We provide solutions customized to the needs of your industry. Whatever your industry or product, we can provide project, service, process, and content management solutions—to increase productivity and IT value.

As an IT systems integrator, our expertise is putting all the pieces together to get the job done, so we never have to take “no” for an answer. We help organizations improve business productivity in any department.

We are experts on the entire Microsoft enterprise product stack. These are Microsoft technologies we regularly deploy. We provide real business value through strategic guidance, technical expertise, and knowledge transfer.

+1 (866) 930-8356
Concurreny
Real Microsoft expertise. Real business value.

RDS8 – Quick and Easy, RemoteApp on Windows Server 2012

Read more Step-by-Step Guides on Remote Desktop Services in Windows Server 2012.

I’ll show you how you can set up RemoteApp publishing using a single server in less time than it takes to watch an episode of your favorite drama!

Honestly, you should be able to hammer this out in less than an hour if you are at all familiar with the new Windows Server Manager. It’s madness (in a good way!). There two things that you will need in place before you start your stop watch:

  1. RDS in Windows Server 2012 requires Active Directory, 2003 or newer.
  2. One server running a fresh and updated install of Windows Server 2012 joined to that domain.

Once you’ve got that, break out your stop watch. I’ll race you!

 

From the new Server Manager, click the Manage menu and select Add Roles and Features.

clip_image002[8]

One of many new features that the new Server Manager offers is the introduction of scenario-based installation. Remote Desktop Services is the only scenario installation type available, and that’s exactly what we want to do.

clip_image004[4]

If you really want to see the power of Scenario-Based deployments you’ll want to set up three servers and then try the Standard Deployment method, but to get this done quickly we’ll just use the Quick Start deployment which will put everything on one server.

clip_image006[4]

The Virtual Desktop Infrastructure (VDI) scenario will be used to allow each user to have their very own virtual machine, but we want to deploy the Session Virtualization scenario which is analogous to what everyone thinks of with Terminal Services; multiple user sessions working independently on one server.

clip_image008[4]

The local server you’re connected to should be added to the Selected list by default. Make sure that’s the server you are going to deploy all of the RDS roles onto and click Next.

clip_image010[4]

On the Confirmation page you’ll have to check the “Restart” option as the installation of the Session Host role requires a reboot. Then click Deploy.

clip_image012[4]

After the reboot, log back into the server and the Server Manager should resume to show you the status: Succeeded!

clip_image014[4]

Click the link at the bottom of the page to view the list of available RemoteApps.

clip_image016[4]

When connecting to the RDWeb page, you’ll get a certificate warning because the quick deployment uses a self-signed certificate which can be replaced later, so click Continue to this web site for now.

clip_image018[4]

You’ll also be prompted to run an Active-X Control which is the mechanism that allows the web site to launch the Remote Desktop client. You can click Allow here, but a Group Policy can be made to allow this automatically.

clip_image020[4]

Once connected, you’ll see a huge list of applications that are published already. This is a result of using the Quick Start deployment, and we’re not going to want to publish all of these Apps, so let’s take care of that right away.

clip_image022[4]

Return to the Server Manager and click on the new “Remote Desktop Services” page on the left, then click on Collections. “Collections” is a new term that describes a set of services that the RDS deployment offers such as a collection of RemoteApps, Desktop Sessions or Virtual Desktops. The Quick Start deployment already created a collection for us, but we’ll want to remove it and start from scratch.

