Cannot Launch Windows RDS Application more than once within PAM

Document ID : KB000100362
Last Modified Date : 22/06/2018
Show Technical Document Details
Introduction:
A PAM Administrator is attempting to implement a PAM Target Device as a Jump Server.
Each Service (TCP/UDP Service, Transparent Logins, RDP Applications) work's once.
Nonetheless a PAM End User cannot launch this Service more than once on the same Target Server.
Background:
  • The Server in question has Windows RDS (Remote Desktop Services) installed successfully. 
  • Within Windows RDS (Remote Desktop Services) the applications have been shared correctly.
  • This server has all the necessary software installed on it (PuTTy, SSMS, Oracle Toad, VMware Client, etc).
  • Each Service on this server works successfully once.
Environment:
PAM 3.x
Instructions:
The problem is due to a combination of Windows RDS (Remote Desktop Services) licensing issue and a Window RDS configuration problem. To successfully implement this Use Case you must perform the following steps on their Target Jumpbox:
  1. Officially license Microsoft RDS.  For more information please consult Microsoft's documentation:
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-activate-license-server

Note:  This will allow "numerous different users" to RDP to this JumpBox
  1. ​If you want the "same user" to consume the above licensing and also launch as many sessions as they want, that this controlled by the Active Directory Global Policy setting:
gpedit.msc > Local Computer Policy > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connect Host > Connections Here you would set it to  "Disable"  >> Restrict Remote Desktop Services user to a single RD Services Session
  1. Then force this policy to be activated by running the following command on your Jump Server:
gpupdate /force