This guide will show you how to deploy RDS 2012 on a single 2012 Server enabling the use of Remote Desktop Sessions and RemoteApps.
Point to note: This demonstration shows how to deploy RDS using Quick start. I will demonstrate how to deploy RDS using Standard deployment in a later post.
Preparing for RDS 2012
Before I Install RDS 2012, I will create the OUs and Security Groups required for my deployment. This will make the configuration of group polices easier later.
OU’s
- RDS Security Groups
- RDSH Servers
- RDS Servers
- RDS Computers
I have also created the following Security Groups for RDS
- Personal-Pool VDI Users : Remote desktop users with allocated Virtual desktops
- RDWeb Users: Remote desktop web users
- RemoteApp Users: Remote App users
- VDI Users: Virtual desktop users
There is no requirement to setup OU’s and security groups like I have done, but I would recommend doing so to improve the manageability of your RDS deployment.
Installing RDS – Session Based deployment
It is important to know that you can only have A Remote Desktop session or RemoteApps Session per Session Collection. There is a workaround (not supported) for this and is covered at the end of this post.
Installing RDS Single Server – Session Based Deployment:
Open Server Manager > Add Roles and Feature Wizard
Installation type > Remote Desktop Services Installation
Quick install allows you to deploy a RDS platform and create a session collect straight from install.
Installing RDS Session Deployment using PowerShell
Installing the Server Roles:
New-SessionDeployment -ConnectionBroker RDS1.test.Local -WebAccessServer RDS1.test.Local -SessionHost RDS1.test.Local
Creating the Session collection for Desktop Sessions:
New-RDSessionCollection -CollectionName TestSessionCollection -SessionHost RDS1.test.Local -CollectionDescription “Demo Collection" -ConnectionBroker RDS1.test.Local
Creating a RemoteApp:
new-rdremoteapp -Alias Wordpad -DisplayName WordPad -FilePath "C:\Program Files\Windows NT\Accessories\wordpad.exe" -ShowInWebAccess 1 -collectionname TestSessionCollection -ConnectionBroker RDS1.test.local
Post Install
After installing the RDS roles, you will need to then configure the RDS Certificates that will be required for access via the endpoint/client device. please see the following link for the configuration of RDS Certificates: Configuring RDS Certificates and SSO
Once the RDS installation is complete, you will see RDMS and this is where you can manage your RDS environment.
Adding Remote Desktop session to a RemoteApp session Collection
I mentioned earlier that you could only have a Remote Desktop Session Collection or a RemoteApp Session Collection.
There is a workaround for this and its easy to configure. you can also look at the following link which shows you how to enable this through the registry:
It is also important to note that there is a issue using both remote apps and desktop sessions on the same server, please see the following link for more details:
RDS 2012 R2 Apps and Session’s using UPD Issue
To publish a Remote Desktop Session you would need to navigate to RemoteApp Programs and select tasks.
Tasks > Publish RemoteApp Programs
Select Remote Desktop Connection
In the field: “Always use the following command-line parameters”
Enter the following:
/V:<FQDN of RDSH Server>
/V:RDS1.test.local
There you have it, a single Server deployment with RemoteApps and Remote Desktop Sessions.
Ryan Mangan's IT Blog 
Nice blog 🙂
I am new to Windows server as I come from a Unix background, I have installed Windows server 2012 and now I am trying to install RDS, I have followed your above example but the services fail to install. Some people tell me its due to the fact that my server had been configured as a DC. I now hear that I must install a V machine on top of my server, Question! Is this all necessary? Do I have to have RDS on a separate windows installation?
Your opinion will be much appreciated
Regards
Wayne
Cape Town South Africa
Hi,
The connection broker is a key component when deploying RDS 2012. The connection Broker role cannot be deployed to a domain controller and its recommended that you deploy a single server deployment to another domain member server. You can install certain roles on the domain controller but I would recommend you use another server.
When you try to deploy RDS to a domain controller, you will see the installation fail.
If you virtualize your server you can then deploy a domain controller and other VMs on the created hypervisor.
In Server 2012 R2, you can deploy the connection broker to a domain controller. Server 2012 R2 is due out in September (subject to change).
Best Regards,
Hi,
Thank you very much for the information, I now understand! I will give it another try this weekend. I discovered http://www.terminalserverplus.com, how easy to setup and configure.
I still want to use the Microsoft RDS route as I have purchased all the necessary licenses.
Just one question, do I need licenses for (printers hardware) that are attached to remote end users as I have only purchased a 10 remote user license?
I have seen quite a few articles of people saying do not install the licenses as a device cal rather use the user option, thus my question to you about the hardware licenses.
Best Regards,
Hi,
you only need to purchase Client/Device licences depending on your requirements.
The licences are for users who connect to the terminal services / Remote desktops.
Printers and other plug and play devices do not need licences.