Right click the QuickSessionCollection and click “Remove Collection. Then from the Tasks button, select Create Session Collection.

clip_image024[4]

Enter a Collection Name, something clever like RemoteApps works well.

clip_image026[4]

Now select your Session Host server and click the arrow to add it to the Selected list. There should only be the one server available here so it’s pretty straight forward.

clip_image028[4]

The default group of users that are allowed to access the applications in this collection will be Domain Users. You can be more specific if you wish, but you can also be more specific on an individual application bases as you publish them later.

clip_image030[4]

To keep things moving quickly, let’s skip the User Profile Disks for now. This is a very cool new feature of Windows Server 2012 (8 beta) that allows users on the session host to have their “local” data get automatically redirected to a different virtual hard drive instead of getting written to the actual session host server, but you can configure that later.

clip_image032[4]

Click Next then Create to finish the Collection wizard. When it’s done, you can click Close.

clip_image034[4]

clip_image036[4]

Now it’s time to publish the applications you really want to give users access to. From the Remote Desktop Services page, select the new RemoteApps collection you made and then from the Tasks button by RemoteApp Programs, select Publish RemoteApp Programs.

clip_image038[4]

You can select a program from the list or click “Add Another Program” to browse to an executable.

clip_image040[4]

When you’re happy with your selection click Publish, then Close.

clip_image042[4]

clip_image044[4]

Now refresh the RDWeb page and you’ll see only the applications that you selected.

clip_image046[4]

Click on one of them to connect to the RemoteApp.

clip_image047[4]

This prompt is Internet Explorer warning you that the Web Site is trying to start a program on your computer. It’s using the Active-X Control to launch the local RDP client (mstsc.exe). This warning can be suppressed by Group Policy once the web site certificate is replaced, but for now just click Connect.

Once connected, the application would look just like any locally installed application, but you’ll notice a new system tray icon that show you are connected to a Remote Work Place.

clip_image049[4]

And there you have it, RDS, Quick and Easy on one server in less than an hour.

clip_image051[4]

Now you can install new applications and publish them to your Collection. Just like Windows 2008 R2, you can deliver these RemoteApps from RDWeb or by subscribing to the RemoteApp RSS feed.

If you want to make these applications available outside of your organization, the next step will be to deploy the RD Gateway role, or if you want to go bigger, try doing a Standard Deployment to break the roles out to separate servers and add more Session Hosts, the equivalent to a RDS Farm.

N’joy!

 
 

Infrastructure Architect and Server Team Lead at Concurrency. Shannon is an MVP in Forefront and Enterprise Security, MCSE in Private Cloud and MCSA Windows Server 2012. He's also a self-professed media junkie. Just ask him about MediaCenter!

Find Shannon on: Linkedin

 
  • http://YourWebsite anon

    Hi, even though I found most of the settings I still hate the new user interface in 2012.

    Where can I select a different certificate for the session host? After an hour of searching I still don’t know… thanks microsoft.

    • Mohammad Irfan

      HI,

      I published some apps using these steps and facing issue
      with printing on local computer, I am not getting any error when i send
      print it complete successfully but printer receive nothing. if anyone
      help on this issue.

      regards,

      Irfan

      • russ

        Irfan, be sure to check the port the printer is using. Ive found that if you installed the software that comes with the printer, it will install a proprietary port not recognized by remote desktop and it cant communicate. If this is the case, and your printer is using USB, try re-installing the printer without the CD and just use the drivers instead. If it is a networked printer, install using the IP address as the port and not something else.

  • Pingback: RDS8 – Add a Licensing Server | Concurrency Blog

  • http://www.sztj.hu Tibor

    Hi, anon, I found it.. Select your collection, tasks/edit deployment properties, and there it is: certificates.

  • http://hexxus.net Hexxus

    Hey there, I found this guide very useful however I followed your instructions on a fresh server install, and when I started to create a collection, where you select your server for the RD Session Host I don’t have my server there. It shows “0 Computer(s) found”.

    Any ideas?

    • Sy5tem

      you have to remove the default collection. seems you can only have 1 collection per server?

      • Shannon Fritz

        You’re right that a server can only be a member of one collection.

  • deffer

    Hello,

    please can anyone tell me, how i can make rdp and msi files from the published programms?!?!

    Thanks & BR
    deffer

    • http://www.linkedin.com/in/shannonfritz Shannon Fritz

      Actually you cannot make them from the Server Console anymore, which is sort of unfortunate. I do not know of a way to generate MSI files, but I can tell you how to get the RDP files for the RemoteApps.

