< -- BuySellAds Ad Code ALLEN -->

Windows Server 2012 – Install and Configure Remote Desktop Services

In this guide we will install and configure the Windows 2012 Remote Desktop Services Role. We will configure the website for RDWEB access and also configure remote app apps locally through the remote desktop client. Before we start bare in mind RDS is not supported on a Domain Controller, it may work but you may come across lots of issues while installing, also if you plan to connect to applications with the remote web site (RDWEB) and do not want an annoying certificate error for your users  then you will need a certificate which matches the A Record you want to hit externally. For example remote.techieshelp.com. SSL Certificates are available from GoDaddy. Once purchased then read how to install SSL certs into iis7 here. Read on!

Windows 2012 Install Remote Desktop Services

As with all other roles we need to first launch Server Manager so we can install the Remote Desktop Services Role, once launched then select “Manage” from the top right hand corner and select Add Roles and Features as seen below.

add roles and features server 2012

You will now see the standard welcome splash screen, click next to continue. On the next screen you get to choose what type of Installation type we are doing. Select Remote Desktop Services Installation. Then click next. ( Remember click the images to zoom in. )

remote desktop services installation

In my environment I will be running a single server, as you can see there is a wizard for this called “Quick Start”, select this option to continue.

Single server remote desktop

In remote desktop services 2012 you get the option of deploying full virtual desktops with their own applications or traditional session based desktops that can be published via a web-page or via remote app. Here we are deploying a session based environment. Select this option and continue.

Remote desktop session based

The following screen states that it will install all of the required roles on one server. in a multi server environment you create a pool and you can select what role is installed to each server, you can load balance etc if your environment is a large remote desktop environment. In this deployment all the roles are on one server. Click next.

Remote desktop services pool

You wll now see the summary screen, to start the installation you must put a tick in the box to accept the server will reboot, Do so and click deploy.

The server will now go away and install the roles. Once done click close. The server will reboot.Upon reboot remote Desktop Services will continue to install, once done close the screen/

Server 2012 – Configure Remote Desktop Services

You will see in server manager you now have a Remote Desktop Services option. We now have a nice network diagram as seen below, the sections we are going to configure first is RD licensing.

 

Configure remote desktop servers.

Click the RD licensing icon and either add the server as your license server or point it to your existing license server on the network by entering the server name or IP then click the forward arrow. Then click next then add to install the role

 

install remote desktop licensing

 

Setting Up Remote Desktop Licensing Server 2012

We now need to configure server 2012 remote desktop licensing.You will need to purchase Remote Desktop CALs these are concurrent which means you buy the amount of licenses for the amount of people that will use remote desktop. Or if you have only 100 devices that will access remote desktop then you but 100 device CALS, links below. Once purchased you will receive license codes that we install later.

Device CAL Above                                            User CAL Above

Once done we need to add the licenses as the diagram below shows. Select Tools > Terminal Services and launch Remote Desktop Licensing manager, then right click your server and Activate, follow the wizard and enter you companies details until you get to the install licenses screen. Select the type of license you own and have been sent when we purchased CALS above and enter the details. Once checked by the Microsoft clearing house the license is now fully configured.

install RD licenses 2012

Server 2012 Remote Desktop – Deploy Applications.

Now the role is installed and licensed correctly we can deploy our applications. They are now called “collections. In Remote Desktop Services in Server Manager. select the collections, you will see the newly created collection called QuickSessionCollection, select it and you can add any application that is installed onto your server. Once selected click confirmation and then publish. We are now ready to access these applications.

deploy applications remote desktop servicesAccessing Remote Desktop Services Applications

Permissions. Any user that you want to be able to access these apps MUST be a member the domain level Remote Desktop Users in Active Directory. Additionally, in the local server policy check that remote desktop users is allowed to “log on locally“. this is normally enabled by default.

To access the web apps, in your browser of choice hit.

https://servername/rdweb or https://externaldomain/rdweb

You will get a certificate error if you do not own one from GoDaddy or other SSL providers with your servers name etc, the certificate you need is as seen below.

go daddy ssl

You will also need to add the external A record name if you plan to use from outside the office. Then it is a case of installing the SSL cert into IIS7 . Once logged in with valid credentials you will see your apps.

