We provide solutions customized to the needs of your industry. Whatever your industry or product, we can provide project, service, process, and content management solutions—to increase productivity and IT value.

As an IT systems integrator, our expertise is putting all the pieces together to get the job done, so we never have to take “no” for an answer. We help organizations improve business productivity in any department.

We are experts on the entire Microsoft enterprise product stack. These are Microsoft technologies we regularly deploy. We provide real business value through strategic guidance, technical expertise, and knowledge transfer.

+1 (866) 930-8356
Concurreny
Real Microsoft expertise. Real business value.

RDS8 – Standard 3-Node RemoteApp Deployment on Windows Server 2012

Read more Step-by-Step Guides on Remote Desktop Services in Windows Server 2012.

I’ll show you how you can set up RemoteApp publishing environment using three servers in about as much time as it takes to do it watch an episode of Dexter!

As crazy as it might sound, setting up a three server environment really doesn’t take much longer than a single server deployment but it offers you some fantastic flexibility and growth options. There two things that you’ll need in place before you start your timer:

  1. RDS in Windows Server 2012 requires Active Directory.
  2. Three servers running a fresh and updated install of Windows Server 2012 joined to that domain.

Once you’ve got that, break out your stop watch. I’ll race you!

We’ll be breaking out the three fundamental RDS roles, one on each server:

image RDCB image RDWA image RDSH

Remote Desktop Connection Broker.
This is the “hub” of the RDS environment. It ensures that all user connections that are established to the various Session Hosts are maintained through disconnects and reconnects and play a key role in simplifying the single sign on experience.

Remote Desktop Web Access.
A web site that simply hosts the list of available resources that can be reached through RDS. It also hosts an RSS feed that can be used in various places.

Remote Desktop Session Host.
The server that actually runs the user processes. This is what people sometimes refer to as a Terminal Server, although that term has officially been depreciated. When a user runs a RemoteApp or connects to a Desktop, it’s running on a Session Host.

 

One of the great new features of the new Server Manager is that you can mange multiple servers from the one console. There is no better example of the power that this offers than in deploying and managing Remote Desktop Services.

From the new Server Manager, click the Manage menu and select Add Servers.

clip_image002

Search for your three servers that will be used for RDS and add them to the selected list by using the right arrow button.

clip_image004

Once they’ve been added to the Server Manager, click on the Manage menu and select Add Roles and Features.

clip_image006

In addition to being able to manage more than one server now, the new Server Manager also introduces scenario-based installation. Remote Desktop Services is the only “scenario” installation type that is available, but that’s exactly what we want to do.

clip_image008

In order to use more than one server for RDS, we’ll do a Standard deployment.

clip_image010

The Virtual Desktop Infrastructure (VDI) scenario will be used to allow each user to have their very own virtual machine, but we want to deploy the Session Virtualization scenario which is analogous to what everyone thinks of with Terminal Services; multiple user sessions working independently on one server.

clip_image012

The next screen will just explain the various roles that will be deployed by using this wizard.

clip_image014

First we’ll select the Connection Broker

clip_image016

Then the Web Access server. Notice that you are given the option to install the RDWA on the Connection Broker server. This would allow you to do a Standard deployment with as few as two servers, but I prefer to leave the RDCB and RDWA on their own servers and later deploy the Gateway role to the same server running RDWA.

clip_image018

And finally we’ll select the Session Host server.

clip_image020

On the Confirmation page you’ll have to check the “Restart” option as the installation of the Session Host role requires a reboot. Then click Deploy.

clip_image022

After the roles are deployed and the session host reboots, the Server Manager should show you the status: Succeeded!

clip_image024

After clicking Close, you’ll see a new “Remote Desktop Services” page on the left. Select that then click on Collections.

“Collections” is a new term that describes a set of services that the RDS deployment offers such as a collection of RemoteApps, Desktop Sessions or Virtual Desktops.