Best Regards,
Hi, I have SBS 2011 with RD WebAccess, RD Gateway, installed on it. Another Server 2008 is present with TS Licensing, TS WebAccess, TS Session Host that hosts published applications. I can connect through remote.domain.com from outside and use These applications without any problem. Now I wanted to replace Server 2008 with Server 2012 and since I couldn’t find any migration steps I performed clean install of Server 2012 (Server 2008 is still present and functional) with RDS (Quick install – that means that WebAccess, Broker, Session Host is installed) and voila, everything was configured and accessible from inside LAN. Then I thought that I just need to add (like with Server 2008) servers’ name into RD WebAccess of SBS so that it points to the new Server, but nothing . I am not able to see published apps, but I can use them from within LAN. Do you know what should I do ? How to make Server 2012 apps accessible from outside ?
Thanks
Alex
HI Alex,
Firstly RDS 2012 is not supported or backwards compatible with 2008. I would suggest that you create a greenfield installation of RDS 2012. Apps should appear in the web interface if the users are in the correct security groups. You may have a permissions issue.
I would also Check the RD CAP & RAP policies.
Can you please provide the roles you have deployed and servers for your configuration. is there anything showing in the event logs ?
Let me know how you get on .
Best Regards,
I re-installed again 2012 because I thought Server 2012 RDS doesn’t need Broker as I didn’t use it before but after that nothing worked and after I added back Broker role I was not able to connect to Remote Apps anymore error RemoteApp Disconnected…
So I re-installed since I was not able to find the solution online, and now clean install of windows 2012, Add roles and Features, Remote Desktop Service Installation, Quick installation and installation failed ! My Apps on Server 2012 are online, working locally when I connect to Server directly but server is not recognized when I go to SBS 2011 Web access, configure page, and want to add server in the listed servers under Source Name, saying that Error: “RD Web Access was not able to access Server2012. Verify that the computer account of the RD Web Access server is added to the TS Web Access Computers security group on the RD Session Host Server.”
So first current servers
1. SBS 2011 over which I am accessing through remote.domain.com/RDweb, it has WebAccess role, Gateway Role with NPS (I may need to clean some policies since I have 2x CAP and 3xRAP ) but nevertheless it should work since 2008 server is working.
In WebAccess page, on configuration tab, name of the 2008 server is entered currently.
2. Legacy 2008 Server , it has TS role, TS Licensing Role, TS WebAccess Role. It has published apps and I am able to connect from outside the network as said through remote.domain.com/RDWeb.
3. New 2012 Server with Quick install as described in the first paragraph, Roles: RD Broker, RD Web Access and RD Session Host.
Can you please tell me what to do regarding the installation itself I know that if I repeat installation with remove-add roles some ghost files will appear example I will have 2x wordpad, 2x paint and nothing will work saying RDApp Disconnected with error IDs 1306, 802 and one more I am not sure which one ?
I would need to confirm with Microsoft but far as I am aware: SBS 2011 is not supported with RDS 2012.
You would need the following infrastructure:
1: Server 2012 : Connection Broker
2: Server 2012 : Web Access/RD Gateway
3: Server 2012 : Session Host Server
Server 2008 RDS is not compatible or supported when using RDS 2012. You can only use RDS 2012 with Server 2012.
Please see the following links:
https://ryanmangansitblog.wordpress.com/2013/03/11/deploying-rds-2012-single-server-session-based-deployment/
https://ryanmangansitblog.wordpress.com/2013/03/15/deploying-rds-2012-using-standard-deployment/
Best Regards,
Hello, I have only 1 pc with ws2012 on it, and i need an advice for this problem: give a remote access to 1 app for 4 persons. How to do that if I have only one i7 pc with static ip? I think it is possible to do this whit one pc if I install a another ws2012 as virtual in hyper-V. But i dont know how to configurate the network and the RDS for this. any help please?
You can run a i7 Computer as a Hyper-V server as long as you have a SLAT compatible processor. I would suggest that you create a network on Hyper-V, you would need to select an external virtual network and ensure that “allow management operating system to share this network adaptor” is selected.
Best Regards,
Hi!
I wonder if there is a way to make the RDP-Icon connect through a RD Gateway?
Best Regards!
Hi Stefan,
Yes there are many ways. You can build your own RDP file, change the settings in MSTSC and save it as default or you can configure the Gateway via Group policy.
Best Regards,
I know how to manually save a rdp-profile on my desktop but i meant that i wonder if i can make the rdp-icon in the rd web-page connect through the rd gateway? Sorry if i dont understand yor explanation.
Regards
Stefan
please see the post https://ryanmangansitblog.wordpress.com/2013/03/11/deploying-rds-2012-single-server-session-based-deployment/
Also when you are in RDweb, there should be a tab called connect to a remote PC which uses the RD gateway.
Best Regards,
So to put it plainly if one wants to deploy RDS so 5 users can access a remote application and you only have 1 server it is basically impossible correct? You can’t deploy RDS on a domain controller and you can’t have RDS without being on a domain.
correct, It is possible on Server 2012 R2 due out in Oct.