      First, use the “RemoteApp and Desktop Connections” control panel to subscribe to the RSS feed.
      Once connected you can click on the “View Resources” link which will open a folder of shortcuts (.lnk files)
      Open the Properties of one and you’ll see the shortcut Target is mstsc.exe and an RDP file
      Open that path in Explorer (Ex: %appdata%MicrosoftWorkspaces{F454D2C2-05B1-49EA-8C3F-CD97C8B13742}Resource)
      There you will find all the .RDP files which you can copy and put anywhere you want.

      Note: You’ll also find icons in %appdata%MicrosoftWorkspaces{F454D2C2-05B1-49EA-8C3F-CD97C8B13742}Icons

  • http://www.tes-com.nl Ronald Bok

    Hello,

    Our remote desktop server has a internal name of ts1.mydomain.local. The gateway server is on the same machine and has a external adress of remote.mydomain.nl. It has a Public certificate.

    If i start a remote desktop app from the remote app website i get a worning that the server name (internal name) is different of the certificate name (external name).

    How to solve this ?

    • http://www.linkedin.com/in/shannonfritz Shannon Fritz

      You basically have two options here:

      1. Get a Certificate that can validate both FQDN’s. This could be a 3rd Party “UC” cert, or issue one from your own PKI and distribute the certificate to your clients so they trust it. This is a messy approach and I would avoid it.

      2. Make an Internal DNS zone to server names for the external name on the inside. This will allow you to access the server from remote.mydomain.nl when you are inside or outside the corpnet. when outside you get the external address, wen inside you get the internal one. This will let you use one certificate for the external name, and if issued by a 3rd party, it’ll be trusted automatically.

      • russ

        Hi Shannon – I know this is an older post but I am faced with a similar situation. I went with a UC cert however but still faced with problems. I’m glad to have stumbled upon your explanation of creating an internal dns zone but I’m afraid I completely understand how to do what it is your speaking of. Do I just create the zone and create A records of the outside domain pointing to the inside ones? I’d love if you wouldn’t mind sharing a little more insight on this by shooting me an email.

        On a post lower than this I see your not sure how to create MSI files for server 2012 – Id be more than happy to share with you how I create them for your environment allowing you send these out to people outside of your domain.

        Thanks!
        Russ

  • Per-Einar

    What is the solution when you do not have DC function on another server????

    • http://www.linkedin.com/in/shannonfritz Shannon Fritz

      Remote Desktop Services in WS2012 does require a Domain Controller. The RDS role will not install if it’s not a Domain Member.

  • Pingback: Windows 2008 R2 Remote Apps / Access

  • Jonathan Sills

    Thanks for the guide, but one I’m hitting a wall. The app I’m trying to configure with RemoteApps is on a network drive and not on the server. Whenever I try to publish it, I get the following message:

    You must specify a file from the RD Session server
    SVTEST.INFO.COM by using the UNC path; for example
    SVTEST.INFO.COMc$pathfilename.exe.
    If the problem persists, ensure that the following Windows Firewall
    exceptions are enabled:
    1. File and Printer Sharing (SMB-Out).
    1. File and Printer Sharing (SMB-In).

    I have set up the exceptions and tried to publish the application by UNC, but I always get the same message. I am sure it is because the file is not hosted locally the server. Is there a workaround?

    • http://www.linkedin.com/in/shannonfritz Shannon Fritz

      Do you really want to execute an application over a UNC path? Could you instead copy/install the application on the Session host instead?

      If not, and not really knowing the application you are using, you might try to use a script (CMD, BAT, VBS, PS1) to launch the application. Put the script on the Session Host and let the script call the UNC path. Then publish the Script as a RemoteApp.

      In another post about changing the RemoteApp Icon I am publishing a script that runs IE in Kiosk mode. You can use the same thing to run other apps.

