A lot of people were pretty excited when Microsoft released RDS for and for good reason. Not only did they overcome the shortcomings of the previous release of RDS on Windows R2, they have also made it very easy to setup and configure.
One of the many great features of and R2 is the ability to push roles and features to multiple servers in an environment from a single Server Manager console. Not only does this save time when rolling out a new RDS environment, it also makes it easy. In our deployment, we will be logged into a single server and through Server Manager we will deploy our new Remote Desktop farm. Each of the servers designated in the environment are virtual, domain joined and were created from a template with the latest Windows updates.
No other special changes or configurations were done to any of the servers with the exception of the RD Session Host servers. Log into a domain joined or R2 server and launch Server Manager. This is not a requirement, however this is a good practice and helps organize the servers you will be managing. Enter a name for the server group. Here we will call it RDS Farm.
Go to the Active Directory tab and search for the designated RD servers. Here, Microsoft has separated the option of deploying Remote Desktop Services from all other roles and features. Select the option Remote Desktop Services Installation and hit next.
There are two different deployment types: Standard and Quick Start. Quick start is an option to be used mainly for testing purposes or for a proof of concept. The Quick start option will deploy each role for Remote Desktop Services on a single server. In this case we are doing a full deployment and will use the standard deployment option. Select Standard deployment and hit next. There are two different deployment scenarios.
Remote Desktop Services Updates Revealed – Windows Server 2012 R2
The first is for a Virtual machine-based desktop deployment VDI. Since we are focusing on the traditional form of Remote Desktop Services, we will choose the Session-based desktop deployment option. Click next. On the Review Role Services screen it will list a description of the three minimum roles required for the deployment. Review the items and hit next. Now we need to specify which server will be our RD Connection Broker.
The RD Web Access server has a very small footprint and a lot of times it is easier and more practical to share this role on the designated RD Connection Broker server s. For the RD Session Host servers, we have 2 designated servers. On the confirmation screen we can see our proposed configuration.
A message will appear stating the RD Session Host servers may require a restart. Once checked, hit Deploy. During the deployment, you will be able to view the progress of each role as it is being deployed.There are two Knowledge Base articles available for RDS at Microsoft that explain the prerequisites and necessary steps to install these updates.
If everything is running fine, forget this article. But if you feel like something is not working as expected go through the updates and the descriptions and check if you could resolve one of your issues by installing the specific update.
The attached script will help you find the installed and missing updates for every RDS role. I have a fully patched Windows Server R2 server available for my test with all RDS roles installed on it without the virtualization role because it cannot be installed side by side with the Session Host role on the same system.
After that I ran my script and checked what is already installed and what not. With a fully patched system the Rollups and Updates listed below are already installed so forget about them :. I had to make a few test rounds and installed the updates on three different servers in my lab to get only the updates that are needed.
Somehow the behaviour documented in the table at the end of this blog might change with future updates.
Setup Remote Desktop Services in Windows Server 2012 R2
It should be reproducable today with fully patched Windows Server R2 servers. Here is the script you can use to check your infrastructure roles.
It only checks for the presence of the infrastructure roles and the updates that belong to them. Use it as your own risk. I created packages for all the necessary referenced updates in this article. This overview has additional information for every update.
Go through it to find the MSU names, prerequisites or the installation order for your own needs. All information without warranty. If you feel something is wrong or works different for you let me know. Windows RT 8. The updates must be installed in the following order: clearcompressionflag. May update rollup for Windows RT 8. August update rollup for Windows RT 8.Storage capacity requirements can be dramatically reduced by using the Data Deduplication feature.
Data Deduplication on the SMB server caches frequently accessed data, allowing performance improvements on many read-intensive operations, including parallel remote client boot. In Windows Server R2 RemoteApp programs are one step closer to the look and feel of local applications by including support for transparency, live thumbnails, and seamless application move that allows the application content to remain visible while the application is moved on screen.
In Windows Server R2 Quick Reconnect improves connection performance enabling users to reconnect to their existing virtual desktops, RemoteApp programs, and session-based desktops more quickly.