Best Regards,
on RDS 2012 RTM you are limited on the RDS roles you can deploy to a domain controller. RDS 2012 R2 which is due to be released in October will allow you to deploy all roles on a DC. Its not best practise but the ability to do so is there.
Hi,
please see the following link http://support.microsoft.com/kb/2833839/en-us?sd=rss&spid=16526&wa=wsignin1.0
Best Regards,
Hi Ryan,
I’m looking how to set a RDS 2012 environment, and at the beginning i thought it should be very easy. Now im a little bit confused with the following:
In W2K8R2 I configured a DNS Round Robin for my RDSH servers (RDCB not included). Whenever a client tries to establish a conneciton to the farm name (which is also the dns round robin name) the client got redirected to by the RDCB to a session host with the least number of logged on users.
I have read some article where in 2012 dns round robin is pointed somehow different:
DNS Round Robin for the RDCB (and not RDSH anymore). Is that right? And i read that users should not connect to the new RDS farm using mstsc and typing the farm name as it was in windows server 2008 r2 but they should use the rdp file provided in the RD Web Access.
I would be glad for any kind of information, because I’m struggling now for a long time.
Thank you.
Hi,
OK.. forget everything you know about RDS 2008R2.
The best way to look at it is by a simple deployment, 1 connection broker, 1 web access server and 1 session host. The most common way to access applications and sessions connections would be from the web access server. This the passes the information to the connection broker which then diverts traffic to the session host.
A farm deployment works the same. You can still connect to the RDSH farm name directly but the RDCB will manage the connection.
RDCB:-
“This is the “hub” of the RDS environment. It ensures that all user connections that are established to the various Session Hosts are maintained through disconnects and reconnects and play a key role in simplifying the single sign on experience”
you can also load balance Session hosts and the farm name is still created in DNS. you would need to configure the Farm in the RD gateway server.
Redirects have been removed from RDSH and relocated to the RDCB.
I have a few posts on HA RDCB and load balancing session hosts with KEMP.
I hope that answers your question.
Hi Ryan,
Thanks for the quick reply.
“A farm deployment works the same. You can still connect to the RDSH farm name directly but the RDCB will manage the connection.”
– Does that mean that dns round robin with entries for the RDSH servers are correct? So establishing a remote desktop connection to the farmname(collection name) f.ex. myfarm.mycompany.ch (which points to my RDSH servers) still goes over the RDCB? If yes, is SSO working this way?
“you can also load balance Session hosts and the farm name is still created in DNS. you would need to configure the Farm in the RD gateway server.”
– Why do I need to configure the Farm in the RD gateway server? What if I do not want to use one? I have set up 1 RDCB, 3 RDSH, and 1 RDWA server. SSO only works if i establish a remote desktop connection over RD Web Access. When I establish a remote desktop connection to myfarm.mycompany.ch (which is a dns round robin for my RDSH servers) i’m promped certificate issues. Thats why I’m overthinking my setup of RDS2012.
Sorry for all these questions.
Best.
Hi,
– Does that mean that dns round robin with entries for the RDSH servers are correct? So establishing a remote desktop connection to the farmname(collection name) f.ex. myfarm.mycompany.ch (which points to my RDSH servers) still goes over the RDCB? If yes, is SSO working this way?
Yes your DNS entries are correct. all traffic will go over the RDCB. SSO is for the web so you would need to enter your details unless you are using the RSS Feed which adds the Remote apps and desktop connections to your desktop. Point to note to bypass the connection broker /admin
– Why do I need to configure the Farm in the RD gateway server? What if I do not want to use one? I have set up 1 RDCB, 3 RDSH, and 1 RDWA server. SSO only works if i establish a remote desktop connection over RD Web Access. When I establish a remote desktop connection to myfarm.mycompany.ch (which is a dns round robin for my RDSH servers) i’m promped certificate issues. Thats why I’m overthinking my setup of RDS2012.
You will need to create a SAN certificate that contains you RDSH farm and each Server, you will also need to change the RDSH certificates, please see the following https://ryanmangansitblog.wordpress.com/2013/03/10/configuring-rds-2012-certificates-and-sso/. If you are not using a RDGateway fine there is no requirement configure the RD Gateway.
no need for apologies, Im here to help.
Best Regards,
Interesting, could be the solution for us! I posted a question about single server on technet that you answered very good, and the I replied but then your answer was gone, very strange. Would appreciate it a lot if you could view my comments to your replay at:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/673e1aa0-c7bc-41c7-b25e-4f779ad25f6a/single-server-solution-for-rds-ts-rdp-using-windows-server-2012-r2
Rgds
Petter
Hi Peter,
Apologies, I have been waiting for TechNet as they disabled my account due to a spam account. Everything is now back including my answers.