From the Tasks button, select Create Session Collection.

clip_image026

Enter a Collection Name, something clever like RemoteApps works well.

clip_image028

Now select your Session Host server and click the arrow to add it to the Selected list. There should only be the one server available here so it’s pretty straight forward.

clip_image030

The default group of users that are allowed to access the applications in this collection will be Domain Users. You can be more specific if you wish, but you can also be more specific on an individual application bases as you publish them later.

clip_image032

To keep things moving quickly, let’s skip the User Profile Disks for now. This is a very cool new feature of Windows Server 2012 (8 beta) that allows users on the session host to have their “local” data get automatically redirected to a different virtual hard drive instead of getting written to the actual session host server, but you can configure that later.

clip_image034

Click Next then Create to finish the Collection wizard. When it’s done, you can click Close.

clip_image036

clip_image038

Now it’s time to publish the applications you really want to give users access to. From the Remote Desktop Services page, select the new RemoteApps collection you made and then from the Tasks button by RemoteApp Programs, select Publish RemoteApp Programs.

clip_image040

You can select a program from the list or click “Add Another Program” to browse to an executable.

clip_image042

When you’re happy with your selection click Publish, then Close.

clip_image044

And that really completes the set up the Standard deployment. You now have a Web Access, Broker and Session Host deployed with applications published via RemoteApp. Way to go you!

clip_image046

So how to you test it out? If you want to test it from one of your new servers, let’s first, let’s turn off the IEESC. From the Server Manager, select the Local Server page and click the link next to IE Enhanced Security Configuration and set it to Off.

clip_image048

Now open Internet Explorer (run c:program files (x86)internet exploreriexplore.exe) and enter the HTTPS url for your RDWA server, appending /rdweb to the hostname. For this example…

https://rede-rdgw-01.techrede.net/rdweb

This can be made easier to remember for you users by creating a DNS alias (CNAME) and even set up HTTP redirection later on.

clip_image050

After passing the certificate warning you’ll be promoted to run an ActiveX Control. Allow that to run and then log in.

clip_image052

Once connected you should see your custom list of applications that are available, so click on one of them to launch the RemoteApp.

clip_image054

You’ll be prompted by Internet Explorer with a warning that the Web Site is trying to start a program on your computer. It’s using the Active-X Control to launch the local RDP client (mstsc.exe). This warning can be suppressed by Group Policy once the web site certificate is replaced, but for now just click Connect.

clip_image056

Once connected, the application would look just like any locally installed application, but you’ll notice a new system tray icon will show that you are connected to a Remote Work Place.

image

And there you have it, RDS, Quick and Easy on three servers in about an hour.

Now you can install new applications and publish them to your Collection. Just like Windows 2008 R2, you can deliver these RemoteApps from RDWeb or by subscribing to the RemoteApp RSS feed.

If you want to make these applications available outside of your organization, the next step will be to deploy the RD Gateway role, or if you want to go bigger, try adding more Session Hosts, the equivalent to a RDS Farm.

N’joy!

 
 

Infrastructure Architect and Server Team Lead at Concurrency. Shannon is an MVP in Forefront and Enterprise Security, MCSE in Private Cloud and MCSA Windows Server 2012. He's also a self-professed media junkie. Just ask him about MediaCenter!

Find Shannon on: Linkedin

 
  • Pingback: Remote Desktop Services in Windows Server 2012, Step-by-Step Guides | Concurrency Blog

  • Chris

    2 Questions:
    1) How do you connect to the collections via the windows remote desktop connection and not the web page?
    2) How do you connect via remote desktop connection to a different collection?

  • Rick

    Thanks for this easy-to-follow guide. It helped me greatly. Could you provide details on how to suppress the warning on launching the remote app?

  • Hank Stallings

    I have been tasked to bring up a 2012 RDS farm quickly. I have three VMs (VMWare) and when I go through your steps, it consistently fails Checking compatibility saying the server I’ve chosen as the Session Host requires a reboot. I’ve rebooted the thing several times without it accepting it. I’ve tried each of the servers in that role, not go! I’ve tried putting it all on one server using the Quick Start, but it does the same thing. I found a PowerShell script that can get information on pending reboots and none of the servers need to be restarted.

    Any advice?

    Hank

    • Phillip

      I had same problem using Hyper-V. Solution: Do a fresh OS install with the three servers but DO NOT apply any MS updates or patches to the servers. This fixed my issue. There is some MS update that breaks the RDS role installation. Hope this helps.

      • Shannon Fritz

        I have seen this too Philip but I have not identified what update actually causes this. That said, I am using VMs that have the current set of updates and am able to deploy RDS fine.

