Ehsan Mahpour’s Weblog

Yes! This is a solution to the dreaded problem “The
terminal server has exceeded the maximum number of allowed connections.”

 

Every system administrator knows what it means, and yes –
it gives us shivers, especially when we don’t have physical acess to the
machine, and we can’t log in.

 

There are (at least) two ways to solve the problem, the
easy one and the hard one, as usual.

 

The easy one – applies if TS runs on a Windows 2003
machine, and Console session is logged off but two active (or disconnected)
sessions block further access.

 

From the client machine, go to Start -> Run and
type

 

mstsc
-v:0.0.0.0 /f –console

 

Replace 0.0.0.0 with TS server’s IP.

 

After you log in, go to Terminal Server Management and
disconnect active, idle and other remote sessions. Logg of and then log on as
you would normally do.

 

The hard way – applies in cases when the easy way
fails (Windows 2000 runs as a TS server, Console session logged in, etc.)

 

Conditions to be met for the hard way to succeed:

 
  - telnet service must not be disabled on the TS machine, it must be set
to either automatic or manual
startup.
  - you must have the “netsvc.exe” tool from the windows 2000
resource kit if you need to start telnet on the terminal  services machine
if it is not running. If you don’t have it, you can download
it here.

 

Authenticate to the terminal server from the remote
machine with the “net use” command:

 

Start->Run->cmd

 

C:\>net use \\<ip
address>\admin$ /user:<admin username>  

Example:

C:\>net use
\\192.168.1.1\admin$ /user:paja

 

Use regedt32 to modify the registry entry to allow telnet
without NTLM.

 

Start->Run->regedt32

connect to the remote machine:

 

Registry->Select
Computer

in the “Computer” field, enter “\\<ip
address”

 

Set the following key
to 0:

\HKEY_LOCAL_MACHINE
on <ipaddress>\SOFTWARE\Microsoft \TelnetServer\1.0\NTLM

 

Use netsvc.exe to start telnet service (tlntsvr):

 

c:\>netsvc
tlntsvr \\<ip address> /start

 

From the telnet session, use the “logoff”
command with session IDs of “1″ and “2″ to end the
disconnected but active sessions:

C:\>logoff 1
C:\>logoff 2
C:\>exit

 

(Be patient. Logoff takes some time.)

 

Use netsvc.exe to stop the telnet service if you want:

 

C:\netsvc tlntsvr \\<ip address> /stop

notes from Vladimir Milovanovic’s blog

I was looking for a simple solution to synchronize the IIS settings across a webfarm that I found an interesting post on Scott’s webblog.

Included Files

With the theory behind us, let’s take a look at the files included in the download file. Note that I did not try to pretty it up or put a lot of error checking in it. It’s simple and easy to understand, but that also means that you may need to do some digging into the files to make any changes or to troubleshoot any issues that I didn’t handle in a friendly way.

[The first two files are the ones that you will use to do a Metabase Merge or Push.]

MetabasePush.bat

Usage: MetabasePush {ServerIP} [SMTP FQDN]

You can call this from a batch file that can live somewhere else, like on the desktop of your primary web server. It will do a metabase push from the current server (localhost) to the target server specified by the ServerIP.

You can optionally add the SMTP FQDN and it will update that on the target server. We use that at ORCS Web because each server node has a different SMTP FQDN.

MetabaseMerge.bat

Usage: MetabaseMerge {ServerIP} [SMTP FQDN]

This operates the same as MetabasePush except that it does a Merge instead. The ServerIP is required and the SMTP FQDN is optional. Don’t forget the differences mentioned above between a Push and Merge. This file calls RemoveAdminACLLine.vbs so that the target server retains its own security settings.

[The following files are helper files and don't need to be run directly.]

IIsCnfg2.vbs

This is a copy (confirmed up to date May 2006) of IIsCnfg.vbs but with two minor modifications to make the target username and password optional.

Metaacl.vbs

This is an untouched Microsoft script to view and update the metabase ACLs permissions.

RemoveAdminACLline.vbs

This is used by MetabaseMerge.bat to remove the ACL lines so that the permissions on the target server are left untouched during a Merge.

ChangeSMTP-FQDN.vbs

This will change the fully qualified domain name of the SMTP server on the target server that you specify. It is used when there are different SMTP DNS names on each server.

Scott Forsyth’s IIS Clustering Utilities

There are many times when it is worthwhile to create a custom machineKey for your web.config file. This is worthwhile on a webfarm but also worthwhile on a stand-alone server so that your machineKey remains the same after an iisreset or application pool recycle.

Try this online tool to generate the machinekey and enjoy!