Best Regards,
Ah, I see…;-) I can now see your first answer, did you have any further comments to our (I think somewhat strange/unorthodox) ideas?
Yes ,
I would recommend that you consider a domain joined environment as RDS environments require a domain. option three will still need you create user accounts on the local server.
I think that it would be quicker to deploy a dc and a simple rds install.
Best Regards,
OK, sound wise. Posted some last questions in the forum if you have time…;-)
Ryan,
I have implemented an RDS farm with ~300 concurrent users and with the following servers:
(2) RDG
(2) RDCB
(7) RDSH
Randomly EVERYDAY we get issues where users cannot login. The most common error we see on the RDCB server is:
RD Connection Broker failed to process the connection request for user DOMAIN\user.
Error: Element not found.
In addition on random RDSH servers we see the following errors:
Remote Desktop Connection Broker Client rejected a call from an unauthorized ip address (RDCB Private IP).
HRESULT = 0x0
In the past (2) months I have not had a single day without users reporting connectivity problems. Any ideas would be appreciated.
-Damian Stalls
Hi Damian,
how do your users access RDS… internal/external ?
How have you configured your RDSH server (farm) or multiple session collections.
From the error shown, it looks like the connection broker cannot connect to the session host or vis versa.
Are you using Load balancers NLB or third party.
if you are using LB’s what is the balance method and persistence configuration of the VIP?
I would also upgrade your connection broker to a HA configuration . Freek Berson has a great post on the RD Connection broker performance and scalability.
Best Regards,
Good Day Ryan, I have a 2012 R2 server set up as a DC / ADS / and EXCH 2013. This is a sandbox server as I am getting ready to deploy Exchange 2013. Everything is working fine expect I can not get the “Session Showing” to work….in fact I can not get the “connections” box within the server manager / Remote Desktop Sessions to show up???….. The box can not do HV / VM stuff as the processer is not compatible. Is it a must?? My goal is to see the Showing working to upgrade my productions server to R2. Any ideas?? Regards – Everett
I found my answer….have to have an capable CPU…..
Hi Ryan,
We currently deploy hundreds of server 2008 R2 workstation servers to our clients for remote app purposes for our software. We are running into a lot of screen refresh issues which server 2012R2 seems to resolve. Unfortunately, it doesn’t seem to be possible to configure remote app functionality without being on a domain. Other forums mentioned this being possible through powershell but when I’ve tried this it fails when I have to enter the session host FQDN.
Are you able to confirm for me whether it is possible to configure RDS for remote app purposes without setting up AD?
Regards,
Sam
I can confirm that you don’t need a Domain to deploy Remote Apps in 2012 R2. I am currently in the process of creating a article to demonstrate this.
Best regards,
That is excellent news. I’m very interested to see your article.
Regards,
Sam
Hi Sam,
Please see the following article Deploying a RDSH Server in a Workgroup – RDS 2012 R2
https://ryanmangansitblog.wordpress.com/2013/10/30/deploying-a-rdsh-server-in-a-workgroup-rds-2012-r2/
Hi Ryan,
Your article was very informative, but this does not help me bypass the issue of creating remote apps in an RDSessionCollection.
The only information i have found on this regarding to Server 2012 R2, is to use powershell with the commands:
New-RDSessionCollection
followed by:
New-RDRemoteApp
When I try to create the RDSessionCollection, I get the following error:
Exception calling “GetCurrentDomainUserSid” with “0” argument(s): “Current security context is not associated with an Active Directory domain or forest.”
I admit I’m not skilled at configuring terminal services without a GUI, and I’m assuming if this is possible I’m taking the wrong approach.
Any advice would be appreciated.
Regards,
Sam
Hi Sam, I am looking into this as we speak, I will get back too you soon.
Is it possible to setup Multiple (Single Server Solutions) in a High Availability configuration?
Hi,
Are you referring to rdsh farms and rdvh clusters using rdweb, connection broker ha , gateway high availability . Or are you wanting separate rds deployments in the same domain….. Both can be achieved.
Hi Ryan, great article, I have two 2012 server in my domain. I need RDS in one of the server. So planning to make the other one as a 2012 licensing server. So, should I follow your article (single server method) in my main server and just install the licensing role in the second one and point to it? My users need to connect to remote desktop and run some SQL jobs on the main server,
Yes you can do that, why do you want to install the licensing on a separate server ? Remember to add the second server to the server group.
yes that should be fine, you can do away with all the RDS infrastructure if you just want terminal services… what I mean by this is add the RDS Session role and licence role together. If you want web services etc then deploy all the RDS infra.
Best regards,
I have a strange problem. I installed the RDS on one of the 2012 servers and made the other server as License server. First of all these two servers are in a different domain (not our corporate domain). But all users supposed to get access have this additional domain accounts as well. So they use the same domain accounts to RDP to the server which the server belongs, regardless their laptops and corporate accounts belong to the corporate domain.