  • Hank Stallings

    I have been tasked to bring up a 2012 RDS farm quickly. I have three VMs (VMWare) and when I go through your steps, it consistently fails Checking compatibility saying the server I’ve chosen as the Session Host requires a reboot. I’ve rebooted the thing several times without it accepting it. I’ve tried each of the servers in that role, not go! I’ve tried putting it all on one server using the Quick Start, but it does the same thing. I found a PowerShell script that can get information on pending reboots and none of the servers need to be restarted.

    Any advice?

    Hank

    • Phillip

      I had same problem using Hyper-V. Solution: Do a fresh OS install with the three servers but DO NOT apply any MS updates or patches to the servers. This fixed my issue. There is some MS update that breaks the RDS role installation. Hope this helps.

      • Shannon Fritz

        I have seen this too Philip but I have not identified what update actually causes this. That said, I am using VMs that have the current set of updates and am able to deploy RDS fine.

  • Shannon Fritz

    There are a number of scenarios that you need to consider in order to understand what needs to be done to suppress those warnings. the main solution, for your corporate users involves creating a GPO that indicates what web site is allowed to run the RDP client but listing the thumbprint of the certificate that signed the files.

    http://blogs.msdn.com/b/rds/archive/2011/04/05/how-to-resolve-the-issue-a-website-wants-to-start-a-remote-connection-the-publisher-of-this-remote-connection-cannot-be-identified.aspx

  • Shannon Fritz

    1) I think you are talking about the RD Gateway role. You open the MSTSC client, click Show Options then from the Advanced tab click the Settings button under “Connect from anywhere” and enter the URL for your Gateway server.

    http://blog.concurrency.com/infrastructure/rds8-gateway-and-certificates-on-windows-server-2012/

    2) You can connect to the name of any server in the collection and broker will take care of connecting you. I suppose you could also create a couple DNS A records to do round robin connections to all session hosts in the collection like a classic RDS Farm. You can also save the RDP file for the colelction from RDWeb and use that.

    http://blog.concurrency.com/infrastructure/how-to-deliver-remoteapps-from-windows-server-2012-rds/

  • Duncan

    Hi Shannon, thanks for your great writeups on this topic. I’ve got the single server deployment working in a lab environment and am now planning on doing a multi server production rollout as above. Just wondering if you could clarify this bit in your article – “but I prefer to leave the RDCB and RDWA on their own servers and later deploy the Gateway role to the same server running RDWA.” What’s the reasoning for this, is it load, security…? Thanks again and keep up the good work!

    • Shannon Fritz

      I see the RDWA and RDGW roles as being the “public facing” services of RDS, so I think it makes sense to either co-locate them or at least not co-locate them with the other more internal-only services like the broker. So to that end, yes the reasoning does have to do with security. You can also publish these web services (both only require port 443 by the way) using a reverse proxy if you want to really add some isolation to the deployment.

  • Duncan

    Hi Shannon, thanks for your great writeups on this topic. I’ve got the single server deployment working in a lab environment and am now planning on doing a multi server production rollout as above. Just wondering if you could clarify this bit in your article – “but I prefer to leave the RDCB and RDWA on their own servers and later deploy the Gateway role to the same server running RDWA.” What’s the reasoning for this, is it load, security…? Thanks again and keep up the good work!

    • Shannon Fritz

      I see the RDWA and RDGW roles as being the “public facing” services of RDS, so I think it makes sense to either co-locate them or at least not co-locate them with the other more internal-only services like the broker. So to that end, yes the reasoning does have to do with security. You can also publish these web services (both only require port 443 by the way) using a reverse proxy if you want to really add some isolation to the deployment.

  • gchudyk

    Installing rds works fine. Lots of sites repeat similar instructions to those in this blog. Actually using the product is a different story. Using an rds feature, such as printing to local printer does not work reliably. Unable to find a way to trace the problem through error logs. Tried every relevant group policy knob. Even used Powershell to change settings instead of Server Manager.

    Google foo not showing any hits. TechConnect is silent. Either this works so cleanly that everyone is astonished that i am finding it difficult, or no one else has used the feature. It has to be a common requirement right?

    My problem is finding good documentation on the use of Event Viewer to troubleshoot specific rds issues. I am more than willing to put in the time tracing errors, but where does one start? Where is the rds trouble shooting process documented?

