Remote Desktop Services Lab on Windows Server 2016

Posted: January 21, 2017 in Windows Server

This lab consists of:

Remote desktop gateway server ( – server which enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client

Remote Desktop Web Access server ( – enables users to access RemoteApp and Desktop Connection through a Web browser

Remote Desktop Connection Broker server ( server allows users to reconnect to their existing sessions in a load-balanced RD Session Host server farm,enables users to evenly distribute the session load among RD Session Host servers in a load-balanced RD Session Host server farm,povides users access to virtual desktops hosted on RD Virtualization Host servers and to RemoteApp programs hosted on RD Session Host servers through RemoteApp and Desktop Connection.

Remote Desktop Session Host server ( – hosts Windows-based programs or the full Windows desktop for Remote Desktop Services clients. Users can connect to an RD Session Host server to run programs, to save files, and to use network resources on that server.

License server ( provides Remote Desktop Services client access licenses (RDS CALs) for users or computers that are connecting to the RD Session Host server

Installing Remote Desktop roles 

Add all servers to server group


Add roles-Remote Desktop Service Installation


Standard deployement


Session-based desktop deployement


In RD connection broker windows-choose RD broker server,click arrow to add it to the right


Do the same for RD Web access server


and repeat procedure for RD Session Host



PowerShell alternative:

Import-Module RemoteDesktop
New-SessionDeployment -ConnectionBroker -SessionHost -WebAccessServer

Adding Licenseing Server

After installing click Server Manager-Remote Desktop Service-Overview


Select Licensing server


Or use PowerShell:

add-RDServer -Server -Role RDS-LICENSING -ConnectionBroker

Add RD Gateway server

Click RD Gateway and select Gateway server



With Powershell:

Add-RDServer -Server '' -Role RDS-GATEWAY -ConnectionBroker -GatewayExternalFqdn

-GatewayExternalFqdn specifies SSL certificate name (during adding RD Gateway server self-signed SSL certificate will be created)

Configure RD Deployement

In Overview window-Click Task-Edit Deployement Process



Select Licensing mode



Creating certificates

I used self signed SSL certificates,for every server i clicked Create New Certificate


Specify certificate name (do the same for all remaining servers)


Transfering RD Connection Broker database to SQL database

By default,RD Connection Broker database is stored in Windows Internal Database (WID),now we’ll create configure our Remote Desktop Service into SQL database.

Create AD Security Group and add RD Broker server to it,then on RD Broker server ( install SQL Server 2012 SP1 Native Client (ENU\x64\sqlncli.msi).


On SQL server expand Security-Login-New Login


Select Windows Authentication-Object Type-Group-Location-your domain,enter AD Security Group where RD Connection Broker is added.We now gave RD Connection Broker login rights to SQL server


Create new empty Database

In SQL Server management studio click new query and enter following query

use master
create database RDP

Database named RDP will be created


Right Click RD Connection Broker-Configure High Availability


Dedicated Database Server


In DNS name specify DNS name of RD Connection Broker server

Connection String:DRIVER=SQL Server Native Client 11.0;SERVER=sql\remote_services;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=RDP

SERVER=sql\remote_services (SQL is server name,remote_services is SQL instance name-created during SQL Server installation)

Folder to store database (this is default database location for SQL Server 2014):

C:\Program Files\Microsoft SQL Server\MSSQL12.REMOTE_SERVICES\MSSQL\DATA


After wizard finishes,we’ll see next picture


Creating RD policy

If this task is performed remotely (not directly in RD Gateway server) we need to install RSAT

Install-WindowsFeature  RSAT-RDS-Tools -IncludeManagementTools -IncludeAllSubFeature

In server manager click Remote Desktop Services-Servers-Right click RD Gateway server-RD Gateway manager


Click Resource Authorization Policies-Disable all existing policies


Click Manage Local Computer


Create Group


In Network resources specify RD Connection server and RD Session host server


Remote clients will now be able to reach session host server when accessing from outside network

Right click Resource Authorization Policies-Create New Policy-Custom


In User Groups specify AD Group whose members will be connection through RD Gateway


In Network resource tab,select Resource group we just created


Creating Remote Desktop Session Collection

In order to publish desktop connection to remote users we need to publish it first.

In Server Manager click Remote Desktop Services-Collection-Task-Create Session Collection


Specify name and RD Session host server


Specify AD Group whose users will have remote access


We can also specify User Profile Disk.User profile disks centrally store user and application data on a single virtual disk that is dedicated to one user’s profile. When the user logs on, their profile disk is attached to their session and detached when the user logs out. With this process, there is no copying of files on logon or logoff


PowerShell alternative:

New-RDSessionCollection -CollectionName 'test' -SessionHost -ConnectionBroker

Set-RDSessionCollectionConfiguration -CollectionName test -UserGroup 'test\domain users' -EncryptionLevel High -ConnectionBroker -AutomaticReconnectionEnabled $true


We can edit collection clicking on it-Task-Edit Properties




Now,from client computer in web browser enter RD Gateway server address






Using RD Session Broker remote client has connected to RD Session host



  1. Doug says:

    Thanks for this! I was missing something with my connection string for configuring HA for brokers and your post helped me finally solve it. A lot of info out there on this process assumes a default instance (not named) and I was simply missing the instance name. Duh!

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s