terminal Services
Edition Web Server role is installed is a part of the same domain, or is a part of one of the domains
in the same Windows Server 2003 forest.

Ports
Changing the ports on which Propalms Terminal Services Edition runs
Issue
Systems administrators want to be able to specify which ports Propalms Terminal Services Edition
runs on.
Symptom
N/A
Cause
N/A
Resolution
Go to Propalms TSE Management Console> Manage> Servers> Propalms TSE Server>
Update Server and in the Server Information Section change the Terminal Server's Listening
Port to the required Port Number and click on Update.

NOTE
By default Terminal Server and Windows 2003 Terminal Services uses TCP port 3389 for
client connections. Microsoft does not recommend that this value be changed. However, if
it becomes necessary to change this port, follow these instructions. (See these Microsoft
articles for more information)- How to change Terminal Server's listening port: http://
support.microsoft.com/kb/187623; How to change the listening port for Remote Desktop:
http://support.microsoft.com/kb/306759

NOTE
Note: The Remote Desktop Connection Client for the Mac supports only port 3389. 3389 is
the default port.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 311

Troubleshooting
Ports

Identifying ports that must be opened on the client side for Propalms
Terminal Services Edition
Issue
Client computers are not able to connect to any Propalms Terminal Services Edition servers.
You must open specific ports on the client side for Propalms Terminal Services Edition.
Symptom
All connection attempts time out.
Cause
You need to open certain TCP ports to be outbound from the client to the server.
Resolution
Confirm that the following TCP ports are open in the expressed direction based on this chart.
TABLE 1. Table of client-side ports with destinations
Source Destination Port
Client Propalms Terminal Services Edition TCP 80 or TCP 443 (outbound)
Launch Pad Web Server
Client Propalms Terminal Services Edition TCP 3389 (outbound)
Application Server
Client Propalms Terminal Services Edition TCP 4660 (outbound)
Application Server (IFS)

NOTE
The client makes all connection attempts.

When the Single Port Relay Server is deployed and configured to use SSL port 443, confirm that
TCP port 443 (outbound) is open.

Configuring Propalms Terminal Services Edition for use with a firewall

Issue
Client computers are not able to connect to any Propalms Terminal Services Edition servers.
Symptom
All connection attempts time out.
Cause
You must open certain TCP ports for inbound connections to your Propalms Terminal Services
Edition servers.
Resolution
Confirm that the following TCP ports are open in the expressed direction based on this chart. See
"Table of client-side ports with destinations".
When the Single Port Relay Server is deployed and configured to use SSL port 443, confirm that
TCP port 443 (outbound) is open.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 312

Troubleshooting
Product keys

Identify the ports that must be opened on the server side

Issue
Client computers are not able to connect to any Propalms Terminal Services Edition servers.
Symptom
All connection attempts time out.
Cause
Propalms Terminal Services Edition requires certain TCP ports to be open for inbound connections
to your Propalms Terminal Services Edition servers.
Resolution
Confirm that the correct TCP ports are open in the expressed direction based on this chart.
TABLE 2. Table of server-side ports with destinations
Source Destination Port
Client Propalms Terminal Services Edition TCP 80 or TCP 443 (inbound)
Launch Pad Web Server
Client Propalms Terminal Services Edition TCP 3389 (inbound)
Application Server
Client Propalms Terminal Services Edition TCP 4660 (inbound)
Application Server (IFS)

NOTE
The client makes all connection attempts.

Product keys
IFSPort.dll fails to register during the install
Issue
The IFSPort.dll fails to register during the install.
Symptom
You will see an entry in the System Event log:
The Print Spooler service terminated with the following error: The access code is invalid.
Event ID - 7023.
Cause
This may happen if you install corrupt print drivers. You can refer to MSDN articles Q243222 and
Q257493. In some cases, this will happen if any antivirus software is running.
Resolution
There is not a proper fix for this problem, but there is a workaround. Ignore IFSPort.dll registration
failure, and the installation will continue. After the install, you should do the following:

Propalms Terminal Services Edition Administrator Guide--1 March 2013 313

Troubleshooting
Product keys

1. Stop all the Propalms Terminal Services Edition services.

2. Stop and start Print Spooler service.
3. Go to System32 folder and register IFSPort.dll using RegSvr32.exe.
4. Start all Propalms Terminal Services Edition services.

Finding your Product keys

Issue
How do I find my Product Key?
Symptom
N/A
Cause
N/A
Resolution
1. Log on to the Management Console.
2. Click Home>Product Keys.
3. You will see a list of product keys, and you can manage these product keys from this
screen. You can also retrieve product key information by clicking Home>About. This lists
the available product keys.

NOTE

In the event that you need the product key information and the browser interface is
not available, you may extract this information from the SQL database.

4. Launch the SQL Enterprise Manager.

5. Expand the view for a list of Databases.
6. Expand the view for the CanaveralDb database.
7. Select Tables.
8. Right-click the table named Product Keys, select Open Table>Return All Rows from the
shortcut menu.

Managing your Product Keys

Issue
How do I change or upgrade my Product Key?
Symptom
N/A
Cause
N/A

Propalms Terminal Services Edition Administrator Guide--1 March 2013 314

Troubleshooting
Product keys

Resolution
1. Log on to the Management Console.
2. Click Home>Product Keys.
3. Here, you can select and delete existing product keys, or you can add upgrade product
keys.
For more information on Product Keys, refer to Types of Product Keys.

Expiry dates and product keys

Issue
Home>Summary page displays warning about product key.
Symptom
Propalms Terminal Services Edition Administrators get a warning on the Home>Summary page
“Product key will expire in NNN days. If the product key expires (30 days for evaluation key and 60
days for base key), then this message changes to “Product key expired”.
Cause
The base key has expired and the administrator has not activated the system using the Activation
Key.
Resolution
Follow the steps in "Steps for activation" to activate the system.

Unable to add product key

Issue
Administrator is unable to add a new Product Key.
Symptom
When an Administrator tries to add a new product key (either base key, upgrade key or activation
key) through the console, the following error is shown
“Please enter a valid key”
Cause
It might be due to one of the following reasons
• The administrator typed the key incorrectly. Keys are case-sensitive.
• Upgrade keys are tied to the base key and they cannot be used across systems.
• The key entered is not valid for this Propalms Terminal Services Edition installation. It was
generated on some other installation of Propalms Terminal Services Edition.
Resolution
Check if you entered the key correctly.
You cannot use an activation key from some other installation of Propalms Terminal Services
Edition. Upgrade keys are also tied to the base key in the system, if you try to use an upgrade key
from some other system it will not work.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 315

Troubleshooting
Local file saving and printing

For more information on the keys in Propalms Terminal Services Edition system, refer to "Types of
product keys"

Local file saving and printing

Enabling/Disabling local file saving and printing
Issue
How does a Propalms Terminal Services Edition administrator disable local file saving and
printing?
Symptom
N/A
Cause
N/A
Resolution
Perform the following steps:
1. Log on to the Management Console.
2. Click Manage>Connection Settings>Update Options.
3. Set client drive sharing from the Client Drive Sharing list:
• To turn this feature on, select Propalms Terminal Services Edition for Windows 2003
and Propalms Terminal Services Edition or Native for Windows 2008.
• To turn this feature off, select Off.
4. Set client printer sharing from the Client Printer Sharing list:
• To turn this feature on, select Propalms Terminal Services Edition or Native for
Windows 2003 and Windows 2008.
• To turn this feature off, select off.
5. To permit Propalms Terminal Services Edition to manage the devices to your benefit when
you select Propalms Terminal Services Edition as the printer sharing option, select If
Vendor Driver Not Available from the Unidriver list.

Using local file saving

Issue
How does local file saving work?
Symptom
N/A
Cause
N/A
Resolution
Propalms Terminal Services Edition implements an SMB server (Microsoft's Server Message Block
protocol) on the client. This server allows access to client-side drives from Propalms Terminal

Propalms Terminal Services Edition Administrator Guide--1 March 2013 316

Troubleshooting
Printer Drivers

Services Edition applications. Every application server reserves a set of drives (configurable within
the Management Console), for mapping client-side drives.
Within a Propalms Terminal Services Edition application, whenever a file open or save operation is
attempted the client-side drives would be visible as
• C on Client (I:)
• D on Client (J:)
• E on Client (K:)
• and so on.

A user cannot save to a local drive

Issue
Why am I unable to save to my local drive?
Symptom
N/A
Cause
Client drive mapping is disabled in the Management Console; the required port, if operating
through a firewall, is not open for outbound traffic; or you need to restart the Propalms Connection
Manager.
Resolution
This is what you will see if local file saving is working:
• The Local drive C is seen as C: on client (H:)
• The Local drive D is seen as D: on client (I:)
• And so on …
Log on to the Management Console, and click Manage>Connection Settings>Update Settings
and verify that Propalms Terminal Services Edition Drive Sharing is enabled. If it is not enabled,
enable it and click Update. Exit from any launched applications, re-launch an application, and
attempt to save a file again.
If operating through a firewall, you must open port 4660 for traffic outbound from the client side
(and thus, inbound traffic on the server side).
To restart the Propalms Connection Manager, exit from any launched applications, right-click the
Propalms Connection Manager icon in the system tray, and select Exit. Re-launch an application
and attempt to save a file.

Printer Drivers
Adding new driver files to existing directories
Issue
New driver files added to existing driver directories are not recognized.
Symptom
A printer that uses a new printer driver whose files are newly added uses the Propalms Terminal
Services Edition Unidriver instead of the added printer driver.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 317

Troubleshooting
Seamless windows

Cause
The Propalms Terminal Services Edition system checks for new printer driver files when the
Propalms Terminal Services Edition Monitor service starts, and after that, only if the additional
driver path is changed.
Resolution
After adding the printer driver files, specify the path of its subdirectory in the Additional Driver
Path field of the Manage>Servers>Add Roles page.

Seamless windows
Changing the client screen resolution
Issue
It is inadvisable to change a client’s screen resolution while a Propalms Terminal Services Edition
session is running in seamless mode.
Symptom
You may see unpredictable behavior.
Cause
This is a known limitation that Propalms Terminal Services Edition inherits from the Microsoft
Terminal Services Advanced Client ActiveX Control.
Resolution
Users can proceed in this sequence: terminate a session, change the screen resolution for the
client from the Management Console, and then launch a new Propalms Terminal Services Edition
session.

Server problems
Terminal Server license error
Issue
Terminal Server licensing error.
Symptom
When a user logs on and launches an application, Terminal Server Licensing error is displayed.
Further, the event log has an entry for terminal service error.
Cause
When Windows OS is installed it gets 90-120 days grace period to install Terminal License Server.
Till then it keeps issuing temporary licenses. Once the grace period is over it stops issuing new
licenses. Hence the client cannot launch applications.
Resolution
If the licensing grace period is over, install the Terminal Server Licensing service on your Domain
Controller:
1. Select Start>Settings>Control Panel>Add/Remove Programs.
2. Click Add/Remove Windows Components.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 318

Troubleshooting
Server problems

3. Select Terminal Licensing Service, click Next and follow the steps.
4. Activate the License Server.

The icon for the application is incorrect

Issue
The icon displayed for an application is not the correct one.
Symptom
The icon displayed for an application is not the correct one.
Cause
When creating the application, the Management Console could not access the Application Server.
This may happen if the Application Server is down when you added an application or if you have
not yet specified an application server for that application. Additionally, you may have failed to
select an .exe or you may have selected an incorrect .exe, which would cause an incorrect icon to
display.
Resolution
This is as designed.
To add the application icon after you create the application, perform the following
steps:
1. Check that the application has at least one application server assigned to it.
2. Click on the Manage>Applications.
3. Select an application and click Update Application.
4. Select an updated Application Path.
5. Click Update.
The new icon will now be associated with the application.