1. An administrator of the destination domain connects from his laptop to the RDP server and uses the destination domain admin credentials – RDP works.
2. A normal user who is a part of the RDU group of the destination server tries the same – returns username or password error
3. A normal user who is a part of RDU group of the destination server tries to RDP from a machine belongs to destination domain – works!
That means a normal user, who have additional domain account in the destination domain and is aslo a part of the RDU group of the server has to RDP from one of the machines in the same destination domain, not his corporate laptop, though a domain admin of the destination domain can RDP to the server from his corporate laptop. Please help!!!
Are you using a gateway ?
Can you provide me with some more info on this. If what you are saying is correct, it sounds like a permissions issue. Have you checked the event logs, is there any messages shown on username or password error.
Best regards,
hello,
I am trying to connect to a collection consisting of 2 RDSH behind a gateway and a highly available RDCB via RDP and the name of the collection. I always end up on the RDCB and not on one of the servers in the collection. Do you know how i can connect to the collection?
Thanks in advance,
karel.
Hi,
Can you provide me with some more detail. Are you trying to connect via RDP or using RDweb.
Best regards,
So I have the following setup, Hyper-V Host, Two guests one a DC and the other Exchange 2013, so if I understand correctly I would need to add another server for RemoteApp Port 443 points to the Exchange Server, so is there a way I can avoid having to getting another ip address as I believe SSL can only point to one IP Address?
Thanks
Justin
you can change the port, or configure some DNS trickery.
http://www.isaserver.org/articles-tutorials/configuration-security/Publishing-Multiple-Non-SSL-Web-Sites-Single-IP-Address-using-ISA-Firewalls.html
Best regards,
Hi
I wonder have you experience this error:
The Remote Desktop Management service terminated with the following service-specific error:
%%2284126209
on server 2012r2 which has been promoted to AD DC
I tried link provided in MS FAST PUBLISH fix
http://support.microsoft.com/kb/2799605/en-gb
but it did not apply to my version of the server
Any help would be appreciated
AJ
Hi
Is there any way i can give user wise apps limitations example
User A must be only viewing Calc
and User B must be only viewing Notepad
It will be very helpful i i get to know how to do it.
Thanks in Advance
Harshad
The common way to do this is by using separate session collections to isolate security groups.
Thanks Ryan
I have win2012 Standard can you tell me how to do it please it will be very helpful.
Thanks in Advance
Harshad
You will need to deploy an additional session host then create the new session host. You will then be able to assign the different user group
Hi Ryan,
I am attempting to recreate a “Terminal Server” type of environment in RDS 2012. I had a Win2003 Terminal Server in my domain that users would connect to for one specific application central to the nature of my business. As the app and the number of users have grown, I upgraded my domain to Windows 2012, and the 2003 TS continued to function just fine. Users are directed to a specific .exe on the Terminal Server by a GPO covering their security group.
Wanting a richer desktop experience and faster graphics, I upgraded to a Win 2012 server with a nice GPU. I installed Remote Desktop Session Host from the “Role-based or feature-based installation” option, along with License Diagnoser. I then installed my app in “install mode,” with subsequent reversion to execute mode. I did NOT use the “Remote Desktop Services Installation” option, and I did NOT install either the Connection Broker OR the Web Access component. Going this route has led to NUMEROUS ERRORS, as one might expect. These are examples:
Remote Desktop Connection Broker Client failed to redirect the user DOMAIN\xxxuser.
Error: NULL
Remote Desktop Connection Broker Client failed while getting redirection packet from Connection Broker.
User : DOMAIN\xxxuser
Error: Remote Desktop Connection Broker is not ready for RPC communication.
The Windows All-User Install Agent could not update timestamp for user user account DOMAIN\xxxuser. The error code is 0x8007054F.
The Windows All-User Install Agent could not to retrieve a list of packages for the user account DOMAIN\XXXUSER. The error code is 0x80070002.
Nevertheless, the app functions just perfectly. The ONLY functional loss I have discovered is my apparent inability for a user with a default printer other than the default TCP-port network printer installed on the RDSH machine to redirect print jobs. When they try, they get this error:
The document Print Document, owned by xxxUser, failed to print on printer Dell B1260dn Mono Laser Printer (redirected 2). Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 589824. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\TS2012. Win32 error code returned by the print processor: 5. Access is denied.
The drivers on the RDSH server and the Windows 7 Pro workstation with the direct-USB attached B1260dn are identical. The user is in security group with permissions on the appropriate folders in Windows/System32/spool. The appropriate GPO settings have been made and tested with modeling.
Do not allow client printer redirection Disabled
Do not set default client printer to be default printer in a session Disabled
Redirect only the default client printer Disabled
Specify RD Session Host server fallback printer driver behavior Enabled
When attempting to find a suitable driver: Default to PCL if one is not found.
Policy Setting Comment
Use Remote Desktop Easy Print printer driver first Disabled
I have even tried giving that security group permission to restart the spooler service on the RDSH server. No luck with any of this.