      • Jonathan Sills

        Thanks for the follow up. Yes, I do require to be able to execute the application over a UNC path. The application is home made and could be related to as “portable”.

        Moving the software it is not a possibility. Local users and remote users connect to the same app. While the remote app server is in the dmz, the file server is not. Some other reasons not under my control like centralized updates, etc.

        AFAIK, besides the files not being stored on the server, there is no actual drawback to running a software from UNC path. I find it rather sad that the wizard does not allow us to choose the file location which we want (especially if we can change it afterward like you point out). It’s not a feature, but an impediment.

        I guess I’ll change the published app icon or stick with WS2008R2 for now and hope for the feature to be back in SP1…

        • http://www.linkedin.com/in/shannonfritz Shannon Fritz

          In my experience, I’ve occasionally had problems with RemoteApps if the EXE that was published gets changed. It’s not always the case (think of how often WinWord.exe or iexplor.exe gets changed with updates) but I have had some third party exe’s that, if replaced, would cause the RemoteApp to fail to launch. This was with 2008 R2 anyway. I worked around that by using a “launcher” script and since that script didn’t change, the RemoteApp would continue to launch fine. Plus I could do other things with launchers like map network drives or set environment variables, etc, etc, etc before running the application.

          If you really wanted to, you could stand up the WS2012 RDS environment and then source this particular app from the 2008R2 session host. Giving you the best of both worlds…

          http://blog.concurrency.com/featured-post/rds8-add-a-2008-r2-session-host/

          • Jonathan Sills

            Seems that creating a new remote app through powershell works just fine when using UNC path.

            1- Run Powershell as admin
            2- Execute the following command:
            New-RDRemoteApp -CollectionName [collection_name] -DisplayName [remote_app_display_name] -FilePath servershareexecutable.exe

            Thanks for the PS suggestion!

  • John Panicci

    Great Articles. I have a question about drive redirection of local client drives. I would like to do it by group I would like all domain users to not be able to map local client machine drives and then create a new Ad group and add users to that group that are allowed to map local client machine drivbes in their remoteapp sessions. I know the collection properties has cleint settings, but that only allows you to give access to one group and not deny. I think it may have something to do with Rd CAPs?

  • Stephen N

    So I get that u need to deploy 2012 RDS on a box in a domain. What I dont’ get is why I can only choose Domain User accounts to have access to Published Apps… No local accounts are available for selection – what is the deal with this loss of functionality?

  • Håkan

    How can I publish remoteapps from windwos 2012 in UAG?

  • http://www.herke.nl Rogier

    Great post!
    I have a questions tho about an error I get when publishing a remoteapp that connects to my RDS farm.
    I have setup a RDWeb/GW server, a RDCB/Licensing and two RD session hosts with are loadbalanced. I created a remoteapp that needs to connect to “mstsc.exe /v: rdsfarm.domainname.com”. I create two DNS records for rdsfarm.domainname.com that point to both RD session hosts and round robin is turn on on our DNS servers. When I click the remote app, I succesfully can fill in my username and password but then prompts with this error:

    Remote Desktop Connection cannot connect to the remote computer. The remote computer rdsfarm.domainname.com that you are trying to connect is redirecting you to another remote computer named “hostname session host”. You must use the farm name, not the computername, when you connect to an RD Session Host server farm.

    What do I do wrong?
    Can someone explain how to publish a remoteapp so that users can login to our RD session servers.

  • Sean

    Now I want to see a post on how to integrate into SharePoint 2013

  • http://www.inquis.nl Ferry

    When i press the install button i get a failed message at Remote desktop Services role services, then it says i need to reboot and the whole story begins again. Please help me!

  • Joe

    Wow. Great post. Thank you. My question: If I implement Server 2012 Standard, how many users can connect with RDP at a time? I just need 4 and I’m hoping it will work with the basic installation without any additional CALs.