Primary Database Server is down

Issue
The administrator cannot make any updates to the system.
Symptom
The Home>Summary page displays an issue that the Primary Database Server is down. The
Console displays an error if the administrator tries to update the system.
Cause
The Primary Database Server fails or is offline.
Resolution
The administrator should open the Monitor>Database Connections page. This page shows the
database connection status for all the Database Servers. The administrator can now take a
decision whether to promote the Backup Database Server, or to take down the Primary for
maintenance and bring it up again.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 319

Troubleshooting
Server problems

Add server fails

Issue
The Add Server operation fails.
Symptom
The Add Server function of Manage>Servers>Add Server fails with an error:
Remote Install Failed.
Cause
This could be because the administrator account supplied to the Console Add Server sequence
has never logged into the remote server and the MSI service requires that the profile for the
account running the .msi exist on the server. Thus, the operation fails as no account profile exists
on the remote server for the Administrator account that is operating on the Management Console.
Resolution
Go to the remote server, log on, log off, and then attempt the Add Server operation again.

Server shutdown
Issue
If you shut down the computer that runs any Propalms Terminal Services Edition server, the server
might still appear with an Online status in the Management Console.
Symptom
While shutting down computer the Propalms Terminal Services Edition Server may be unable to
update its offline status in the Propalms Terminal Services Edition database, so the server status
may show as Online for zero to four minutes. At that point, Propalms Terminal Services Edition will
detect that the server is offline.
Cause
When Propalms Terminal Services Edition shuts down and attempts to update the Propalms
Terminal Services Edition database with the server’s new offline status, this attempt may fail.
The system does not consider dependencies when it shuts down a server, so the services that
Propalms Terminal Services Edition requires to send the database update (RPCSS and
Workstation) are frequently unavailable. Those services may already be shutdown.
Resolution
If you need to shut down a server it is recommended that the server be explicitly disabled using the
Update Server Status link in the (Manage>Server, select server>Change Status>Disable).

Installs on remote servers fail

Issue
Add Server, Add Role, and Upgrade Server operations fail on remote servers.
Symptom
• The Add Server function of Manage>Servers>Add Server fails with an error:
Remote Install Failed

Propalms Terminal Services Edition Administrator Guide--1 March 2013 320

Troubleshooting
Server problems

• The Add Role function of Manage>Servers>Add Role fails. The Manage>Servers page
displays the status of the role as The administrator can look at the Propalms Terminal
Services Edition log file on the server on which the role was being installed to debug.
Cause
The Depot may be secured with SSL.
Resolution
On the Web Server, allow plain HTTP access to the Depot folder, even if other folders are marked
as HTTPS. Try the operation again.

NOTE
To verify that the Depot is accessible using the Web browser (IE), type in
http:/<web server name>/Depot/Propalms-TSE-Roles.msi
in the browser, and see if the File Download dialog opens for Propalms-TSE-Roles.msi.

Diagnose Server error

Issue
Diagnose Server displays misleading error.
Symptom
Clicking Diagnose Server on the Manage>Servers page displays an error message "Propalms
Terminal Services Edition is unable to remote control user sessions."
Cause
This happens when you diagnose a server on which you have configured the Windows Terminal
Services for remote control without user’s permission.
Resolution
Confirm the cause and ignore the error. For more information, refer to "Notifying end users of
session shadowing bids".

Incorrect Application Server Status

Issue
Propalms Connection Manager displays incorrect status for an Application Server.
Symptom
The Monitor>Load Balancer page of the Management Console consistently displays the running
status of one of the Application Servers as FALSE. The Propalms Terminal Services Edition
Monitor service is running on the Application Server and restarting the service or the Application
Server does not display the correct status.
Cause
This is a Windows WMI utility related issue.
Resolution
Run wmiadap.exe with the /f option to create the required WMI classes.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 321

Troubleshooting
Server problems

“Object Expected” Error

Issue
Console displays “Object expected” error.
Symptom
The administrator is able to log on to the Console and access the respective overview pages by
clicking a tab, but when the administrator clicks a link on any of the Console pages, the Console
displays Server Problem page with “Object expected” error.
Cause
This happens when the status of the AspAllowSessionState flag is set to False, possibly by the IIS
Lockdown tool.
Resolution
Do the following:
1. Run the following command from the command prompt.
cscript c:\inetpub\adminscripts\adsutil.vbs SET W3SVC/1/
AspAllowSessionState TRUE
2. Select Start>Programs>Administrative Tools>Internet Services Manager.
3. Right-click your computer name and select Restart IIS from the shortcut menu.

Dashboard page does not work on Windows 2012

Issue
Dashboard page does not work in TSE Management console on Windows 2012 TSE WEB server.

Symptom
The Home>TSE Dashboard page of the Management Console does not work.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 322

Troubleshooting
Server roles

Cause
TSE installer fails to install .NET 2.0 and 3.5 framework on Windows 2012 server. As a result the
TSE Dashboard page may not work on Windows 2012.
Resolution
To resolve this, install the .Net framework manually on the Windows 2012 server through Server
Manager- Add Roles - Features option. You may need to specify the source path for the .Net
framework install files, available on the 2012 server install media in the \Sources\Sxs folder.
Once .Net 2.0 is installed, run the NMRegNetConsole script available in the Console directory of
TSE WEB server \Inetpub\wwwroot\Console folder.
Run the script from an Admin Command prompt and then do a ‘iisreset’.This will register the
required .NET version with the TSE Console Web directory in IIS.

Server roles
Problems adding the Application Server role
Issue
I receive an error when I try to push or add the Application Server role to my server.
Symptom
The error is as follows:
Sorry, an error occurred while trying to update the Propalms Terminal Services Edition installation
on this server.
Install not possible, please check that the server can handle this role.
Cause
Windows Terminal Server is in the wrong mode, it must be in Application Server mode.
Resolution
To check the Terminal Server Mode of your server, do the following:
1. Select Start>Programs>Settings>Control Panel>Administrative Tools and select
Terminal Services Configuration.
2. Select Server Settings from the left pane, and then in the right pane, look at the Terminal
server mode.
3. The attribute for the Terminal server mode should say Application Server. If the attribute for
the Terminal server mode says Remote Administration, then use Add/Remove
Programs>Add/Remove Windows Components to change the server mode.

Propalms Terminal Services Edition Server roles

Issue
What is a server role?
Symptom
N/A

Propalms Terminal Services Edition Administrator Guide--1 March 2013 323

Troubleshooting
Shadowing

Cause
N/A
Resolution
With almost any software solution, there are proprietary components that are necessary to achieve
functionality. The Propalms Terminal Services Edition server roles are components or services
necessary for Propalms Terminal Services Edition to function. When you are managing your
servers from the Management Console, you can view or update the active server roles for each
server. A list of the various server roles follows:
• Web Server
• Load Balancer Server
• Application Server
• Relay Server
For more information on these roles, see Ticketing Authority.

Shadowing
A single session can only be shadowed once
Issue
Can multiple administrators shadow one session simultaneously?
Symptom
N/A
Cause
N/A
Resolution
No, a session can be shadowed only once at any given time.

Shadowing privileges and permissions

Issue
Do you need to be a Propalms Terminal Services Edition Administrator to shadow a session?
Symptom
N/A
Cause
N/A
Resolution
Yes, you must be a Propalms Terminal Services Edition Administrator to shadow a session. Peer
shadowing is forthcoming in a future release.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 324

Troubleshooting
Shadowing

Notifying end users of session shadowing bids

Issue
Can a session be shadowed without the end user knowing?
Symptom
N/A
Cause
N/A
Resolution
Yes, using a specific Windows Terminal Server feature in conjunction with Propalms Terminal
Services Edition, you can do this.
No, using Propalms Terminal Services Edition alone, you cannot do this. When an administrator
attempts to shadow a session, the user receives a prompt to approve the request, which will
successfully establish the shadow session.
If you would like to shadow a session without a prompt appearing to the client, you must follow this
procedure.
1. Select Start>Programs>Administrative Tools>Terminal Services Configuration.
2. Select Connections, and then select RDP-TCP.
3. Click the Remote Control tab, clear the setting for Use Remote Control With The
Following Settings, and verify that the Require User’s Permission check box is cleared.

NOTE
If you click Diagnose Server on the Manage>Servers page after selecting a server on
which you have configured the Windows Terminal Server feature as above, you get an
error message "Propalms Terminal Services Edition is unable to remote control user
sessions."

Using a WTS Client for shadowing

Issue
Why would the WTS Client download when I am simply shadowing a session?
Symptom
When a Propalms Terminal Services Edition Administrator tries to shadow an active session, you
may see the Client installation start.
Cause
N/A
Resolution
This is as designed.
When a Propalms Terminal Services Edition Administrator attempts to shadow an active session,
he or she is actually launching a WTS session. Therefore, that administrator needs a Client.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 325

Troubleshooting
Shortcuts

Shortcuts
Explaining the timing of shortcut creation
Issue
When does Propalms Terminal Services Edition create the shortcuts?
Symptom
N/A
Cause
N/A
Resolution
The administrator may enable or disable shortcut creation.
To enable or disable shortcut creation:
1. Log on to the Management Console.
2. Click Options>User.
3. Under the Features area, select a shortcut option for the Shortcuts drop-down list.
4. The shortcut parameters operate this way.
• If the administrator selects None, the user will see no shortcuts.
• If the administrator selects All, the user receives shortcuts for all applications and
these shortcuts appear on the user’s desktop under the Windows Start menu.
• If the administrator selects User’s Choice, a user can customize his own or her own
interface. The user can decide which applications will have shortcuts and where those
shortcuts will appear.
After a user logs on to a site and after the Client install, a user can log on to the Launch Pad and
manage the shortcuts from the Options page. If the user deletes the shortcuts using the Propalms
Connection Manager, then the shortcuts will return when the user does one of the following: logs
on to the Client system, exits from and returns to the Launch Pad, or initiates a Refresh from the
Connection Manager.
If a user logs on to a client computer as a different user, then Propalms Terminal Services Edition
will prompt the user for a username, password, and domain name to access the application.
The user must enter the login information of the person who owns these application shortcuts or
the shortcuts will not work.

File associations
File associations do not work as expected
Issue
User reports an issue related to file associations.
Symptom
The user is not able to open a document with file association.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 326

Troubleshooting
File associations

Cause
Adding or removing a server after the administrator has added an application affects file
associations. Besides, after the Administrator has provisioned an application, the file associations
on the Application Server may change.
Resolution
Update the file associations for the application from the Manage>Application>Update File
Associations page. This will once again look at all the servers and get the intersection of
applications.

IFS error
Issue
File associations are not working even though the user has enabled them.
Symptom
The following message box is displayed when a user tries to open a document with file
association.

FIGURE 2. Propalms Terminal Services Edition IFS disabled error

Cause
This error message appears if Propalms Terminal Services Edition IFS is not running, or if the RDP
IFS is enabled. For file associations to work, the connection settings for the application should be
such that they allow IFS.
Resolution
In order to achieve this, the administrator should assign the application the Connection Settings
with the Client Drive Sharing set as Propalms Terminal Services Edition. For more information on
Connection Settings, refer to "Connection settings".

Launch Failed error

Issue
Application launch fails while opening a file with file associations.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 327

Troubleshooting
File associations

Symptom
The following message box is displayed when the user tries to open a document with file
association.