    Any comments appreciated.

    Gerald.

  • gchudyk

    Installing rds works fine. Lots of sites repeat similar instructions to those in this blog. Actually using the product is a different story. Using an rds feature, such as printing to local printer does not work reliably. Unable to find a way to trace the problem through error logs. Tried every relevant group policy knob. Even used Powershell to change settings instead of Server Manager.

    Google foo not showing any hits. TechConnect is silent. Either this works so cleanly that everyone is astonished that i am finding it difficult, or no one else has used the feature. It has to be a common requirement right?

    My problem is finding good documentation on the use of Event Viewer to troubleshoot specific rds issues. I am more than willing to put in the time tracing errors, but where does one start? Where is the rds trouble shooting process documented?

    Any comments appreciated.

    Gerald.

  • Simon

    Hi Shannon
    Thank you for some excellent articles about Server 2012 RemoteApp.
    I have a scenario which I would like your comments on.

    I would like to control which users connect to which Session Host (using RemoteApp).
    Example:
    Department01 should use SH01
    Department02 should use SH02
    Department03 should use SH03
    etc…

    They all connect from “outside” (i.e. the internet) to our RDGW and from there I would like to direct them to the corresponding Session Host server.

    How would I go about configuring that?

    Thank you in advance.

    • Shannon Fritz

      Create a group for each department, then create a separate collection for each session host. On collection one, set the user assignment to the Dept1 group. Do the same for the other two.

      • Simon

        Thank you Shannon.
        I must say, your articles on RemoteApp 2012 are nothing short of brilliant!

      • Simon

        Taking the above scenario into consideration.
        Is it possible to allow the users to only write USERNAME at the RemoteApp login page? I mean, as opposed to writing DOMAINUSERNAME.

        The clients will either be in a different domain or just in a workgroup – i.e. not originating from the same domain as the RemoteApp servers.
        Thank you in advance.

  • pat

    Hello,
    Can you tell me how to limit a user to 1 session per farm? I can see how to limit a user to one session per rdsh, but need to limit at the farm level. Also want to understand why a new connection to a second/third farm member can be made when an active connection to another farm member server exists.

    • Shannon Fritz

      The technical “farm” term isn’t used anymore in 2012, having been replaced with the term “collection”. That said, many people still refer to all of the servers in the RDS deployment, including multiple session hosts in various collections as their “farm”. If you have the RDSH servers in a common collection, then the users will be limited to one session in that collection. They can connection to multiple collections, so if your RDSH servers are split up between collections, that is the expected behavior.

      • Pat

        To get this behavior, do all users have to connect through the gateway even if on the lan/wan?

        • Shannon Fritz

          No, it’s the Broker that deals with who to put where. Session Hosts that are members of a collection are supposed to consult the RDCB before accepting an incoming connection, and if the user already has a session on another member of the collection then they are redirected to that other host.

          • Pat

            So, if that’s not working correctly can you suggest things I should look at? I have users connecting to the collection and getting a new session on another RDSH server in cases where they already have an active session. I also have users getting a new session on a different RDSH server when they have an existing disconnected session.

  • Ben

    ‘If you want to make these applications available outside of your organization, the next step will be to deploy the RD Gateway role’ Can you expand on this statement please, I understand how this would enable you to remote to computers using RDP from an external client by entering the Gateway details but how would you connect to your RD Web Access server? Are there any posts on how this is configured. Already got an RDS 2012 deployment for internal users, now need to give those users access from home etc.to the web access server.

  • Pete

    Hi Shannon,

    Firstly, this post has saved me so much time and has now been in place for almost a year without any major issues. However, I still cannot get it to work when Users external to the network are using macbooks. I’m using the latest RDP client for MAC but no matter how much time I spend trying to google and/or fix it it always ends in tears! It always says it fails to connect to the Connection broker. Any knowledge of this issue? I seem to recal that when first released, it was meant to support Safari etc but then Microsoft pulled the plug on Gateway support? Could you shed any light on that please?

  • Veera

    Hi, i Have a HP Server OS is Win Server 2012 Essentials, i already purchased RDS User CALs for this server but whenever i try to add its failed install brokering service
    i am using localhost, please advise me in which way can i install

Categories