  • ronny

    sorry but this tutorial is very far from the minimum to be able to work remotapp. After numerous attempts at installing still does not work, works only with authenticated User Domain, or even within the own company works if the computer is not in the ad. It would be very useful for a blog like this remotapp faces the typical problems and issues that do not work. Enough to be annoying tutorials they say – and as easy to do. After more than 40 hours trying to figure things exploding Bin Laden becomes sympathetic.

    • Jonathan Sills-Martel

      Hi Ronny, the prerequisites section is quite clear at the beginning of the tutorial: Have AD and being a member of the domain.
      I have personally set up remote apps running through a vpn and run the apps from a different domain / workgroup and the initial configuration does not include anything else that what’s included in this tutorial. What is needed is a valid DNS and possibly redirect. But these are networking knowledge not being covered here.There are tutorials on how to integrate workgroup user into a domain, but this is not it.
      Yes, login with a domain user is a requirement and it’s all good that way. It’s a question of security. We’re in 2013 and you must expect business features (remote apps) to require business infrastructure (AD).
      P.S. If you have a problem with a configuration, I would recommend asking for help. Detail your situation (maybe it’s a special case to which the tuto you’re reffering to does not apply). If you just complain and insult the tutorial author, your problem will still be there and you possibly won’t be getting any help.
      On this I bid you a good day.

  • Doddsy

    This is fantastic but just ever so shy of what I was hoping for — a step-by-step config or RDS for use in logging in remotely to a 2012 server with the Licensing role installed. I just can’t seem to make this work. I can configure this role and all works well until I’m outside of my 120 day window — then POW! No licensing server is available to allow me to log in remotely. I’ve followed all of these instructions plus activating my License server and installing my 2012 RDS User licenses. In gpedit, I have set the Licensing server to look for itself on localhost, 127.0.0.1, and on its hostname — none of which work outside of 120 days even though the Licensing diagnoser shows that it is configured and sees itself porperly. I’m lost and banging my head against a wall! Any ideas you or anybody else here might share to expand upon what you’ve posted would be greatly appreciated! All the best from San Antonio…

    - Chris Dodds

    • Jonathan Sills-Martel

      Maybe the deployment and the licence don’t use the same licences. I’ve had issues at a client’s who had device cals on the licensing server, but whose deployment was configured to use user cals. The result was the deployment didn’T see any available license…

  • Bruno S. Oliveira

    Nice tutorial. I’m able to run the remoteapps on my debian clients (using rdesktop) but drive redirection won’t work. Is there any policy restricting redirection turned on by default? If yes, what is it?

  • http://www.facebook.com/yinwenx Yinwen Xuan

    Hi there, when I try to do your first step – install remote desktop services installation, it got a message: The local server must be joined to the domain to complete the Remote Desktop Services installation option. what I need to do? please help and Thanks!

    • Shannon Fritz

      RDS 2012 does have a dependency on Active Directory, so if your server(s) are not domain joined, you cannot use the Server Manager wizards.

  • http://www.facebook.com/yinwenx Yinwen Xuan

    then I install ADDS and create domain for the server, now it can go through, but when I doing the step of deploying RD connection Broker, RD web access and RD session Host, it failed. any idea why please?

  • Chris

    Great post! I wondered if you could help us. We already have port 443 pointing to an apache server and that apache server uses reverse proxy. I have not been able to get the reverse proxy and RDS working together so i need to run RDS on custom ports (webaccess and remote desktop gateway). Any chance you can help with this?
    What i have now is a RDS install accoriding to your post (port 443 for webaccess and RDG). Inside when going to https://192.168.123.xxx/rdweb, i can launch the published apps and everything is working fine. Now, we need to get to webaccess and i assume RDG on a custom port so users on the outside can reach their apps. I would greatly appreciate any help

    • Simon

      Hi Chris

      I don’t know if you ever found the solution to your issue.

      I only have one public IP, on which port 443 is already used for Exchange Web Access, so I have been searching a lot for how to run RemoteApps on another port (eg. 4444 instead of 443).