FIGURE 3. Launch Failed error

Cause
This error message appears if the file association does not exist on the Application Server.
Resolution
The user can choose to open the file with another application on the Server, or open a local
application for the current session. The user can also choose to use the local application for all
future launches in the current session.

Load Balancing Failed error

Issue
Application launch fails while opening a file with file associations.
Symptom
The following message box is displayed when the user tries to open a document with file
association.

Cause
The administrator provisioned an application with a file association. Then the administrator may
have associated another application with the same file extension on the Application Server, and
then provisioned this second application with the same file association as the first one.
As an example, consider the case when the administrator provisions Notepad with .txt file
association. Then, the administrator associates WordPad on the Application Server with .txt by

Propalms Terminal Services Edition Administrator Guide--1 March 2013 328

Troubleshooting
SQL Server

modifying the registry. Subsequently, after the Propalms Terminal Services Edition Engine restarts
due to reboot or any other reason, the administrator provisions WordPad with .txt file association.
Resolution
Update file associations from the Manage>Applications>Update File Associations page of the
Console, for the application that was originally provisioned with the file association that was
changed in the registry; in our example, update file associations for Notepad to remove the
association of .txt file extension.

Correct icons not displayed

Issue
The client computer does not display correct icons according to file associations for the files.
The client computer does not display correct icons for the files after removing file association for
documents for an application.
Symptom
The user reports that the correct icons as per file associations are not displayed for the documents
after enabling file association for documents for an application or the original icons are not
displayed after removing file associations.
Cause
This is standard Windows behavior after changing icons.
Resolution
On the client computer, do the following:
1. Press Ctrl+Alt+Del and click Task Manager.
2. Click the Processes tab.
3. Select explorer.exe and click End Process.
4. Click Start>Run.
5. Type explorer in the Open field and click OK. The correct icons should now be
displayed.

SQL Server
SQL server connection problem after an upgrade
Issue
You have recently upgraded you Propalms Terminal Services Edition software and now Propalms
Terminal Services Edition is unable to communicate with the SQL server.
Symptom
Problems exist with the communication between the SQL server and Propalms Terminal Services
Edition.
Cause
The connection string for the SQL server was input to the Propalms Terminal Services Edition
install/upgrade program in the wrong format.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 329

Troubleshooting
Windows Terminal Services settings and seamless windows

Resolution
Reinstall or re-upgrade Propalms Terminal Services Edition and do not use the DNS name in the
SQL connection string. Use the computer name alone in the connection setting. Do not use a
string that shows both the computer name and domain information. For example, do not use a
string in this format:
machine-name.dept.server.company.com
Do use a string that shows only the computer name. For example, use a string in this format:
Machine-name
To find the correct name of the server that runs the SQL server, click My Computer, click the
Network Identification tab, click Properties, and copy the value that appears in the Computer
Name box.

Windows Terminal Services settings and seamless windows

A WTS session cannot launch application in an NT 4 environment
Issue
User(s) cannot successfully launch an application in an NT 4 environment and the effort shows the
server’s desktop.
Symptom
The user will notice the logon to the WTS server and may notice the logon script completing in a
window that shows the desktop. The application launch window will continue showing only the
server’s desktop.
Cause
The WTS settings associated with the user account is preventing a successful launch of the
application.
Resolution
On the Windows 2003 computer that is the Application Server, click Start>Run. Type
usrmgr.exe and click OK. View the User Account properties for the username in question. Click
TS Config>Initial Program and select the Inherit Client Settings option.

Windows Terminal Services session with seamless windows

Issue
How do I enable/disable the WTS session window?
Symptom
When I launch an application, my application runs within a window.
Cause
You may need to enable Seamless Mode.
Resolution
When adding or updating an application, Seamless Windows is an option that appears in the in the
Management Console under Options>Connections Settings. If the option for Seamless
Windows is enabled, then the application will appear and operate as if it were running locally on
the client computer. If Seamless Windows is disabled, the application will run within a WTS shell.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 330

Troubleshooting
Launch Pad

Launch Pad
Slow logon
Issue
Slow logon to Console and Launch Pad.
Symptom
Logon to the Console and Launch Pad takes more than a minute.
Cause
The logon to Console and Launch Pad uses the domain NetBIOS name to communicate with the
domain. Using the NetBIOS name to attempt to resolve an AD domain can take some time.
Resolution
Check for wrong DNS suffix entries in TCP/IP network properties on the Web Servers.
To check the DNS entries:
1. Right click My Network Places on the desktop and select Properties from the shortcut
menu.
2. Right click the local area connection and select Properties.
3. Select the Internet Protocol (TCP/IP) check box and click Properties.
4. Click Advanced, click the DNS tab, and verify the DNS entries on the Advanced TCP/IP
Settings window.
5. Click OK.

IE setting for SharePoint server

Issue
Client computers cannot login to Launch Pad Web part in SharePoint Portal Server.
Symptom
Even after entering correct credentials on the Login page, a user is not able to login to Launch Pad
Web part in SharePoint Portal Server and is returned to the Login page.
Cause
Internet Explorer settings do not allow third party cookies.
Resolution
On the client computers, open Internet Explorer and change settings to allow third party cookies by
changing either the Privacy settings or the Security settings.
Changing Privacy Settings
1. Select Tools>Internet Options.
2. Click the Privacy tab.
3. Move the Privacy Preferences slider down to set the privacy level for Internet to Low.
4. Click OK to allow all third party cookies.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 331

Troubleshooting
Work around for print drivers listed as bad drivers in the Propalms

Changing Security Settings

1. Select Tools>Internet Options.
2. Click the Security tab.
3. Select Trusted Sites Web content zone and click Sites to open the Trusted sites window.
4. In the Add this Web site to the zone field, enter the domain or IP address of the Launch
Pad Web site.
5. Click Add to add the site and then click OK to exit the Trusted sites window.
6. Click Custom Level to open the Security Settings window.
7. In the Reset custom settings area, select Low from the Reset to list.
8. Click OK to exit the Security Settings window.
9. Click OK to save the settings.

Security settings error

Issue
Insufficient rights, security settings of browser.
Symptom
The following message box is displayed when you try to launch the Launch Pad or Console.

Cause
This is because of the security settings of the browser.
Resolution
Make the appropriate security settings.
1. Open the Internet Explorer.
2. Select Tools>Internet Options, and click the Security tab.
3. Click Custom Level and for Scripting of Java applets security setting, select the Enable
option.
4. Click OK.

Work around for print drivers listed as bad drivers in the

Propalms TSE system
Certain print drivers that cause print spooler crashes or blue screen symptoms are listed as bad
drivers. However, it sometimes becomes necessary to have these bad drivers installed on terminal
servers for proper mapping of client side printers.
In the example below HP LaserJet 4050 Series PS printer is a known bad driver, it is listed in the
BadDriverForW2k3.inf on the TSE web server depot folder. The steps below will help removing the

Propalms Terminal Services Edition Administrator Guide--1 March 2013 332

Troubleshooting
Work around for print drivers listed as bad drivers in the Propalms

entry from the BadDriver.inf file and forcing Propalms TSE to use the correct vendor driver instead
of the alternate good driver mapped in the file.
Please be aware that installing and using print driver listed in the bad drivers list may cause
potential server and print spool problems when installed on TSE servers.
Example
a) We found that the print driver HP LaserJet 4050 Series PS is listed as a bad in the
BadDriverForW2k3.inf file on C:\Inetpub\wwwroot\depot folder.
b) According to the BadDriver.inf file, the alternate suitable print driver for the printer is HP
LaserJet 4 and hence it installs the HP LaserJet 4 driver.
Either follow Option 1 or Option 2 below:
Option 1
1. Open the BadDriversForW2K3.inf file in a Notepad window.

2. Delete the below entries.

"HP LaserJet 4050 Series PS" = "HP LaserJet 4"
"HP LaserJet 4050 Series PS" = "HP LaserJet 4050 Series PCL"
If required delete entries for other print drivers or change the alternative print driver.
NOTE: The left side consists of bad drivers and right side consists of good drivers.
3. In Printer Driver Management (PDM) go to the Tools> Update Bad Drivers List menu item. The PDM will re-
load the Baddriver.inf file from the
depot into the CanaveralDB database.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 333

Troubleshooting
Work around for print drivers listed as bad drivers in the Propalms

This operation will take some time. The PDM will display a confirmation screen once the import completes.

Option 2
Alternatively, if you wish to change a single print driver entry you can do so from the database
directly but remember, updating the bad driver
information from PDM Tools > Update Bad Driver List will overwrite the information stored in
CanaveralDB with the information stored in the depot
folder on the TSE web server.
Steps for changing through CanaveralDB:
1. Go to table ObjBadPrinterDriver in the database.

2. Open table using in the right click Open Table > Return All Rows menu item.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 334

Troubleshooting
Some important tips for a stable Propalms TSE DMZ-SPR role

3. Under Driver name column, go down to the "HP LaserJet 4050 Series PS" driver.

4. Delete the complete row holding that entry.

5. Delete additional entries for other print drivers if required.
6. Restart Propalms TSE Monitor on all APP servers.

NOTE
NOTE: Restart of monitor service is required only if printer mappings are added, deleted or
edited in the CanaveralDB database directly.

Some important tips for a stable Propalms TSE DMZ-SPR

role installation
1. The server which will run the DMZ-SPR role should not have IIS installed. As it tends to lock port
443 for its use.
2. No anti-virus or backup utility should be installed.
3. It would be ideal not to have the DMZ server made a member server of the internal domain. It
should be a standalone server only capable of communicating with the internal TSE web server
and TSE app Servers.
4. The account used as the DMZ-SPR service account should be made a local administrator on
the DMZ -SPR server.
5. The IP scheming used for the mapping or routing of the Public IP to the Internal IP (The IP
associated on the NIC of the DMZ server) should be kept as simple as possible.
Example: If IP P.x.x.x is a Public IP that will made available on the internet and IP I.x.x.x is the
Internal IP for the DMZ box then, there should be one to one communication between these two
IP's on the specified port used as the DMZ-SPR port. The Public IP could be an IP configured on a
router, or NAT IP or a live IP associated on the second NIC of the DMZ SPR box.
6. There is a DMZ-SPR patch that needs to be implemented if the Public IP is a virtual or NAT IP
address. The details of the patch are listed below.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 335

Troubleshooting
Some important tips for a stable Propalms TSE DMZ-SPR role

7. Now before installing the DMZ SPR make sure you can ping the internal IP of the TSE web
server without any packet drops and also TELNET to the http or https port of the internal web
server.
8. The firewall that stands between the internet world and the Public IP should have the DMZ-SPR
port open. Ensure that there is no kind of port content filtering being done on the DMZ-SPR port.
Ensure that the DMZ_PORT on the published IP is correctly mapped to the corresponding port on
the Internal IP of the DMZ server.
9. In the firewall between the DMZ-SPR box and the internal secured network, it should have the
following ports open: RDP 3389, IFS 4660, HTTP/S 443 and 80.
10. None of the internal TSE servers (Web, App and LB) should have any published address or
Public IP address.
11. After the DMZ -SPR role has been successfully installed, go to the console and specify the
Published IP for the DMZ-SPR server. This will be the IP that the client will hit to get access to the
LaunchPad site over the internet.
12. In the field "Traffic on published address is forwarded to this address" specify the Internal IP of
the DMZ SPR server. It is the same IP as shown in the internal IP field.