I realize that my approach is totally unorthodox, but I really do not need the overhead of Web Access, or the added security risks that come with an IIS installation in my domain. I have tried installing the Connection Broker with RDSH role, but this leaves no one but the administrator able to connect. Is there some supported (or unsupported) way to achieve my goal without IIS and the Web Access component? Alternatively, were I to go with the recommended RDS install method, could I subsequently disable IIS and remove Web Access and still have the functionality I desire?
Thanks for your consideration of this issue Ryan.
I have been trying to find the same answer as you, John. Interesting how Ryan ignored your questions. Like you, I’m coming from a windows 2003 ts environment and have run into similar issues as you describe. All the articles and blogs I find on deploying remote desktop on a windows 2012 r2 server end up requiring your users to bring up a web link in order to get to a remote desktop icon. I haven’t found any references to using the “old” rdp client program as in windows server 2003. Did you find an answer?
Dear Fjacka,
I am intrested to know what you mean in your post “Intresting how Ryan ignored your questions”. Just to make it clear, there may be times when my priorities take precedence over replies to emails I receive from here. I request you to respect my efforts to share my knowledge and to understand my inability to reply.
Server 2012 / R2 Requires the Connection Broker and Web Access Role. The overheads and security issues are minimal and the fact that both the Connection broker require SSL Certificates should provide some form of comfort. I have deployed solutions in a workgroup where no connection brokers/rdweb are used but this can only be achieved using Device CALS.
Terminal services is a thing of the past, the product has evolved with a significant number of changes through its life cycles. To gain the full functionalty of RDS you need to deploy the required roles: RD Connection Broker, RD Web Access, and Session/VDI role.
disabling and trying to boycot the soluition will only cause issues as it has been designed to work with these roles.
Best regards,
Dumb question of the day. I set up RD to use with a hosted VPN. I followed another tutorial for setup and don’t have a “Quick collection”, although I created a test collection called GP (for Dynamics GP). I put some apps in it and saved it. My question is how to get a user who logs on to get just the screen you have above titled “Work Resources” with the allowed apps, when they connect?
Thanks.
Bill
Hi Ryan,
I appreciate all the good information. I do have one question I would appreciate some info on. I have my RD web access set up and working great. I’ve seen in other posts info that seems to indicate I should be able to see a “Shared Folders” icon on the RD website, but I don’t. My website looks identical to yours. I can open remote apps and I can connect to other PCs on the network. In the Essentials dashboard, there are setting that will block shared folders from being available through web access, but nothing that seems to enable it. Any insight would be greatly appreciated.
Sandy
A folder is used to segregate remote apps. You can create one in the session collection. I will add this to the list to do.
Wow. That was a quick response. Thanks. I’ve seen a few blogs where folders were created for the apps. I don’t think this is what’s missing, though. If you look at the image above of the RD website, you see the RemoteApps and Desktops section and the Connect to a remote PC section. I have the same thing. On some blogs, I’ve seen another section for shared folders and the Windows Server Essentials Dashboard seems to suggest that the Server Folders should be published there. However, there is no Shared Folder icon or section on the website no matter what I try. It just seems that the RD web access is much less functional if I can’t get to shared folders and files. Please let me know if I’m thinking about this all wrong. I think I’m mostly set up correctly, as the apps and remote PC function work great.
I sincerely appreciate your time. I’ve spent quite a while putting this all together and your info really helped.
Sandy
Can you send me a screen shot . You can send a direct email from the main page under contact me , I will then send the email address. It will be good to see what you are looking at
Hi Ryan,
Thanks for the tutorial,
I have followed your tutorial to the letter, my problem, when I connect with my windows 7 computer to the RDS server, I get the following error, a file tries to download called cpub-wordpad-RemoteApps-cmsRdsh.rdp, if i download this file and run it, I get “The remote computer could not be found. Please contact your helpdess about this problem. Their is no problem with my connection to the server, this works ok.
Yes it is wordpad that I have published.
Please advise where I am going wrong.
Thanks
Wayne
Hi Ryan,
I followed your tutorial and all works fine except that when I access my application from outside my network it disconnects me after 8 minutes of idle time. It does the same thing when I just minimize the application.
I have set keep alive to 1 minutes but no effect. I have set session idle time to never from GPO but no effect.
Please advise on what I am missing. thanks
I have a question that, I want to deploy RDSH in my environment but I have some requirement that:
1. If a standard user access on RDSH server through session based desktop it can view only the application icons on the desktop which I installed.
2. The session based desktop resembles to Windows 8.1/Windows 7 of Windows Server 2012 R2/ Windows Server 2012.
Kindly share me the solution if u have any, help me out.