To launch an app over RDP simply enter the correct details in your connection and save the connection.

RDP launch application

If you have purchased and SSL Cert for RDWEB here is how to install the certificate into IIS7

Remote Desktop Services in Server 2012 is now configured. For more information view Microsofts Official Remote Desktop Services page.

Tags: Remote Working

Allen White

Allen is an IT Consultant and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5, 6 and HP ASE, AIS - Network Infrastructure.

Comments (41)

  • Avatar

    Linda

    |

    Hi, thanks for this tutorial.
    but is it also possible to install rds without an active directory.
    i’d like to install it on windows azure, and with an active directory it is more expensive.

    could you give me some tips and tricks?
    i installed the rds role, but i have problems to do some properties and licenses things..

    thanks Linda

    Reply

    • Avatar

      Allen White

      |

      Hi Linda, the role will install fine however the license server will be in workgroup mode, you would need to create users on the TS server

      Reply

  • Avatar

    Ferry

    |

    When i press the install button i get a failed message at Remote desktop Services role services, then it says i need to reboot and the whole story begins again. Please help me!

    Reply

    • Avatar

      Allen White

      |

      Hi Ferry, Is anything logged in event viewer under App or System logs?

      Reply

      • Avatar

        Ferry

        |

        Hello Allen,

        Thanks for your reply, i have this error logged:
        The Remote Desktop Management service terminated with the following service-specific error:
        %%2284126209

        Reply

        • Avatar

          Allen White

          |

          Morning Ferry,

          Is this installed on Domain Controller?

          Reply

          • Avatar

            Ferry

            |

            Hello Alllen,

            It said that i have to installl a AD before installing, so i installed the active directory and therefore i have configured it as a domain controller.

            Is it not possible to do this on a AD or DC?

            If so must i have 2 servers running before i can use VDI?

          • Avatar

            Allen White

            |

            Hi Ferry, yes this explains a lot, RD Service is not supported on a DC as you have found out, the reason it mentioned AD is that the licensing side of RDS needs AD to function. I have seen it install and work a few times but it is random. This is why you are having these issues :(. You need active directory on a server and RDS on another server, this server could hold many roles though. If you think about it, if you install AD onto a server with RDS and deploy a desktop then users may have access to admin tools.

          • Avatar

            Ferry

            |

            Hello allen,

            Sorry for the many messages, i have fixed the strange IP issue, i can now connect from a computer to the remote desktop server. The only problem is that i cannot login because it says access denied, if i do this locally with MSTSC i can connect with that account without problems.

            Greetings,
            Ferry

          • Avatar

            Allen White

            |

            Hi Ferry, im on a project this week so finding time to reply is tight, im presume its with the same user? is the user a member of the remote desktop users group?

          • Avatar

            Ferry

            |

            Hi Allen,

            Yes the member is put into the remote desktop users group. But i get the error: “The requested session access is denied.” when i try to login.

            Greetings,
            Ferry

          • Avatar

            Ferry

            |

            I resolved the issue 🙂 The settings were that it wanted to take over the console but that is not authorized. Changed it in the settings of the ubuntu terminal server client and it worked. Now i have to change the group policies. Trying to find out how i can change the group policies on a AD.

          • Avatar

            Ferry

            |

            Hi Allen,

            you really have been a big help for me! I have found the gpedit for active directory users. But what i find confusing is that you have to disable all the administrator programs like servermanager, registry editor etc manually but isn’t there an option that i can set a policy or something like that to disable all the server management tools at once?

            Hope you can help me.

            Greetings,
            Ferry

          • Avatar

            Allen White

            |

            HI Ferry, there is nothing that I know of that will do this? How I would do it is I would create a TS profile for your users , then in Active Directory users and computers I would point the users to this profile path.Login as one of the users, Edit the profile so that the apps that you do not want them to use are removed from the TS profile.

            You could make these users members of a group, and set a deny on the folders that you do not want the users to have access to…

          • Avatar

            Ferry

            |

            Thank you so much Allen 🙂 You saved my ass big-time!

            Keep up the good work.