13. Check the box in the "Disable best internal address discovery" field.
14. The Internal IP field will be automatically populated.
15. Please exclude all IIS and Tarantella folders on all the TSE servers Web, LB and App from all
active and scheduled scanning routine of antiviruses or backup software. Also the database server
hosting the CanaveralDB Database should be excluded from anti-virus and the database backup
should be taken only during offline hours when there are no users connected.
16. If you have a backup DB set up in your TSE system then ensure that you do not configure
Tasks through TSE console to do database synchronization during hours when the TSE system is
in use.
Some useful information:
Published address
When you specify a server IP address or fully qualified domain name (FQDN) in this field, a client
will use this address to connect to this server. If you do not specify an address in this field,
Propalms TSE routes the client connections to the Internal IP address.
If you specify a published address, be sure to specify an address that is available to a client
because a server may have several IP addresses and some of these addresses may be
unavailable for client connections.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 336

Troubleshooting
Creating static print driver mapping through the PDM utility

Traffic on published address is forwarded to this address

In certain network configurations application servers do not have an actual Public IP address, but
certain rules can be set on Routers or Firewalls such that traffic on a particular published address
is routed to a certain internal address. In such cases if nothing is specified in this field, then the
DMZ-SPR will try to bind to the address specified in the public IP address field. This will fail
because that machine does not actually have any such IP address. So system administrator must
specify an Internal IP address in this field through which the DMZ-SPR should communicate with
the internal network. This field may contain the same address as specified in the internal address
field, or if there are more network interfaces then the administrator can choose a specific internal
address.
The address specified in this field must exist on this particular machine, in other words the address
specified in this field must be one of the IP addresses displayed when you execute ‘ipconfig /all’
command on this particular machine.
Disable best internal address discovery
By default, Propalms TSE will discover the best address to use for its internal communication. If
you wish to specify a particular address, clear this check box to disable the discovery mechanism
and enter an Internal IP address or DNS name in the Internal address to use field.
Internal address to use
Members of the Propalms TSE team use this address to communicate with each other. Enter the
Internal IP address, NetBIOS name, or FQDN name in this field. If you do not specify an internal
address, Propalms TSE will use the address that best communicates with your database server.

Creating static print driver mapping through the PDM

utility
Say “HPbad” (HP LaserJet 4050) is the print driver on the client side for the printer in question and
“HPgood” (HP LaserJet 4050 Series PCL) is the
right print driver to be used on the terminal server.
Now steps to be followed in PDM utility:
1. Install the “HPgood” driver manually on all the TSE App server through Add Printer option.
2. In PDM click on the Tab Tool > Refresh Installed drivers menu item.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 337

Troubleshooting
Creating static print driver mapping through the PDM utility

3. Now in the Mappings option, click on the ADD option.

4. Choose the correct TSE App Server operating system in the first drop down list.
5. In the client server driver list choose the "HPbad" driver
6. In the server side driver choose "HPGood" driver.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 338

Troubleshooting
Event Log

7. Exit out of PDM after ensuring that the mapping details are correct.

Event Log
This section lists some event log messages and the sections of this guide that can provide you
more information on the message.
TABLE 3. Event log messages
Message Reference
Error: CuLogic - Propalms Terminal Services Edition Identity account cannot "Prerequisites"
retrieve user group membership information from domain <domain name>.
Possible causes include the identity account not having sufficient permissions to
access information in Directory. To correct this problem, refer to section 'Concepts -
Active Directory Synchronization - Prerequisites' in the Propalms Terminal Services
Edition Administrator Guide.
Error: HRESULT. Incremental data synchronization from Primary Database to "Synchronization
Backup Database has failed. Please synchronize Backup database through of the Backup
Management Console. Database
Server"

Propalms Terminal Services Edition Administrator Guide--1 March 2013 339

What’s in this chapter?

Installing WBT Add-on for Wyse CE 2.12

or Wyse CE .NET with Rapport

What’s in this chapter?

This chapter addresses an administrator's interactions with the Wyse Rapport software, and it
explains how administrators use this software to push the Propalms Terminal Services Edition TSE
WBT add-on for Wyse/WinCE 2.12 or Wyse CE .NET to many user terminals concurrently.

Getting Started
This section tells you how to obtain files and how to push them through Rapport to the Wyse CE
2.12 or Wyse CE .NET terminals. In terms of Wyse Rapport tasks, these instructions are only
skeletal, so you may need to obtain your Rapport software documentation to see step-by-step
procedural instructions.
Requirements
You will need three sets of files.
First, for Rapport, you will need the following files, which you can download from Wyse
Technology Inc., www.wyse.com:
• Wyse Rapport 3.02 (the Service Pack, SP 1 is optional)
• Wsnmp.tpl, version 33 or greater
Second, for the Wyse terminal image, you will need to obtain an image file from Wyse. Obtain the
image that is appropriate for your Wyse terminal model.
Files for different Wyse model numbers will have different names too; however, for all models you
will need files with the following extensions and a params.ini file, which you can download from
Wyse, www.wyse.com:
• <file name for your CE or CE .NET model>.rsp
• <file name for your CE or CE .NET model>.wye
• params.ini
Third, for the Propalms Terminal Services Edition TSE add-on, you will need to download the
appropriate files from the download page, http://www.Propalms.com/products.
For Wyse CE 2.12, click Download from the Propalms Terminal Services Edition TSE WBT add-
on for Windows CE 2.12-based Wyse terminals section of the Download page to receive these
files:
• Propalms-TSE.rsp
• Propalms-TSE\Propalms-TSEaddon.bin
• \Propalms-TSE\Params.ini

Propalms Terminal Services Edition Administrator Guide--1 March 2013 340

Getting Started

For Wyse CE .NET, click Download from the WBT Add-on for Windows CE .NET-based Wyse
Terminals Download section of the Download page to receive these files:
• Propalms-TSE.rsp
• Propalms-TSE\Propalms-TSEaddon400.bin
• Propalms-TSE\Params.ini

Using Rapport to push the Propalms Terminal Services Edition TSE add-on
The following procedures explain how to push the Propalms Terminal Services Edition TSE add-on
to Wyse CE or Wyse CE .NET terminals using the Wyse Rapport software.
As you proceed to register and distribute the software, remember, if you are distributing software
packages to Write filter enabled clients, you must disable the Write filter prior to sending updates.
This is necessary to ensure that you save the updates to the client’s physical Flash memory.
You must re-enable the Write filter after you finish placing the new software on the devices.

NOTE
You should perform this procedure on a test device before you implement this procedure
in the production environment.

Enabling Rapport for Propalms Terminal Services Edition TSE

1. Obtain the download from the Propalms Web site.
2. Ignore the documentation that downloads with the Propalms Terminal Services Edition TSE
files and continue to use this Rapport document.
3. Extract the downloaded files.
4. On the Rapport server, replace the wsnmp.tpl file with the .tpl file that comes with the
download.
5. Start Rapport.
Pushing the WYSE factory image to the terminals
This is an optional step.
1. Obtain the required files for the terminals from the Wyse Web site.
• <file name for your CE or CE .NET model>.rsp
• params.ini
• <file name for your CE or CE .NET model>.wye
See the Wyse documentation for instructions on registering software packages.
2. From the Rapport console, drill down in the directory tree to the following path:
Rapport\rapport\software manager\CE images
3. From the CE image, create a new software package, to re-image the client’s flash memory.
4. Drag and drop the software package onto the Client Manager to send the image to the
devices.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 341

Getting Started

Pushing the Propalms Propalms Terminal Services Edition TSE from Propalms add-on to
the terminals
1. Obtain the required files from the directory that received the download from the Propalms
web site. For more information, see "Enabling Rapport for Propalms Terminal Services
Edition TSE".
For Wyse CE 2.12:
• \Propalms-TSE.rsp
• \Propalms-TSE\Propalms-TSEaddon.bin
• \Propalms-TSE\Params.ini
For Wyse CE .NET:
• \Propalms-TSE.rsp
• \Propalms-TSE\Propalms-TSEaddon400.bin
• \Propalms-TSE\Params.ini
See the Wyse documentation for instructions for registering software packages.
2. From the CE add-on, create a new software package using the \Propalms-TSE.rsp file.
3. From the Rapport console, drill down in the directory tree to the following path:
Rapport\rapport\software manager\CE addon
4. Drag and drop the software package onto the Client Manager to send the add-on to the
devices.
Creating a master template terminal
An administrator must create a master CE or CE .NET device that will establish the required
Propalms Terminal Services Edition TSE connections and will provide an administrator with data to
send to multiple CE or CE .NETdevices.
1. Install the Wyse image. This first step is optional. For more information, see "Pushing the
WYSE factory image to the terminals".
2. Install the add-on. For more information, see "Pushing the Propalms Propalms Terminal
Services Edition TSE from Propalms add-on to the terminals".
3. Configure your device to meet your requirements.
Obtaining the configurations from the master template terminal
The administrators must obtain the connection configuration from the master template before they
send it to other terminals.
1. From the Rapport Console, drill through the Software Manager to the Client Configuration,
and select the GetCEcfg folder, which resides in:
Rapport\rapport\software manager\Client Configuration
2. Drag and drop the GetCEcfg onto the Client Manager.
3. At the prompt, select the terminal that will act as the master terminal. You will pull the
configuration from this terminal.
4. Follow the instructions in the Wyse dialog boxes to complete this task.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 342

Getting Started

NOTE
For additional information, see the Rapport documentation provided by Wyse Technology
Inc.

Sending configurations to all of the terminals

To create all of the terminals, you must do the following:
• Send an image file
• Send a Propalms Terminal Services Edition TSE client
• Send the CEcfg
An administrator must send the connection configuration to all other terminals.
1. In the getCEcfg folder, locate the settings.reg file.
2. Drag the settings.reg file from the getCEcfg folder to the sendCEcfg folder.

NOTE
A common start location is C:\Inetpub\ftproot\Rapport\GetCEcfg.
A common destination location is C:\Inetpub\ftproot\Rapport\SendCEcfg.

3. Click on the sendCEcfg folder, which resides in:

Rapport\rapport\software manager\Client Configuration
4. Drag and drop sendCEcfg onto the Client Manager.
5. At the prompt, select the terminals that are to receive the configuration.
6. Follow the instructions in the Wyse dialog boxes to send the configuration to these
terminals.
Re-enabling the Write filters
An administrator must re-enable the Write filters after distributing software packages to the clients.
If the administrator leaves the Write filter disabled, the clients no longer have protection and may
be susceptible to flash memory corruption.
Considerations
When you use Wyse Rapport to distribute the Propalms Terminal Services Edition TSE clients to
many clients from the server, this procedure is all you need. You not need use the procedures that
appear in either "Propalms Terminal Services Edition TSE Installing WBT Add-on for Windows CE
2.12-based Wyse Terminals" or "Installing WBT Add-on for Windows CE .NET-based Wyse
Terminals", those procedures are just for loading a Propalms Terminal Services Edition TSE client
onto a single client from that client.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 343

Installing Propalms Terminal Services Edition TSE Client on
What’s in this chapter?

Installing Propalms Terminal Services

Edition TSE Client on Embedded terminals

What’s in this chapter?

This chapter explains the minimum requirements for Wyse Windows NT Embedded 4.0 and Wyse
Windows XP Embedded terminals to operate as clients for Propalms Terminal Services Edition
TSE . It also explains how to install the Propalms Terminal Services Edition TSE software.