This can all be configured using group policy and customising the metro theme. you can create a default profile for users http://technet.microsoft.com/en-us/library/jj134269.aspx
Hi Ryan
Love your blog and I have what may be a simple issue. I have single 2012 server configured with RDS using RD Web Access loading a couple of apps. It all works perfectly fine internally, but externally I get the following errors:
————————-
Error: Unable to display RD Web Access
An unexpected error has occurred that is preventing this page from being displayed correctly.
Viewing this page in Internet Explorer with the Enhanced Security Configuration enabled can cause such an error.
Please try loading this page without the Enhanced Security Configuration enabled. If this error continues to be displayed, please contact your administrator.
————————
The site is being loaded form an external PC (not a server) without ESC so that cant be it. Here are some details on suggestions I’ve used FYI:
1) I have configured a local DNS zone to use the external name example.domain.com, which works
2)The certificates for the connection broker (Single sign on and Publishing), RD Web Access and RD Gateway are all the same external CA for the external name example.domain.com. I have read mixed messages about using an internal certificate for the broker using the local computer name
3) I have created a farm name on the gateway with relevant IP and FQDN even though this is not a farm
4) In IIS RDWeb/Pages I have disabled HTTP redirects which was set by default. I had to do this to get the apps working internally, otherwise they failed at logon
5) Using PowerShell (Set-RDPublishedName ), I changed the RDPublished name to the external name example.domain.com. but I do note that the within the deployment properties the URL showing for RD Web Access is https://computernane.local, not the external name
6) Finally I have put the server into DMZ an disabled the local firewall which makes no difference so missing ports are not the issue.
—————————
I hope there is not too much information overload here and appreciate any insight you may have. Thanks very much
Regards Michael
I have a single server running Windows 2012 R2 that is our DC. Does R2 allow you to run RDS from a DC now? I don’t want to have to purchase another server just for three people to occasionally access the server remotely.
Hi Ryan,
Very useful information and thanks for this. I want to make session collections to restrict apps by user groups and each session collection will require a session host servers. How to install multiple session host servers can I install on 1 server?
You will need to have separate servers, you can use a hyper-V server and have multiple session host servers under a datacenter license.
Hi Ryan,
Thanks for all the great info. This discussion has spanned a lot of time. Let me ask something relating to beach305’s post on May 24, 2014 regarding setting up RDS on a DC/AD.
According to Microsoft with the release of 2012 R2, you can now install Gateway Connection Broker in conjunction with DC/AD. While this would most certainly still not be best practice, they state it is possible……however, in reading blogs and forums, etc. I have been unable to find anyone posting a successful example of this deployment….I have also not seen any rescinding of the statement by Microsoft. Everyone keeps talking about how it’s not a best practice.
So my question. Disregarding the best practice discussion, and sticking only to can it be done. Are you aware if this deployment is generally successful now that Microsoft says the feature has been added, or is it so rife with errors that is it virtually un-deployable, without significant almost never-ending troubleshooting and whack-a-mole tweaking. For can it be done, lets use a standard of “generally deploys and works as stated on first attempt, and if there is an issue, is generally easily addressed”.
Some links related to this:
– What’s New in Remote Desktop Services for Windows Server 2012 R2 / Blogs.msdn.com
– http://blogs.msdn.com/b/rds/archive/2013/07/09/what-s-new-in-remote-desktop-services-for-windows-server-2012-r2.aspx
– Single server RDS deployment including Active Directory. We now support running our RD Connection Broker role service on the same physical instance as an Active Directory Domain Controller. In addition, we published guidelines for how RD Session Host could be used without the RD Connection Broker
support.microsoft.com postings discussing the original incompatibility that now show resolution updates saying it can be done
– Remote Desktop Services role cannot co-exist with AD DS role on Windows Server 2012
– http://support.microsoft.com/kb/2799605
– Scenario 1:
• You have a computer that is running Windows Server 2012 with Active Directory Domain Services role installed
• You try to install Remote Desktop Connection Broker role
– Scenario 2:
• You have a computer that is running Windows Server 2012 with Remote Desktop Connection Broker role installed
• You try to install Active Directory Domain Services role
Cause:
• It was not supported to combine Remote Desktop Services role services and Active Directory Domain Services role on Windows Server 2012 RTM
Resolution:
• This configuration is supported following install of Servicing Stack Update of September 2013: 2871777 A servicing stack update is available for Windows RT, Windows 8, and Windows Server 2012: September 2013
Thoughts? What have you witnessed?
Hi Bill, I have just spun up a VM, deployed Active directory, RDCB, RD Web access and RD Session host. Works fine. The functionality has been around for a wile now. Make sure you are using the latest version of server 2012 R2 and its patched up to date. Deploy using Standard installation. Nothing else different to a regular install.
Bill have a look at the following link.
https://ryanmangansitblog.com/2015/02/22/deploying-rds-2012-r2-on-a-domain-controller-the-walk-through-guide/
Hi Ryan,
Thanks for the excellent writeup.