            Many thanks,
            Ferry

  • Avatar

    balachandar

    |

    Hi,

    I have installed RDWEB access..It is working fine. But i didn’t installed RD Licensing. How long it will be work.. Am using RDWEB access alone not remote desktop.

    Reply

    • Avatar

      Allen White

      |

      Hi,
      You will have the standard 90 days until it will not allow log ins other that 2 consecutive Administrator accounts.

      Allen

      Reply

  • Avatar

    Matthew

    |

    How do I get rid of the certificate error when I connect to the RDWEB portal?

    Reply

  • Avatar

    Pinti

    |

    I have tried your tutorial using a 2012 Member Server virtually installed in vSphere 5.1. The Installation stops with an erro. After this error the Server Management console cannot manage the roles for the Server. Any idea what could be wrong? This the only role planned for this server is the RDP role.

    Reply

  • Avatar

    Scott B

    |

    Hi Allen,
    I’ve setup a 2012 RDS on my 2003 AD, the license server role installs without error and I’m able to activate the license and it shows the correct number of per Device licenses, but when it does recognize the server as being licensed, the License Diagnostics says the licensing mode has not been configured. Have you heard of anything like this?

    Scott

    Reply

    • Avatar

      Allen White

      |

      Hi Scott, yes that means that you have not added the License server to the License servers group in AD

      Start RD Licensing Manager on the RD Licensing Server
      Right click the RD Licensing server
      Review Configuration

      You will see a yellow warning indicating an issue. Simply add the server to the group in AD.

      Hope this helps, if not pop back and ill try again 🙂

      Reply

  • Avatar

    Derek

    |

    Newbie here. I have a fresh install of windows server 2012 and I get hooked on the first step.I click the remote desktop services installation option and I get an error “The local server must be joined to the domain to complete the Remote Desktop Services installation option”
    I only have the one server in the environment it can’t be possible that I am supposed to have another machine just so it can be a DC to this one can it??? This is doing my head in. All I want is a machine that a few users (less than 10) can log into and run the accounting/invoicing software .package for the business.

    Reply

  • Avatar

    Paul

    |

    Great post. Got a question though. RDS 2012 all set up, added a wildcard SSL from GoDaddy but now starting a remoteapp takes about a minute. It was much quicker before adding the cert. Any ideas please. roles setup so far all on separate servers: Web Access, Connection Broker, 2 x Sesion hosts. On the plus side SSO works albeit slowly!

    Reply

    • Avatar

      Allen White

      |

      Hi Paul, glad it helped. Strange one that, cant imagine its the cert ..possibly a DNS issue now its been introduced. Is there anything showing on the client side application log in event viewer?

      Reply

      • Avatar

        Paul

        |

        Hi Allen, thanks for the quick reply. I’m looking at that now but nothing obvious yet…We have some some machines at XP SP3 as well and the cert has broken them. Not only does SSO not work, it prompts for credentials again but it then fails ‘An authentication error has occurred (Code: 0x80090327). It’s not live yet, still got a few weeks, but the cert is definately causing issues..even XP was working before.

        Reply

        • Avatar

          Allen White

          |

          OK the XP thing is a known issue, this means NLA is not enabled. Its a few registry keys. Check out this article..

          http://support.microsoft.com/kb/951608/

          Lets try that then take it from there 🙂

          Reply

          • Avatar

            Paul

            |

            That is enabled as it was working before the cert. I believe and I should have mentioned before these machines are on a different Domain, although it is routed on the network to get to the RDS servers.This must be where problem lies. The question is what can be done regarding the cert on the problem Domain or do I need a rds gateway and get those machines to come in via that?

          • Avatar

            Allen White

            |

            Ahh I see, tricky one. Are the domains on the same physical LAN? Is a trust an option? Is this an existing wildcard cert or just purchased for this purpose?

          • Avatar

            Paul

            |

            they are on the same LAN, didn’t really want to set up trusts tbh. The wild card is a new one purchased for this i.e. *.domain1. xp + win7 machines are on domain2. Win7 machines on domain1 work but just have the minute delay before the app appears. The project requires rds access from domain2, not necessary for domain1 yet. domain1 is a newer infrastructure with loads of capacity and is where the SQL backend servers are for an application and it’s access to these is the whole point. I will test the win7 machines on domain2 but imagine they will also have issues now the cert is in place.