Getting Started
Requirements
The minimum requirements for flash and RAM for the Wyse Windows NT Embedded 4.0 terminal
are 96-MB flash and 96-MB RAM. As of the product release date, you can have any of the
following terminals configured to meet this requirement: Winterm 8235LE, 8360SE, 8440XL, and
8630LE. In the future, look for other Wyse NT Embedded 4.0 terminals that meet the minimum
requirements for flash and RAM.
The minimum requirements for flash and RAM for the Wyse Windows XP Embedded terminal are
192-MB flash and 256-MB RAM. As of the product release date, you can have any of the following
terminals configured to meet this requirement: Winterm 9440XL or 4235LE and also model
number WT9235LE with WYSE XP Embedded v2002. We have also tested In the future, look for
other Wyse XP Embedded terminals that meet the minimum requirements for flash and RAM.
In case of Wyse Windows XP Embedded terminals, the free RAM size should be at least 8MB. If
you do not have that much space, you may do one or more of the following:
1. Remove unwanted software.
2. Delete the temporary Internet files.
3. Select Control Panel>Ramdisk and on the Ramdisk Configuration dialog box reduce
the current Ramdisk size.

Installation
The installation of the Propalms Terminal Services Edition TSE client is slightly different for a
Windows XP Embedded terminal from that for a Windows NT Embedded 4.0. However, for either
platform, you should first disable the Write filter.
Disable the write filter
Disable the write filter for the duration of the installation and then enable it again, disable it as
follows:
1. Log on to the Wyse terminal as an administrator.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 344

Installing Propalms Terminal Services Edition TSE Client on
Getting Started

2. Select Start>Settings>Control Panel>Administrative Tools and double-click Write

Filter. You may also select Start>Programs>Write Filter.
3. Click Flush Cache and wait while the cache is flushed.
4. Select the Disable Write Protect check box when it is enabled after the cache is flushed.
5. Click Exit.
6. Restart the terminal.
Install Propalms Terminal Services Edition TSE on Windows Embedded Terminal
If you are working with a Windows embedded terminal, follow this procedure.
1. Log on to the terminal as an administrator.
2. You will need administrator privileges for the installation, but you can use normal user-level
privileges for general operations.
3. Locate a copy of the iQclntmgrNT.exe.
This is a separate installation program for the NT-embedded terminals. You may find this
program on the Propalms Terminal Services Edition TSE Web server at this path:
\\<Web Servername>\C$\inetpubs\wwwroot\depot\iQclntmgrNT.exe
4. When you locate the iQclntmgrNT.exe file, copy it to a folder on a different server, and
share the folder.
5. Run iQclntmgrNT.exe from a shared folder.
6. Read the Welcome dialog and click Next.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 345

Installing Propalms Terminal Services Edition TSE Client on
Getting Started

7. Select the installation destination folder or accept the default destination folder and click
Next.

8. Wait for the installation to complete.

9. Verify that the installation completes successfully. After a successful completion, you will
see a Propalms Terminal Services Edition TSE icon in your system tray (in the lower right-
hand area of your desktop).
10. Log off the terminal now as you no longer require administrator privileges.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 346

Installing Propalms Terminal Services Edition TSE Client on
Known problems

11. Log on to the terminal using the User account.

12. Access the Propalms Terminal Services Edition TSE Launch Pad. The address will reflect
your web server’s name followed by the literal launchpad.
For example, http://<web_machine_name>/launchpad
13. When you see the Log On page, log on.
14. Launch an application.

Known problems
This section looks at troubleshooting topics.

Write Filter Cache

Issue
Write filter cache on the Wyse terminal fills.
Symptom
The count for the number of blocks used increases with time.
Cause
Write filter cache on Wyse terminal fills up during use.
Resolution
Reboot the terminal once every day or two, or shut down the terminal before you leave at the end
of each workday.

Problems loading the Propalms Terminal Services Edition TSE Client

software
Issue
You may have to disable the terminal’s Write filter for the duration of the Propalms Terminal
Services Edition TSE client install.
Symptom
The installation fails.
Cause
You may have failed to disable the Write filter before installing Propalms Terminal Services Edition
TSE.
Resolution
Disable the Write filter for the duration of the installation and then enable it again after the
installation. So before the installation, you set the wfilter startup parameter to Disabled and after
the installation, you reset the wfilter startup parameter to Boot.

Shortcuts not created

Issue
Desktop shortcuts are not created automatically.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 347

Installing Propalms Terminal Services Edition TSE Client on
Known problems

Symptom
After restarting the terminal, the shortcuts are not created automatically on the desktop. The
Propalms Terminal Services Edition TSE Client does not appear automatically in the system tray of
the Wyse Windows XP Embedded terminal.
Cause
This is because the Propalms Terminal Services Edition TSE Connection Manager shortcut is not
created in the Programs>Startup folder.
Resolution
Manually launch Propalms Terminal Services Edition TSE Connection Manager from
Start>Programs>Propalms Terminal Services Edition TSE Connection Manager to create the
shortcuts. For the next startup, create Propalms Terminal Services Edition TSE Connection
Manager shortcut in the Programs>Startup folder so that Propalms Terminal Services Edition
TSE Client launches when the device starts up and shortcuts are created automatically.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 348

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
What’s in this chapter?

Installing WBT Add-on for Windows CE

.NET-based Wyse Terminals

What’s in this chapter?

This chapter contains all of the information you need to have to install the Propalms Terminal
Services Edition TSE WBT add-on and manage a Windows CE .NET-based Wyse terminal.
This chapter assumes you are familiar with the following:
• Basic Web Server administrative functions
• FTP server operations
• Wyse terminal

Getting Started
This section lists the minimum requirements and step-by-step procedures for installing the
Propalms Terminal Services Edition TSE WBT add-on for Wyse/WinCE .NET terminal.
Minimum Requirements
The following table presents the minimum requirements for flash and RAM by model for the Wyse
Winterm devices.
TABLE 1. Minimum Requirements
Device Flash RAM
Model 3320 24 Megabytes 32 Megabytes
Model 3530 16 Megabytes 32 Megabytes
Model 3235 16 Megabytes 32 Megabytes
Model 3360 16 Megabytes 32 Megabytes

Installing Propalms Terminal Services Edition TSE WBT add-on for Wyse/
WinCE .NET
This section lists the activities you must complete before you install the add-on image or before
you upgrade. Follow this procedure if you are working with a Wyse terminal and your Wyse
terminal does not come packaged with the Propalms Terminal Services Edition TSE add-on.
Copy thePropalms Terminal Services Edition TSE Files
Place the files on the FTP server
Perform the activities in this section before you install the add-on.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 349

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
Getting Started

From the FTP server, perform the following:

1. Check the Propalms Web site for the latest version of the client software.
2. Ensure that there is no beta version of the Propalms Terminal Services Edition TSE
software installed on the client devices. If there is a version, you will need to reflash the
device with a new Wyse image before proceeding.
3. Place the two files, Propalms-TSEaddon400.bin and params.ini, on an FTP server.
Manage the Propalms Terminal Services Edition TSE files from the Client
From the client, perform the following:
1. Press the Control Panel button on the client to enter the Terminal Properties.
2. Click the Upgrade tab.
To install the Propalms Terminal Services Edition TSE add-on:
3. Select the Use Local FTP Information option.

4. In the Server Name field, enter the FTP server’s IP address.

5. In the Server Directory field, enter the proper directory path. This is the path to the ftproot,
the path with the root folder.
6. Enter a user ID and password.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 350

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
Getting Started

NOTE

The default User ID is Anonymous, and the password is any five characters.You
can use the default user ID and password when the FTP server permits
anonymous connections.

7. Select the Save Password check box to save the password.

8. When you are ready to proceed, click Upgrade.

9. On the Firmware Upgrade window, click Start.

10. When this process completes, the machine re-starts.

NOTE
The Propalms Terminal Services Edition TSE CE add-on uses the RDP client, and the
add-on will not work without it. So remember, do not remove the RDP client.

Configure the connection

To configure a Propalms Terminal Services Edition TSE connection on the Client machine:
1. Click Add on the Winterm Connection Manager.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 351

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
Getting Started

2. In the New Connection dialog box, select Propalms Connection Manager from the drop-
down list and click OK.

To establish the connection:

3. Type the URL of the Propalms Terminal Services Edition TSE Launch Pad that you intend
to use in the Launch Pad Address field.
For example:

Propalms Terminal Services Edition Administrator Guide--1 March 2013 352

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
Getting Started

http://<servername>/launchpad

4. In the User Name field, enter the user name.

5. In the Domain field, enter the domain that you will use. This domain should exist in
Propalms Terminal Services Edition TSE; it should have been provisioned by the Propalms
Terminal Services Edition TSE Administrator.
6. Click Next.
7. Choose the way you will select applications:
• Select All Applications to select all the displayed applications. Go to Step 8.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 353

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
Getting Started

• Select An Application to select one application at a time. Go to Step 9.

8. If you choose Select All Applications, click Finish.

A single Propalms Terminal Services Edition TSE connection called Propalms Terminal
Services Edition TSE Team appears on the Winterm Connection Manager dialog box.
You will use the Propalms Terminal Services Edition TSE Team connection to access

Propalms Terminal Services Edition Administrator Guide--1 March 2013 354

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
Getting Started

the list all of the applications that are available to you from the Propalms Terminal Services
Edition TSE server.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 355

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
Getting Started

9. If you choose Select An Application, you must select the application you want to use, and
then click Finish.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 356

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
Getting Started

A single Propalms Terminal Services Edition TSE application connection appears in the
Winterm Connection Manager for the selected Propalms Terminal Services Edition TSE
application.

NOTE

Repeat this procedure to add connections to other individual applications.

Launching an application
1. To launch an application, double click a Propalms Terminal Services Edition TSE
connection icon on the Winterm Connection Manager. The Propalms Terminal Services
Edition TSE Connection (authentication) dialog box appears if you have not saved your
password.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 357

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
Getting Started

2. In the Propalms Terminal Services Edition TSE Connection (authentication) dialog box,
enter your credentials and click OK.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 358

Installing WBT Add-on for Windows CE .NET-based Wyse Termi-
Getting Started

3. If you double clicked a specific application connection icon in Step 1, the application is
launched. If you clicked the Propalms Terminal Services Edition TSE Team Connection
icon, the list of application is retrieved. Select an application and click Launch to launch the
application.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 359

Propalms Terminal Services Edition Resource Kit
What’s in this chapter?

Propalms Terminal Services Edition

Resource Kit

What’s in this chapter?

This chapter provides information about the Propalms Terminal Services Edition Resource Kit
(Propalms RK) and using the Propalms-RK commands.

Propalms Terminal Services Edition Resource Kit

This section addresses the Propalms Terminal Services Edition Resource Kit.
The Propalms RK is a suite of command line tools that Propalms Terminal Services Edition
administrators can use to deploy their Propalms Terminal Services Edition system or to maintain it.
With the kit, the administrators can do the following:
• Update the Propalms Terminal Services Edition system identity
• Update the Propalms Terminal Services Edition database connection settings
• Make a transform file to instruct the MSI installer to push the Propalms Client to client
computers
• Refresh application shortcut icons
• Capture incident data for technical support
This kit provides features that supplement the features found in the Management Console. The kit
provides some features that the Console cannot perform.
The Propalms RK works with other command line tools such as the WTS tools and the Windows
Task Scheduler. Administrators can construct batch files and scripts that use the Propalms RK to
help them maintain their server-based computing data centers.
This chapter deals with the following:
"Installing the Propalms RK"
"Understanding the Propalms RK"
"Using the Propalms RK"
"Writing advance command lines"

Installing the Propalms RK

The Propalms RK has the same software and hardware requirements as Propalms Terminal
Services Edition itself. Specifically, the software requirements for the Propalms RK are:
• Propalms Terminal Services Edition 4.0
• Windows Server 2003 or Windows Server 2008

Propalms Terminal Services Edition Administrator Guide--1 March 2013 360

Propalms Terminal Services Edition Resource Kit
Understanding the Propalms RK

A Windows Installer file, Propalms-TSE-RK.MSI, packages the Propalms Terminal Services

Edition Resource Kit. To install the kit, run the Propalms RK install program and follow the
instructions that appear during the install process.
Since some Propalms RK commands work on individual servers rather than the team as a whole,
we recommend that you install the Propalms RK on all servers in your Propalms Terminal Services
Edition team.