Question: Can RDweb be combined with RD Gateway on the same server? I’d like to have an RDweb page with just one shortcut for a desktop session, which would have to connect through RD Gateway,
Is this possible?
Thanks,
yes you can have both roles on the same server.
Best regards,
Yes it can, but check your sizing in terms of resource capacity.
Hi Ryan,
– How many users can login to RDS from internal network.
– How to Access RDS Online from External Network.
Please help.
Thanks,
good question, but what size setup. it all depends on your build and environment.
Can you have more than one 2012 RDS license server in an environment with the same licenses installed on it. I would want one active and one as a standby.
You can split licences or have one server issuing temp licences
Note: I don’t want RemoteApp capability – I have a Server 2012 with RDS Session Host and RDS Licensing roles installed. The problem is it doesn’t recognize the licensing server even though the licenses are installed. I have read that 2012 does not allow licensing and session host roles on the same server. Is this correct and if it is what are my options?
you need to set local policy or group policy. you can only use device licences when you deploy a session host outside of a RDS Deployment
Hi Ryan,
Here is my setup I was hoping you can help me with.
Server1
Roles installed: Broker, Session Host, Web Access, License Manager
Server2
Roles installed: Session Host
On server1 under collections I have added both session hosts severs. I have created two separate collections. Server1 on collection1 and server2 on collection2.
What I’m try to accomplish is to designate an app to only launch from 1 sever and not be load balanced. We have quickbooks installed on both servers and I would like a user to be able to launch quickbooks from each server but all have this under 1 webaccess URL.
that should work, you may need to create two Alias’s for Quickbooks and share user groups per collection
Hi Ryan,
Thanks for the detailed article, and I’m excited that you might be the man with the answers I need. I’ve seen several comments that feel adjacent to what I’m looking for, and I know that TS is dead and gone, but I’m a little turned around, so I’m gonna ask anyway. 🙂
I don’t need any slick VDI, RemoteApp, or collection-based deployments. I’m trying to replace what I have today using 2012 R2 boxes and would like to keep the bloat to a minimum.
An example of our environment today:
BoxA – RDS Licensing server
BoxB – Session Host
BoxC – Session Host
BoxB and BoxC are totally unrelated. They’re just tools/jump servers that we need for various endeavors, but we’ve got all of our CALs loaded onto BoxA. Is it possible to just install RDSH on BoxB and BoxC, and then install the licensing bits on BoxA? I’m trying to picture what the topology looks like here, and it feels excessive to setup collections, web access points, and a half-dozen role services, when my goal is to provide a very simple terminal services type environment via mstsc. I just need to have more than 2 concurrent users on a given box and would prefer to avoid too-complex of an environment to support that.
I don’t mean to fight the flow of technology here; Instead of BoxA being just a Licensing server, should I instead add the connection broker role service, configure a couple of session-based collections (each only using a single RDSH), and call it a day?
Hi Mike, you will can only use device licences when using session hosts on their own and everything would need to be configured via Group policy as you have RDMS. I would recommend using a layer 7 load balancer to control sessions too.
Thanks for the reply! So, if I created a single machine to handle all of our licensing (user-based CALs), built out separate/unrelated machines with just the RDSH role service, and then configured the RDSH boxes to point to the licensing machine via GPO, I’d be all set? If that’s the case, it sounds exactly like it was with previous versions, minus the GUI to configure the RDSH to point to a licensing server like we had in 2008. Am I just overthinking it?
Reblogged this on Guru365 and commented:
Excellent guide – Thanks to Ryan Mangan
Thanks Stephen
Hello,
I have a question about Remote Desktop Services. Can I configure both “Virtual-machine Based Desktop ” and “Session Based Desktop” on a same server?
the simple answer would be No.
Can I configure both “Virtual-machine Based Desktop ” and “Session Based Desktop” On a same Environment or on a same Domain..??
yes you can
Let me re-word. I want to setup a single 2012R2 server with a 5 session RDS. Is the above going to get me there?
A basic setup like shown would support 5 users. I would recommend that you ensure you have enough CPU, RAM, storage and bandwidth to support the 5 users
Ryan..thanks for responding to all these questions! Hopefully you can assist me. We have SRTERM-01 as a physical single server Remote Desktop services server, handling all roles execpt Licensing (on the domain controller). We would like to add SRTERM-02 as a virtual server, move all roles to it and then decommission SRTERM-01. Can this be accomplished by setting up a farm, or do I need to go to High Availability so I can move the RDConnectionBroker role? I see that you caution against High Availability because you have to completely reconfigure if you remove it. Thanks in advance for your assistance!
Yes this can be done. You would need to create all the new farm then remove the DC once everything has been setup
Add that you need to do import-module remotedesktop before executing the commands in PS, thanks!
Very good guide Thank you.
Hi Rayan,
We are planing to impliment session based (RD web) RDS on windows 2016 server for 50 users. I want to know what license are require for session based (RD web).
I’m not a licencing specialist. a MS partner can help.