          • Avatar

            Allen White

            |

            V strange as that’s the whole point of RDS – any user anywhere accessing a resource on a network they may not be a member of. I take it you have created user accounts for users on DOMAIN2 on DOMAIN1, then just created and RDS icon on the desktops with these credentials so it just passes through.

          • Avatar

            Paul

            |

            Just using my login to test, and using web access. Almost given up now…XP machine not working – upgraded to SP3,installedIE8, installed RDC7.0,installed hotfix for client (953760), enabled CredSSP, downloaded godaddy root cert and added to trusted roots on client but still get ‘The connection has been terminated because an unexpected server authentication certificate was received from the remote computer’. Doing my head in. And windows 7 still slow. Anyway rant over, back in next wednesday.

  • Avatar

    farmamick

    |

    Hi,
    I’m trying desperately to get a new Server 2012 up and running in an internal environment. I have got to the point where https://myserver/rdweb works – ie, I can see my published apps. But when I click the app, I get the window “A website wants to run a RemoteApp program…” (and I note that I see the path as myserver.mydomain.local in that window). I then get the error:

    RemoteApp Disconnected
    Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect. Type a valid Remote Desktop Gateway server address.

    The setup situation for this server is a little weird. Its a AD server, but will not have a fixed IP address, and will not do DNS at all. The internet router will do that job. I note that https://myserver.mydomain.local does not work at all.

    Any pointers would be greatly appreciated. I am doing this as a favour to an old work colleague, and I feel like I am missing something simple – and am feeling stupid about it.

    Thanks

    Reply

  • Avatar

    Paul

    |

    Quick update on the issues above, Win7 slow access to apps and XP. Both related really.Used ‘netsh winhttp set proxy’ command on windows 7 machines which looks like it allows crl revocation check to Godaddy. Before this it was trying to get to Godaddy servers to check the cert and after a minute or so giving up and allow connection anyway. With Windows XP/Windows7 on the other Domain adding the GoDaddy.com domain to the authentication exemption on a Barracuda proxy fixed the cert errors for them as well. So all working 🙂

    Reply

    • Avatar

      Allen White

      |

      Excellent, that’s a tricky one that, never ever came across that. Thanks for the update, will be useful to a lot of people 🙂

      Reply

  • Avatar

    Paul

    |

    Hi Allen got another query. How do you create a remoteapp but make it available only on specific session host servers. If it was Citrix it would easy. I want to publish an application but not have to install it across all servers?

    Reply

  • Avatar

    Paul

    |

    Forget my last query about publishing apps on specific servers. The answer appears to be create another collection

    Reply

  • Avatar

    Wiliam B

    |

    Thank you, Allen. This is the first useful and understandable article I have found on the topic. You are head and shoulders above any MS Technet people. I wasted so much time before I found this. Three cheers to you.

    Reply

  • Avatar

    Greg Hancock

    |

    Great article, kudos to you. Most of the posts on installing RD Gateway apply to RD Services configurations. I am looking for concise instructions on installing RD Gateway on small networks with single servers that are DCs for connecting to network workstations. I have been successful in setting up RD Gateway so remote users can connect to their workstations. However, where I fail is in getting RDWEB to work. Only way it works is through MSTSC with the remote gateway settings and not through RDWEB… I get:
    Remote Desktop can’t connect to the remote computer for one of these reasons:
    1) Remote access to the server is not enabled
    2) The remote computer is turned off
    3) The remote computer is not available on the network.

    Again, if I use MSTSC and connect through the gateway to the workstation it works with no issues. Any tips on getting RDWEB to work would be appreciated. Thanks in advance!

    Reply

  • Avatar

    Satish Kr Malanch

    |

    Hello all,
    Can anyone tell me is it diffrent from previos micrososft terminals services in windows 2003. as i configured the RDP in server 2012 , now i am not able to find terminal services configration for licence and services deployment etc.Please help

    Reply

Leave a comment

Categories

Vote!

What Web Browser Do You Use?

View Results

Loading ... Loading ...

Vote!

What do you prefer..VMware or Hyper-V?

View Results

Loading ... Loading ...