Understanding the Propalms RK

This section discusses the major concepts that you will need to understand and use the Propalms
RK.

Exploring the Propalms RK

As you read this section, you may want to follow along from the Propalms RK. You can access this
from the Windows Start menu; select Start>Programs>Propalms Terminal Services Edition
Resource Kit>Propalms Terminal Services Edition Resource Kit Command Prompt. The
shortcut opens a command prompt window. From the command prompt, type Propalms-RK help to
a get list of commands that Propalms RK contains.
c:\program files\Propalms RK>Propalms-RK help
Propalms Terminal Services Edition Resource Kit (version 4.0). Try:
Propalms-RK command [args...]
where the following are commands:
applications List all the applications in the system
client-transform Generate a Propalms Client transform
connections List all the connections monitored by the system
count Count the rows of output from another
domains List all the domains in the system
for Loop on the values of another command
groups List all the groups in the system
help Print a help message
identity Print or set the identity account for the system
if Test an environment variable's value
os-info Print operating system information
ous List all the organization-units in the system
print Print arguments to the output file
refresh-icons Refresh an application's icon
registry List Propalms Terminal Services Edition registry
values
servers List all the servers in the system
sql Print or set the SQL connection string
support-info Report information for a support incident

Propalms Terminal Services Edition Administrator Guide--1 March 2013 361

Propalms Terminal Services Edition Resource Kit
Understanding the Propalms RK

sync-database Synchronize to domain information

team Print information about the server's team
test Test the exit-code of another command
tracing Print and set the development tracing level
users List all the users in the system
web-port Print or set the ports for the Propalms Terminal
Services Edition Web sites
To view detailed information about a particular command, type Propalms-RK help <command>.
To view detailed information about all of the commands type Propalms-RK help /a.
For example,
c:\program files\Propalms RK>Propalms-RK help web-port
WEB-PORT -- Print or set the ports for the Propalms Terminal Services
Edition web sites
Syntax
Propalms-RK web-port [/h] [/q] [/action:set] [/http:Value] [/
https:Value]
Arguments
/h Suppress the header of the information table
/q Quiet mode
/action:set Set the ports
/http The port number for HTTP communication
/https The port number for HTTPS communication
Remarks
This command prints or sets the ports that Propalms Terminal Services
Edition components and clients use to communicate to the Propalms
Terminal Services Edition web sites. This command only affects the port
settings for Propalms Terminal Services Edition. Use the Internet
Services Manager to change the IIS settings.
Examples
Propalms-RK web-port
Propalms-RK web-port /action:set /http:80 /http:443
Requirements
Propalms Terminal Services Edition web server

Specifying options
Most commands have options that alter their behavior. Like many command line tools, Propalms
RK options begin with a slash character. There are two types of options:
• Flags
• Named values

Propalms Terminal Services Edition Administrator Guide--1 March 2013 362

Propalms Terminal Services Edition Resource Kit
Using the Propalms RK

Flags are single letters that turn on a particular command mode. If a flag is present, then the
command uses the flag’s associated mode. Administrators can combine flags together, so
specifying /fh has the same effect as specifying /f /h.
Common flags are:
TABLE 1. Flag Options in Propalms RK
Option Usage
/h Suppress headers in tables
/q Quiet mode, answer yes to all prompts
/f Answer yes to all prompts

Named value options follow the form /<name>:<value>, where a colon separates the name of
the option and value of the option. For example, many commands use the /action:set option to
indicate the set value of the action option. If a value has spaces in it, use quotes to surround the
whole option. The option /description:Propalms Terminal Services Edition Team
on Server has a value of Propalms Terminal Services Edition Team on Server.

Printing information
The Propalms RK prints information in a tab-delimited table format. The tab-delimited format is
easy to read as well as to import into spreadsheets and databases. The first row of the table
contains the column names for the table, while the following rows contain the values of the table. If
a /h flag is specified, the header row is omitted.
The Propalms RK tries to format tables so that columns align correctly. It assumes that tabs are set
every eight characters, which is true for the command prompt. To make columns line up, the
Propalms RK may insert multiple tab characters between values. So, when importing a Propalms
RK table into a Microsoft Excel spreadsheet, use the treat successive delimiters as one option. For
blank values, the Propalms RK will place a space character.
If a row exceeds the width of the command prompt window, the command prompt will wrap the
row’s information to the next line. When this happens, it is easier to read the information if the
information is first saved to a file and then viewed using another program such as Windows
Notepad. To do this, use the command redirection feature of the Windows command prompt. For
example, type Propalms-RK users > users.txt to save the list of users in a file named users.txt.

Checking administrator rights

For any command that accesses or modifies the Propalms Terminal Services Edition system
settings, the Propalms RK will check to see that the user who invokes the command, the logged on
user, is a member of the Propalms Terminal Services Edition Administrators group. This check
prevents unauthorized users from using the Propalms RK to alter your Propalms Terminal Services
Edition system.

Stopping a command
It is possible to abort and stop a command as it executes. Like many command line tools, the
Propalms RK stops when you press the Ctrl key and C key in combination.

Using the Propalms RK

This section provides examples on how to use the Propalms RK.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 363

Propalms Terminal Services Edition Resource Kit
Using the Propalms RK

Generating a transformed client

The administrator can use the Propalms Terminal Services Edition Resource Kit to generate a
Propalms Client transform, which can be pushed to client computers through GPO. The client-
transform command creates a Windows Installer transformed file that can help install the Propalms
Client software without requiring the user to browse a Launch Pad web site. The source for the
transform is the Propalms-TSE-Client700.msi file which is found in Propalms Terminal Services
Edition's depot folder by default. The transformed file can be used in an Active Directory group
policy object (GPO) or directly from command line.
The command takes the following parameters:
• url: URL for the launch pad web site
You can also specify the following optional parameters:
• mst: Output .mst filename, default used if omitted
• msi: Source .msi file, default used if omitted
• /q option runs the command in silent mode
• domain: Domain to use for the launch pad web site
To transform a client
1. Select Start>Programs>Propalms Terminal Services Edition Resource Kit>Propalms
Terminal Services Edition Resource Kit Command Prompt.
2. Type
Propalms-RK client-transform /url:http://<webserver name>/launchpad
/domain:TestDomain /mst:Propalms-TSE-Client700.mst /msi:Propalms-
TSE-Client700.msi
3. To install the resultant mst file on client computer, type
msiexec /i Propalms-TSE-Client700.msi TRANSFORMS="Propalms-TSE-
Client700.mst"

NOTE
To push the msi through GPO or other methods, please refer to the corresponding GPO or
other relevant documentation.

Synchronizing domain information with Task Scheduler

The Propalms RK contains a command to synchronize the Propalms Terminal Services Edition
provisioning information with recent changes made to the network domains. To automate this
operation, administrators can schedule this operation as a daily task on a Propalms Terminal
Services Edition server using the Windows Task Scheduler.
1. Select Start>Settings>Control Panel>Scheduled Tasks.
2. Launch the Add Scheduled Task wizard. Click Next.
3. Click Browse and select the Propalms-RK.exe program. Click Next.
4. Specify the frequency and start time. Click Next.
5. Specify a Propalms Terminal Services Edition administrator’s account for the task’s user
account and click Next.
6. Select Open advance properties for this task when I click Finish and click Finish.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 364

Propalms Terminal Services Edition Resource Kit
Using the Propalms RK

7. On the Task property tab, in the Run field, add sync-database /q. If Propalms-RK.exe is
installed on the C drive, the field should read
“C:\Program Files\Propalms RK\Propalms-RK.exe" sync-database /q
8. Click OK.
Administrators can see the results from the last time the task scheduler ran a task in the Last
Results property of the task. Like other command line tools, Propalms-RK.exe will exit with a zero
status after a successful run.

Altering the Propalms Terminal Services Edition Identity account

The Propalms Terminal Services Edition identity account is the security context that the Propalms
Terminal Services Edition components use. Propalms RK contains an identity command that
changes the identity account or updates the account’s password.
1. Select Start>Programs>Propalms Terminal Services Edition Resource Kit>Propalms
Terminal Services Edition Resource Kit Command Prompt.
2. Type
Propalms-RK identity /action:set /user:<account> /domain:<domain> /
password:<account_password>
The command will respond by prompting for confirmation that you want to proceed. If you provide
confirmation, then the command will take a few minutes to complete.

Adjusting the ports used by the Propalms Terminal Services Edition web sites
By default, Windows Internet Information Services (IIS) uses port 80 for HTTP traffic and port 443
for HTTPS traffic. Administrators may alter the ports used by IIS in the Internet Services Manager.
However, if they change the ports, they need to notify Propalms Terminal Services Edition of this
port change using a Propalms RK command.
The Propalms RK contains the following command to alter the web ports that are used by
Propalms Clients and components to talk to the Propalms Terminal Services Edition web sites.
1. Select Start>Programs>Propalms Terminal Services Edition Resource Kit>Propalms
Terminal Services Edition Resource Kit Command Prompt.
2. Type
Propalms-RK web-port /action:set /http:<port> /https:<port>

Migrating to a new Propalms Terminal Services Edition Database server

Occasionally, it may be necessary to move the Propalms Terminal Services Edition database,
CanaveralDB, from one server to another. The Propalms RK contains a command to alter the
connection string that a Propalms Terminal Services Edition components uses to connect to its
SQL database.
The first step when migrating a Propalms Terminal Services Edition database is to back up the
database on the current SQL Server and to restore it on the new database server. See the SQL
Server documentation for details on performing this operation.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 365

Propalms Terminal Services Edition Resource Kit
Writing advance command lines

NOTE
The database you will be using as the new database should not already be in use in the
Propalms Terminal Services Edition team as a backup database.

Next, configure the servers on the team to use the new database. On each server in the Propalms
Terminal Services Edition team:
1. Select Start>Programs>Propalms Terminal Services Edition Resource Kit>Propalms
Terminal Services Edition Resource Kit Command Prompt.
2. Type
Propalms-RK sql /action:set /server:<server_name> /
database:<db_name>

Reporting a support incident

When reporting a problem to Propalms support, it is important to provide as much information
about the Propalms Terminal Services Edition configuration as possible. The Propalms RK
contains a command to print information that is important to technical support. Save the support
information to a file and email the file to support at [email protected].
1. Select Start>Programs>Propalms Terminal Services Edition Resource Kit>Propalms
Terminal Services Edition Resource Kit Command Prompt.
2. Type
Propalms-RK support-info > support.txt

NOTE

You should disable all virus checking software when running the command. The
Propalms RK support-info tool may take a few moments to complete.

Writing advance command lines

We designed the Propalms RK not only to provide useful commands, but also to allow each
command to work with other commands and with other command line tools. This section discusses
advance usage of the Propalms RK.