      I found this solution (unfortunately I don’t know who to credit for this as I can’t find the original poster):
      To get published remoteapps to work with RD Gateway on a port other than 443 before publishing any application one should basically edit “DeploymentRDPSettings” key in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerCentralPublishedResourcesPublishedFarmsWorkareaDeploymentSettings and add the port within the string right after “…gatewayhostname:s:yourhostname:yourportuse multimon:i…”. Thereafter all the deployed applications will inherit this setting.

      PLEASE NOTE: I have been unable to get User Profile Disks (UPD) to work using this solution. It seems that UPD changes somehing, so whenever this is activated, the above settings don’t work anymore.

      Hope this helps.

    • Abdul Hassan

      an easy solution would be to leave the RDS on port 443 and use Port Translation on the Firewall to listen on say port 4430 and pass the traffic to the host on port 443. This is also known as PAT significant other of NAT :-)

  • Jakub Faltýnek

    Hi, I have one question. Is there some official way in Windows Server 2012 to allow only run RemoteApp, but not Remote Desktop connection (also disable to run other application from Open dialog box in running RemoteApp)? Thanks.

  • Jakub Faltýnek

    Hi, I have one question. Is there some official way in Windows Server 2012 to allow only run RemoteApp, but not Remote Desktop connection (also disable to run other application from Open dialog box in running RemoteApp)? Thanks.

  • Felipe Oláh

    In RemoteAPP client the Remote Computer is a FQDN, but I don´t have it published on the web. I want to use an IP address on this field. How can I do that?

  • Felipe Oláh

    In RemoteAPP client the Remote Computer is a FQDN, but I don´t have it published on the web. I want to use an IP address on this field. How can I do that?

  • Simon

    Thank you for this guide.
    I would like to use a selfsigned certficate (generated from our DC/Certificate Authority server), however, I have not had much luck in getting this to work.

    Would it be possible with a new guide on how to get Server 2012 RemoteApp to work with a selfsigned certificate?

    Thank you in advance.

  • Rbjr

    Why do I keep getting a message that “the post installation configuration did not complete?” This fails the installation and cancels the rest of the steps.

    • BSorensen

      I am having the same failure. How did you resolve this?

  • Paul

    Hi Shannon is it possible to create a remoteapp but only publish it on specific session host servers in RDS 2012. I want to make an application available but not have to install it across all SH servers. Thanks Paul

    • Shannon Fritz

      You could put the “special” session host into it’s own collection. You obviously have have several SH servers as part of a collection, but you cannot have a session host tied to more than one collection. So if you publish notepad from collection 1 and collection 2, you will see notepad twice.

      • Paul

        Oh right, will look into that. Thank you.

        • Paul

          thought it worked but doesn’t seem to like applications from both collections running at the same time. Errors with remoteapp is not in the list of authorised programs or similar, gets a bit mixed up.

          • Paul

            just read RDP ver 8 should fix this :-)

  • Pingback: مشکل پرينتر با ترمينال سرويس Terminal Servise Windows Server 2008 r2

  • Harshad Lokhande

    Hi Can we share apps depending on user example user A mus be only able to view Calc and user B must be only able to view Paint

  • chribo

    Hi thank you a lot for this howto, it was very valuable for me! To be honest after studying it I purchased vnc (I know features differ but for my use case good enough) instead of using the MS tools. As an experienced *NIX admin and systems engineer I cannot understand that making things more secure results in a much higher complexity.

  • Brad Belcher

    I just did this setup on a new server. However, when I log into the RDWeb, I do not see the published apps. what is causing this? Server is part of a domain. The domain was a Server 2000 domain, but I raised the functional level to 2003. And of course I cannot connect via RDC to the server.

  • Jeff MacDougall

    This is great. When my remote desktop users are in a session i would like to have the Server Manager and Power Shell at least hidden from them. Also, what are the best methods for customizing the Taskbar and Modern Menu centrally for ALL RDS users?

Categories