In Windows 8. This translates to seamless device rotation, and monitor addition and removal for example connecting to a projector or docking a laptop for both remote sessions and RemoteApp programs. Graphics intensive applications that rely on DX Windows Server R2 introduces the following functionality:.
Windows 8. Using this mode with administrator credentials, the remote desktop client attempts to interactively logon to a host that also supports this mode without sending credentials. When the host verifies that the user account connecting to it has administrator rights and supports Restricted Admin mode, the connection is successful. Otherwise, the connection attempt fails. Restricted Admin mode does not at any point send plain text or other re-usable forms of credentials to remote computers.
Once connected to a host in RestrictedAdmin mode, the user will not be able to seamlessly access other network resources from that host using the credentials they provided to the remote desktop client. Remote Desktop Services is a server role that consists of several role services. Users can connect to RD Session Host servers in a session collection to run programs, save files, and use resources on those servers. Allows users to reconnect to their existing virtual desktops, RemoteApp programs, and session-based desktops.
Enables you to evenly distribute the load among RD Session Host servers in a session collection or pooled virtual desktops in a pooled virtual desktop collection. RemoteApp and Desktop Connection provides a customized view of RemoteApp programs and session-based desktops in a session collection, and RemoteApp programs and virtual desktops in a virtual desktop collection. You can use RD Licensing to install, issue, and track the availability of licenses.
Remote Desktop Gateway RD Gateway enables authorized users to connect to virtual desktops, RemoteApp programs, and session-based desktops on an internal corporate network from any Internet-connected device.
The Remote Desktop Services server role in Windows Server provides technologies that enable users to connect to virtual desktops, RemoteApp programs, and session-based desktops. With Remote Desktop Services, users can access remote connections from within a corporate network or from the Internet. In Windows ServerRemote Desktop Services offers enhanced support for the following scenarios:. In Windows ServerRemote Desktop Services includes new ways to efficiently configure and manage your virtual desktops.
Some of the enhancements include:. Unified central experience — Deploy VDI quickly, and then manage your pooled and personal virtual desktop deployments through a new unified central experience. Automated and simple single-image management — Take advantage of automated ways to deploy and manage pooled virtual desktops with a virtual desktop template. User personalization — Preserve user personalization settings for pooled virtual desktop deployments by using user profile disks.
Less expensive storage — Use inexpensive local storage with live migration functionality between host computers for pooled virtual desktops. Personal virtual desktops can use the less expensive SMB central storage. In Windows ServerSession Virtualization deployment in Remote Desktop Services includes new ways to efficiently configure and manage your session-based desktops. By using a Session Virtualization deployment scenario, centralized management and installation is enabled.
Session Virtualization in Windows Server offers the following benefits:. Unified central experience — In Windows Serveryou can deploy Session Virtualization quickly and manage your deployments through a new unified central experience. Simplified and centralized deployment — Simple scenario-based installations allow you to create an entire session collection at one time.The following error occurred: "".
This maybe voluntary administrator restart or a configuration driven restart due to RDG server certificate change. RDGatewayManager looks good and has the free godaddy remotewebaccess. Brand Representative for Microsoft. There is no old cert, this is a new setup using the Anywhere Access wizard. I removed the domain, removed the SSL cert and recreated it with the wizard using a different domain name and it still has the same issue it automatically change the cert in IIS and RDGM.
The server is not running any 3rd party AV it does get scanned from anther computer IIS is just setup with the default website no other binds and works file, I can use the remote web workplace site without issue I just cant start the RDG service. Get answers from your peers along with millions of IT pros who visit Spiceworks. Which of the following retains the information it's storing when the system power is turned off? Gregory for Microsoft This person is a verified professional. Verify your account to enable IT peers to see that you are a professional.
By chance do you have Symantec AV or internet security installed on this box?
Microsoft Remote Desktop Services expert. Are there any log files I could look over? Turns out there was a service running using port some bandwidth control service. Replace Attachment.
Add link Text to display: Where should this link go? Add Cancel. Insert code. Join me to this group. Read these nextWould love some help with an issue I been struggling for a couple of days now.