Specifying multiple commands

A single invocation of the Propalms-RK tool can invoke multiple commands. When specifying
multiple commands on a single command line, each command should begin with a double slash,
so the Propalms-RK tool can distinguish it from command options.
The Propalms-RK tool will execute the commands in left to right order. To refresh-icons and then
sync the database to the domain, type Propalms-RK //refresh-icons //sync-database.
Reversing the command order would reverse the order in which these commands execute.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 366

Propalms Terminal Services Edition Resource Kit
Writing advance command lines

Looping
The for command is a special command that uses another command. The for command reads the
tab-delimited table that one command produces and invokes the remaining commands in the
command line one time for each row of the output table.
Any command that produces a tab-delimited table may be used with the for command. For
example, the applications command can be used alone to list all the applications in the Propalms
Terminal Services Edition system or it can be used with the for command to invoke the remaining
command, from the command line, once for each application in the Propalms Terminal Services
Edition system.
Like the for command, the count command loops on the output of another command. Instead of
invoking the remaining commands on the command line, the count command counts the rows in
the output table and prints the count.
c:\program files\Propalms RK>Propalms-RK applications
ApplicationName ApplicationPath
Pinball C:\Program Files\Windows NT\Pinball\PINBALL.EXE
Solitaire C:\WINNT\system32\sol.exe
c:\program files\Propalms RK>Propalms-RK //for applications //print Ha
Ha
Ha
c:\program files\Propalms RK>Propalms-RK //count applications
Count
2

Passing information between commands

The Propalms-RK tool will substitute options delimited by # characters with values stored in
environment variables. For example, the Propalms-RK print #computername# command
will print the current value of the computer name environment variable. To view all the current
environment variables, type set at the Windows command prompt.
Before invoking the other commands on the command line, the for command will add environment
variables for each column in the output table. As the for command loops on each row of the output
table, it will update these environment variables with the values from the current row. This feature
enables the administrator to use the output of one command as the input to another command.
c:\program files\Propalms RK>Propalms-RK applications
ApplicationName ApplicationPath
Pinball C:\Program Files\Windows NT\Pinball\PINBALL.EXE
Solitaire C:\WINNT\system32\sol.exe
c:\program files\Propalms RK>Propalms-RK //for applications //print
#ApplicationName#
Pinball
Solitaire

Propalms Terminal Services Edition Administrator Guide--1 March 2013 367

Propalms Terminal Services Edition Resource Kit
Writing advance command lines

Branching
The if command will compare values of strings and numbers. If the comparison evaluates
positively, then command processing continues. If the comparison evaluates negatively, the
command processing stops and the Propalms-RK tool exits.
The following table displays the comparison operators supported by the if command:
TABLE 2. Comparison Operators supported by the IF command
Operator Usage
eq Test for equality. Treat values as integers.
ne Test for non-equality. Treat values as integers.
gt Test for greater than. Treat values as integers.
lt Test for less than. Treat values as integers.
ge Test for greater than or equal to. Treat values as integers.
le Test for less than or equal to. Treat values as integers.
Is Test for equality. Treat values as strings.
isnot Test for non-equality. Treat values as strings.
like Test the first string to find lines that contains the second string.

C:\Program Files\Propalms RK>Propalms-RK connections

Status ServerName SessionId Age
2 RHAWES-PAQ 1 5466
2 RHAWES-PAQ 4 46
C:\Program Files\Propalms RK>Propalms-RK //for connections //if #Age# gt
500 //print Session #SessionID# is older than 500 minutes
Session 1 is older than 500 minutes
C:\Program Files\Propalms RK>Propalms-RK //for connections //if #Age# gt
50000 //print Session #SessionID# is older than 50000 minutes
Like the if command, the test command will continue or terminate command processing
depending on the outcome of the test it performs. Unlike the if command, which tests values, the
test command tests the exit code of another command, a command that it invoked. If the exit code
is zero, command processing continues. If the exit code is not zero, command processing
terminates.

Working with other tools

The Propalms-RK tool of the Propalms RK can also invoke other command line tools. When it
processes a command name, the Propalms-RK tool first looks in its catalog of built-in commands
for the command. If it does not find the command in its catalog, then it searches the path
environment variable for an external tool that has the command, and then the Propalms-RK tool
invokes it. For example, the Propalms-RK tool can invoke the terminal services command line
tools such as the msg tool, which sends a message to a user of terminal services.
C:\Program Files\Propalms RK>Propalms-RK msg MIKES meet at 1PM today

Propalms Terminal Services Edition Administrator Guide--1 March 2013 368

Propalms Terminal Services Edition Resource Kit
Writing advance command lines

Putting it all together

Taken together, these advanced features allow administrators to build powerful command lines
that use the built-in commands of Propalms RK in combination with other tools. The example
below uses the Propalms RK to disconnect all Propalms Terminal Services Edition connections
that are older than 500 minutes. It uses the internal connections command and the external
tsdiscon tool. It demonstrates the looping and parameter passing features of the for command. It
shows how the if command can qualify the execution of other commands.
C:\Program Files\Propalms RK>Propalms-RK connections
Status ServerName SessionId Age
2 RHAWES-PAQ 1 5466
2 RHAWES-PAQ 4 46
C:\Program Files\Propalms RK>Propalms-RK //for connections //if #Age# gt
500 //tsdiscon #SessionID# /SERVER:#ServerName#

Propalms Terminal Services Edition Administrator Guide--1 March 2013 369

About Us
What’s in this chapter?

About Us

What’s in this chapter?

This chapter provides information about Propalms Ltd. and Propalms Terminal Services Edition.

About Propalms
Propalms, Ltd. is a leading provider of purpose-built application access and deployment software
to thousands of customer sites worldwide. Propalms enables organizations to access and manage
information, data and applications across all platforms, networks and devices. Propalms bridges
the gap between vendors, ensuring that customers have complete access to business-critical
information. Using Propalms's software, customers realize the benefits of secure corporate data,
maximizing return on existing IT assets and improved productivity. The company markets its
products through key industry partnerships and a worldwide network of consultants and resellers.
Propalms is headquartered in North Yorkshire.

About Propalms Terminal Services Edition from Propalms

Propalms Terminal Services Edition makes central deployment and management of server-based
Windows applications simple, intelligent, and cost effective. Serving both enterprises and service
providers, Propalms Terminal Services Edition increases the efficiency of IT operations and
improves business performance.

Other sources of information

You can find more information, as follows:
TABLE 1. Sources of information and their availability
Source Availability
Propalms Ltd. +44 (0) 1904 567760
Technical Support Center Visit http://support.propalms.com
Local Sales Office Visit http://www.propalms.com/about/contact.html
Email to Propalms [email protected]
Propalms on the Web http://www.propalms.com

Propalms Terminal Services Edition Administrator Guide--1 March 2013 370

Propalms Terminal Services Edition Clients
What’s in this appendix?

Propalms Terminal Services Edition Clients

What’s in this appendix?

This appendix provides information on Propalms Terminal Services Edition Clients. It tabulates the
Propalms Terminal Services Edition features along with their availability for various client operating
systems.

Propalms Terminal Services Edition Clients

A Propalms Terminal Services Edition v7.0 installation creates a team whose applications can be
launched from computers with the any of the following operating systems:
• CE 2.12 or CE 4.x (CE .NET)
• Windows XP, Windows 2003, Windows Vista and above
The following table lists the availability of various Propalms Terminal Services Edition features on
each of these operating systems:
TABLE 1. Propalms Terminal Services Edition Clients and Features
OS File Client Connection Drive Printer Shortcuts
Associations Groups Settings Sharing Redir
CE 2.12 No Yes Yes No No No

CE 4.x No Yes Yes Yes Yes No

Win 95 Yes Yes Yes Yes Yes Yes

Win 98 Yes Yes Yes Yes Yes Yes

Win NT Yes Yes Yes Yes Yes Yes

Win XP Yes Yes Yes Yes Yes Yes

Win Me Yes Yes Yes Yes Yes Yes

Win 2K Yes Yes Yes Yes Yes Yes

Win Yes Yes Yes Yes Yes Yes

2K3
Win Yes Yes Yes Yes Yes Yes
Vista
Win 7 Yes Yes Yes Yes Yes Yes

Win Yes Yes Yes Yes Yes Yes

2K8 /
2K8 R2

Propalms Terminal Services Edition Administrator Guide--1 March 2013 371

Propalms Terminal Services Edition Clients
Propalms Terminal Services Edition Clients

The following table lists the availability of various connection settings on each operating system.
TABLE 2. Connection Settings support on different Operating Systems
OS Adjust Bitmap Compr Seamless Launch in Reconnect SPR Logoff idle or Drive and Unidriver
Display Caching ession Windows existing disconnected Printer
connections connections sharing
CE No Yes Yes No No Yes Yes Yes No No
2.12
CE 4.x No Yes Yes No No Yes Yes Yes Yes (Only No
on Windows
2003
server)*
Win Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
95
Win Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
98
Win Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
NT
Win Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
XP
Win Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Me
Win Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
2K
Win Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
2K3
Win Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Vista
Win 7 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Win Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
2K8 /
2K8
R2

* To enable this setting on Windows 2003 servers select the Native option from the Connection
Settings page.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 372

Abbreviations
What’s in this appendix?

Abbreviations

What’s in this appendix?

This appendix lists some common relevant abbreviations.

Abbreviations
This section addresses the abbreviations that appear in this guide. Most of the abbreviations relate
to Microsoft technologies, communications protocols, or other technologies. Many administrators
are familiar with these abbreviations.
TABLE 1. Abbreviations

Abbreviation Meaning
ADSI Active Directory Service Interfaces
API Application Programming Interface
ASP Active Server Pages
COM Component Object Model
DCOM Distributed COM
DNS Domain Name System
FQDN Fully Qualified Domain Name
HTML Hypertext Markup Language
IFS Internet File Sharing
IIS Internet Information Services
IT Information Technology
NAT Network Address Translator
NTLM NT LAN Manager
MTS Microsoft Transaction Server
OLE Object Linking and Embedding
OU Organizational Unit
PC Personal Computer
RDP Remote Desktop Protocol
PTSE Propalms Terminal Services Edition
SMB Server Message Block
SPR Single Port Relay

Propalms Terminal Services Edition Administrator Guide--1 March 2013 373

Abbreviations
Abbreviations

TABLE 1. Abbreviations

Abbreviation Meaning
SQL Structured Query Language
SSL Secure Socket Layer
TCP/IP Transmission Control Protocol/Internet Protocol
UI User Interface
UPN User Principal Name
WMI Windows Management Instrumentation
XML Extensible Markup Language

Propalms Terminal Services Edition Administrator Guide--1 March 2013 374

COM+ Components and Propalms Terminal Services Edition Ser-
What’s in this appendix?

COM+ Components and Propalms

Terminal Services Edition Services

What’s in this appendix?

This appendix lists the Propalms Terminal Services Edition Services and the COM+ Components.

