Remote Desktop Services Lab on Windows Server 2016

Posted: January 21, 2017 in Windows Server

This lab consists of:

Remote desktop gateway server (rd.gateway.test.com) – server which enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client

Remote Desktop Web Access server (rd-web.test.com) – enables users to access RemoteApp and Desktop Connection through a Web browser

Remote Desktop Connection Broker server (rd-broker.test.com) server allows users to reconnect to their existing sessions in a load-balanced RD Session Host server farm,enables users to evenly distribute the session load among RD Session Host servers in a load-balanced RD Session Host server farm,povides users access to virtual desktops hosted on RD Virtualization Host servers and to RemoteApp programs hosted on RD Session Host servers through RemoteApp and Desktop Connection.

Remote Desktop Session Host server (rd-sh.test.com) – hosts Windows-based programs or the full Windows desktop for Remote Desktop Services clients. Users can connect to an RD Session Host server to run programs, to save files, and to use network resources on that server.

License server (rd-license.test.com) provides Remote Desktop Services client access licenses (RDS CALs) for users or computers that are connecting to the RD Session Host server

Installing Remote Desktop roles 

Add all servers to server group

1-1.PNG

Add roles-Remote Desktop Service Installation

1

Standard deployement

2.PNG

Session-based desktop deployement

3.PNG

In RD connection broker windows-choose RD broker server,click arrow to add it to the right

4.PNG

Do the same for RD Web access server

5.PNG

and repeat procedure for RD Session Host

6.PNG

7.PNG

PowerShell alternative:

Import-Module RemoteDesktop
New-SessionDeployment -ConnectionBroker rd-broker.test.com -SessionHost rd-sh.test.com -WebAccessServer rd-web.test.com

Adding Licenseing Server

After installing click Server Manager-Remote Desktop Service-Overview

8.PNG

Select Licensing server

9.PNG

Or use PowerShell:

add-RDServer -Server rd-license.test.com -Role RDS-LICENSING -ConnectionBroker rd-broker.test.com

Add RD Gateway server

Click RD Gateway and select Gateway server

10

11.PNG

With Powershell:

Add-RDServer -Server 'rd-gateway.test.com' -Role RDS-GATEWAY -ConnectionBroker rd-broker.test.com -GatewayExternalFqdn rd-gateway.test.com

-GatewayExternalFqdn specifies SSL certificate name (during adding RD Gateway server self-signed SSL certificate will be created)

Configure RD Deployement

In Overview window-Click Task-Edit Deployement Process

12.png

13.PNG

Select Licensing mode

14.PNG

15.PNG

Creating certificates

I used self signed SSL certificates,for every server i clicked Create New Certificate

Untitled.png

Specify certificate name (do the same for all remaining servers)

16.PNG

Transfering RD Connection Broker database to SQL database

By default,RD Connection Broker database is stored in Windows Internal Database (WID),now we’ll create configure our Remote Desktop Service into SQL database.

Create AD Security Group and add RD Broker server to it,then on RD Broker server (rd-broker.test.com) install SQL Server 2012 SP1 Native Client (ENU\x64\sqlncli.msi).

Untitled.png

On SQL server expand Security-Login-New Login

Untitled.png

Select Windows Authentication-Object Type-Group-Location-your domain,enter AD Security Group where RD Connection Broker is added.We now gave RD Connection Broker login rights to SQL server

Untitled.png

Create new empty Database

In SQL Server management studio click new query and enter following query

use master
go
create database RDP

Database named RDP will be created

Untitled.png

Right Click RD Connection Broker-Configure High Availability

17

Dedicated Database Server

18.PNG

In DNS name specify DNS name of RD Connection Broker server

Connection String:DRIVER=SQL Server Native Client 11.0;SERVER=sql\remote_services;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=RDP

SERVER=sql\remote_services (SQL is server name,remote_services is SQL instance name-created during SQL Server installation)

Folder to store database (this is default database location for SQL Server 2014):

C:\Program Files\Microsoft SQL Server\MSSQL12.REMOTE_SERVICES\MSSQL\DATA

19.PNG

After wizard finishes,we’ll see next picture

20.PNG

Creating RD policy

If this task is performed remotely (not directly in RD Gateway server) we need to install RSAT

Install-WindowsFeature  RSAT-RDS-Tools -IncludeManagementTools -IncludeAllSubFeature

In server manager click Remote Desktop Services-Servers-Right click RD Gateway server-RD Gateway manager

21.png

Click Resource Authorization Policies-Disable all existing policies

22.PNG

Click Manage Local Computer

23

Create Group

24

In Network resources specify RD Connection server and RD Session host server

25.PNG

Remote clients will now be able to reach session host server when accessing from outside network

Right click Resource Authorization Policies-Create New Policy-Custom

26.png

In User Groups specify AD Group whose members will be connection through RD Gateway

27

In Network resource tab,select Resource group we just created

28.PNG

Creating Remote Desktop Session Collection

In order to publish desktop connection to remote users we need to publish it first.

In Server Manager click Remote Desktop Services-Collection-Task-Create Session Collection

29.png

Specify name and RD Session host server

30.PNG

Specify AD Group whose users will have remote access

31

We can also specify User Profile Disk.User profile disks centrally store user and application data on a single virtual disk that is dedicated to one user’s profile. When the user logs on, their profile disk is attached to their session and detached when the user logs out. With this process, there is no copying of files on logon or logoff

32

PowerShell alternative:

New-RDSessionCollection -CollectionName 'test' -SessionHost rd-sh.test.com -ConnectionBroker rd-broker.test.com

Set-RDSessionCollectionConfiguration -CollectionName test -UserGroup 'test\domain users' -EncryptionLevel High -ConnectionBroker rd-broker.test.com -AutomaticReconnectionEnabled $true

 

We can edit collection clicking on it-Task-Edit Properties

 

32-1.png

 

Now,from client computer in web browser enter RD Gateway server address

https://rd-web.test.com/rdweb

 

33.PNG

 

34.PNG

 

Using RD Session Broker remote client has connected to RD Session host

 

Untitled.png

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s