I have a RDS R2 Gateway configured and it works great with all Windows clients both internal and external communication. I installed latest RD Client from Microsoft and it works great from the internal network but as soon the device is moved to an external network the client get an error while connecting. Gateway is located in the domain network. This is what I see in the log file from the RD Client. Solution 1. Click OK to authorize the server when prompted.
Solution 2. Restart the RDS host and Gateway server. Secondly and the most important is to configure an alternate address that match your public certificate. All commands need to be run as administrator in PowerShell. To show you current configuration run the following commands:.
By continuing to browse this site, you agree to this use. Learn more. Office Office Exchange Server. Not an IT pro? Sign in. United States English. Ask a question. Quick access. Search related threads.
Remove From My Forums. Answered by:.RD Gateway. The configuration has been simplified in Windows Server and R2.
Configuring Remote Desktop Gateway (RD Gateway) in Windows Server 2012 R2
It offers the following benefits. It is recommended to always use certificates from a public Certificate Authority or an internal Certificate Authority.
Self-signed certificates will show as untrusted as you will see in the example below. In the real world you would deploy using certificates from a CA your client trusts. Select RD Gateway. Select the server name below and click the arrow to add it to the right hand column. In the below example the external clients would type rdpfarm. For an encrypted. Click Next. The information at the bottom lets us know the deployment was successful however a certificate needs to be configured.
If you click "Configure certificate" you will be able to configure each roles needed certificate, however for informational. Click Close. Next click on Tasks and click Edit Deployment Properties. From here we can edit many of the deployment settings. Our concern now is specifying a certificate. Since all roles are installed on a single server in this deployment, we need to be sure to use the same certificate. Here it is possible to run in to some issues if using self-signed certificates.
Since we do not have a purchased certificate or a CA of our own, we will click Create new certificate …. Pick the certificate name, which needs to match the external FQDN of the server. We have the option to store it. Not necessary here but a good idea if you back up.
You must allow the certificate to be added to the destination clients Trusted stores. Click OK.
Click Apply. As you can see I have applied the cert to both Roles here and it is Untrusted. This once again is because it is. Click OK when finished. It would look more like what you see here.
This is what you want for any real-world setup. You have now successfully configured the RD Gateway. Select RD Gateway Select the server name below and click the arrow to add it to the right hand column. For an encrypted connection to be successful the certificate name must match the FQDN.Microsoft Remote Desktop Services [RDS] allows users to access centralized applications and workstations in the data center remotely.
If your environment is large you will want to separate these roles to spread the resources across multiple servers.
No matter which setup you pick they both can scale outward depending on user growth. For my documentation I went with a single server called a Quick Start setup. If you have a large number of users you will run through the Standard deployment where the three core services run on separate servers.
Either option will allow you to grow with your environment! We are setting up application publishing. Change selection to Session-based desktop deployment and click Next. Click Next. Check the box labeled Restart the destination server automatically if required then click Deploy.
Here is what the progress window looks like. Once finished click Close. A collection is a logical grouping of RDSH servers that application can be published from. It will scan your RDSH for installed applications and display them in a list. I have the vSphere Client installed, select your application then click Next. If you want to remove Domain Users you must first add a user or group first before you can remove it.
There has to be at least 1 in User Groups. Remember this is at the Collections level. By default all RemoteApp programs inherit these permissions. You can now Add and Remove the permissions inherit from the collection.
Click Apply and Ok to save you changes. Once logged in you will see applications that you have access to. Click on a application to launch it. If you get a certificate error click Continue. The application should launch! I need to know the steps on joining a domain or creating one. It wont let me pass Quick Start part. I look everywhere and cant find a decent tutorial… Please help. It is placed on the edge of your network and acts as the entry point to your RDS environment externally.
Change selection to Session-based desktop deployment and click Next Since we did the Quick Start selection the Connection Broker, Web Access and Session Host roles will be installed on the single server.
Click Next Check the box labeled Restart the destination server automatically if required then click Deploy Here is what the progress window looks like. There has to be at least 1 in User Groups Once you have a second user or group you can now remove Domain Users. Is it acceptable to have the Gateway also serve in the Licensing Role? Leave a Reply Cancel reply. Sorry, your blog cannot share posts by email.