COM+ Components
The COM+ table lists system-level applications that are available on-demand.
TABLE 1. COM+ components in Propalms Terminal Services Edition
COM+ Component Description
Propalms Terminal Services Edition Links to the Propalms Terminal
Database Access Engine Services Edition database
Propalms Terminal Services Edition Gets information from the domains
Domain Engine
Propalms Terminal Services Edition Enforces product key and third-party
License Engine licenses
Propalms Terminal Services Edition Regulates the Console operations
Management Engine
Propalms Terminal Services Edition Application provisioning and launch
Application Engine information
Propalms Terminal Services Edition Executes submitted jobs
Jobs Framework Engine

Propalms Terminal Services Edition Services

The Propalms Terminal Services Edition Services table highlights continuously available
background processes.
TABLE 2. Propalms Terminal Services Edition Services
Services Description
Propalms Terminal Services Resides on all servers in the Propalms Terminal Services
Edition Engine Service Edition team. This service provides the ability to manage all
the servers in the team.
Propalms Terminal Services Resides on all the Load Balancer Servers in the Propalms
Edition Load Balancer Service Terminal Services Edition team. This service provides
application load balancing to the clients requesting an
application in the Propalms Terminal Services Edition team.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 375

COM+ Components and Propalms Terminal Services Edition Ser-
Propalms Terminal Services Edition Services

TABLE 2. Propalms Terminal Services Edition Services

Services Description
Propalms Terminal Services Resides on all Application Servers in the Propalms Terminal
Edition Monitor Services Edition team. This service provides application
management, control, performance, and monitoring on the
Application Servers, and communication with the Load
Balancer.
Propalms Terminal Services Resides on all the Relay Servers in the Propalms Terminal
Edition Single Port Relay Services Edition team. This service manages the Propalms
Terminal Services Edition relay server operations, thereby
allowing single port traversal.

Propalms Terminal Services Edition Administrator Guide--1 March 2013 376

OCNA Wireless Slides v1.2.0 en (UN) Rev.240405
No ratings yet
OCNA Wireless Slides v1.2.0 en (UN) Rev.240405
189 pages
Screening and Assessment LD
No ratings yet
Screening and Assessment LD
63 pages
XI - BST - 3 - Private, Public and Global Enterprises
No ratings yet
XI - BST - 3 - Private, Public and Global Enterprises
3 pages
Xerox Work Centre Sag
100% (1)
Xerox Work Centre Sag
362 pages
Application Guide: Lenovo Rackswitch G8052
No ratings yet
Application Guide: Lenovo Rackswitch G8052
580 pages
G8272 Application Guide ENOS 8.2
No ratings yet
G8272 Application Guide ENOS 8.2
606 pages
Microsoft Press System Center Configuration Manager 2007, Administrator - S Companion (2008)
No ratings yet
Microsoft Press System Center Configuration Manager 2007, Administrator - S Companion (2008)
886 pages
Marine Crane Failure Analysis
100% (1)
Marine Crane Failure Analysis
27 pages
User Guide: LAPN600
No ratings yet
User Guide: LAPN600
54 pages
Swift's Satirical Masterpieces
No ratings yet
Swift's Satirical Masterpieces
7 pages
BusinessObjects Enterprise™ XI Release 2
No ratings yet
BusinessObjects Enterprise™ XI Release 2
312 pages
Tsunami800+8000 - RefGuide v6.2 765 00133 PDF
No ratings yet
Tsunami800+8000 - RefGuide v6.2 765 00133 PDF
191 pages
NexentaStor 5.2 CLI Config Guide RevB
No ratings yet
NexentaStor 5.2 CLI Config Guide RevB
150 pages
SnomONE Online Book
No ratings yet
SnomONE Online Book
588 pages
Vyatta Quick Start VC4.1 v02
No ratings yet
Vyatta Quick Start VC4.1 v02
48 pages
Axway Admguide v5.5.1
No ratings yet
Axway Admguide v5.5.1
692 pages
Contrôleur IMS 36 ConfigGuide
No ratings yet
Contrôleur IMS 36 ConfigGuide
242 pages
K1000 AdminGuide
No ratings yet
K1000 AdminGuide
328 pages
Violin Memory Array Software Configuration Guide R3.4
No ratings yet
Violin Memory Array Software Configuration Guide R3.4
163 pages
Some Basic Concepts of Chemistry
No ratings yet
Some Basic Concepts of Chemistry
19 pages
Cie 10 System Administrator en
No ratings yet
Cie 10 System Administrator en
344 pages
HP ProCurve - Management and Configuration Guide W.14.03
100% (1)
HP ProCurve - Management and Configuration Guide W.14.03
618 pages
Vmware em
100% (1)
Vmware em
110 pages
Ocnos DC Qos Guide
No ratings yet
Ocnos DC Qos Guide
259 pages
Application Guide: Ibm System Networking Rackswitch G8124/G8124-E
No ratings yet
Application Guide: Ibm System Networking Rackswitch G8124/G8124-E
472 pages
Dell KACE K1000 Admin Guide
No ratings yet
Dell KACE K1000 Admin Guide
360 pages
SMSCPDG
No ratings yet
SMSCPDG
676 pages
Evolution of Handwriting Systems
100% (2)
Evolution of Handwriting Systems
38 pages
Ghost Solution Suite3 0 HF1 ReleaseNotes
No ratings yet
Ghost Solution Suite3 0 HF1 ReleaseNotes
13 pages
Ghost Solution Suite3 0 HF3 ReleaseNotes
No ratings yet
Ghost Solution Suite3 0 HF3 ReleaseNotes
14 pages
Lenovo CNOS AG 10-7 PDF
No ratings yet
Lenovo CNOS AG 10-7 PDF
746 pages
Topic 7 - Challenge Risk and Safety
No ratings yet
Topic 7 - Challenge Risk and Safety
83 pages
EdgeSwitch AdminGuide
No ratings yet
EdgeSwitch AdminGuide
274 pages
Manual
No ratings yet
Manual
130 pages
Installation Guide
0% (1)
Installation Guide
438 pages
Ep 20 Units
No ratings yet
Ep 20 Units
142 pages
G8124-E Ag 8-3 PDF
No ratings yet
G8124-E Ag 8-3 PDF
526 pages
Application Guide: Lenovo Rackswitch G7028/G7052
No ratings yet
Application Guide: Lenovo Rackswitch G7028/G7052
312 pages
Access Essentials Guide
No ratings yet
Access Essentials Guide
66 pages
G8316 Ag 7-9 PDF
No ratings yet
G8316 Ag 7-9 PDF
586 pages
Aginet ACS V1.0 - UG - REV1.0 - 01 - 2022 - 0322
No ratings yet
Aginet ACS V1.0 - UG - REV1.0 - 01 - 2022 - 0322
63 pages
Force10-S25p - Reference Guide - En-Us PDF
No ratings yet
Force10-S25p - Reference Guide - En-Us PDF
1,262 pages
VFSM Ag 7 8
No ratings yet
VFSM Ag 7 8
541 pages
BR01 Ar01
No ratings yet
BR01 Ar01
6 pages
RAIDiator 4.2 Desktop IG en PRT
No ratings yet
RAIDiator 4.2 Desktop IG en PRT
2 pages
SoundStation IP5000 Quick Start Guide English
No ratings yet
SoundStation IP5000 Quick Start Guide English
2 pages
IQstor Admin Guide
No ratings yet
IQstor Admin Guide
178 pages
The Future of Automotive Manufacturing - Integrating AI... For Next-Gen Automatic Cars
No ratings yet
The Future of Automotive Manufacturing - Integrating AI... For Next-Gen Automatic Cars
9 pages
Libble Eu
No ratings yet
Libble Eu
55 pages
EdgeSwitch AdminGuide
No ratings yet
EdgeSwitch AdminGuide
274 pages
QRadar 71MR2 AdminGuide
No ratings yet
QRadar 71MR2 AdminGuide
316 pages
Tsunami A2MP-81XX-CPE - ReferenceManualv2.2 - SWv2.3.5
No ratings yet
Tsunami A2MP-81XX-CPE - ReferenceManualv2.2 - SWv2.3.5
88 pages
Stonesoft Administrators Guide v5-6
No ratings yet
Stonesoft Administrators Guide v5-6
1,398 pages
Dell SonicWALL E-Class SRA 10.6.2 Admin Guide
No ratings yet
Dell SonicWALL E-Class SRA 10.6.2 Admin Guide
585 pages
HP Storageworks Simple San Connection Manager User Guide: Part Number: 5697-7199 First Edition: February 2008
No ratings yet
HP Storageworks Simple San Connection Manager User Guide: Part Number: 5697-7199 First Edition: February 2008
98 pages
MirthApplianceDeploymentGuide 3.6.0
No ratings yet
MirthApplianceDeploymentGuide 3.6.0
69 pages
Symicron Remote Access Router (Manual)
No ratings yet
Symicron Remote Access Router (Manual)
171 pages
Xerox ColorQube 9201 - 9202) 9203 System Administrator Guide
No ratings yet
Xerox ColorQube 9201 - 9202) 9203 System Administrator Guide
328 pages
Bitdefender SVE MultiPlatform AdminsGuide EnUS
No ratings yet
Bitdefender SVE MultiPlatform AdminsGuide EnUS
96 pages
History of Computers
No ratings yet
History of Computers
12 pages
IBM Virtual Fabric 10Gb Switch Module For IBM BladeCenter Application Guide
No ratings yet
IBM Virtual Fabric 10Gb Switch Module For IBM BladeCenter Application Guide
485 pages
Manual Connect - Brain en
No ratings yet
Manual Connect - Brain en
229 pages
UC-SS7000 Web Config Utility User Guide v4 0 0
No ratings yet
UC-SS7000 Web Config Utility User Guide v4 0 0
31 pages
Embankment Design Basic Nov20
No ratings yet
Embankment Design Basic Nov20
83 pages
Structure Syllabi
No ratings yet
Structure Syllabi
19 pages
DM GTU Study Material E-Notes Unit-4 29012022085557AM
No ratings yet
DM GTU Study Material E-Notes Unit-4 29012022085557AM
12 pages
(Hooker and Monas, 2008) Shoestring Venture - The Startup Bible
No ratings yet
(Hooker and Monas, 2008) Shoestring Venture - The Startup Bible
532 pages
Adobe Connect Installation and Configuration Guide
No ratings yet
Adobe Connect Installation and Configuration Guide
64 pages
Quick Start Guide: Vyatta System
No ratings yet
Quick Start Guide: Vyatta System
46 pages
GD4400
No ratings yet
GD4400
52 pages
Group 17 - Research Proposal-1
No ratings yet
Group 17 - Research Proposal-1
36 pages
Cre Project Group 2 Sec01
No ratings yet
Cre Project Group 2 Sec01
28 pages
ITCAM Userguide
No ratings yet
ITCAM Userguide
232 pages
AWS-SOP - Creating ALB and Configuring Target Groups, Listeners and Stickiness
No ratings yet
AWS-SOP - Creating ALB and Configuring Target Groups, Listeners and Stickiness
15 pages
Qkhttiepdiendeso 01
No ratings yet
Qkhttiepdiendeso 01
2 pages
Authentic Assessment Rubric - New Dog Breed
No ratings yet
Authentic Assessment Rubric - New Dog Breed
2 pages
Genetics Practicum Insights
No ratings yet
Genetics Practicum Insights
53 pages
PCC-2000 Reference Manual V1.42
No ratings yet
PCC-2000 Reference Manual V1.42
26 pages
Existentialist Feminism and Simone de Beauvoir PDF
No ratings yet
Existentialist Feminism and Simone de Beauvoir PDF
2 pages
Aditya Internship Training
No ratings yet
Aditya Internship Training
14 pages
Haldi Ram
No ratings yet
Haldi Ram
9 pages
Action Plan For NLC
No ratings yet
Action Plan For NLC
9 pages
Lance Design For Argon Bubbling in Molten Metal
No ratings yet
Lance Design For Argon Bubbling in Molten Metal
12 pages
Lab Report: Submitted To
No ratings yet
Lab Report: Submitted To
6 pages
Falke Talk - The Falke 80 - 90 Serial No Database - 03
No ratings yet
Falke Talk - The Falke 80 - 90 Serial No Database - 03
5 pages