Remote Desktop Services in Windows 2008 R2 -Part 1

Posted by on Nov 12, 2009 in Windows 2008 R2

Windows Terminal Services has come a long way since its infancy and has improved with every version of Windows, and Windows 2008 R2 is no exception.  There are even noticeable differences between Windows 2008 and Windows 2008 R2 and should be highly considered as a worthy upgrade for those currently running older versions of the Windows component.  I first began working with Terminal Server technologies back in the day of WinFrame which was a “special” version of Windows NT 3.5.1 that was developed by Citrix.  Since then I have worked with all versions of Terminal Server from NT4 to the most recent Windows 2008 R2 which I am excited about.

This 3 part series will consist of the following articles and will provide you with step by step instructions in getting most of your Remote Desktop infrastructure in place;

  • Part 1 – Installation of Remote Desktop Services
  • Part 2 – Configuration of Remote Desktop Gateway and Remote Desktop Client
  • Part 3 – Configuration of Remote Desktop Web Access

In Windows 2008 R2, Terminal Server and its underlying components is now referred to as Remote Desktop Services (RDS).  The below table is a snippet directly from TechNet outlining the renaming of Terminal Server and it’s services;

Previous name (Windows 2008)Name in Windows Server 2008 R2
Terminal ServicesRemote Desktop Services
Terminal ServerRemote Desktop Session Host (RD Session Host)
Terminal Services Licensing (TS Licensing)Remote Desktop Licensing (RD Licensing)
Terminal Services Gateway (TS Gateway)Remote Desktop Gateway (RD Gateway)
Terminal Services Session Broker (TS Session Broker)Remote Desktop Connection Broker (RD Connection Broker)
Terminal Services Web Access (TS Web Access)Remote Desktop Web Access (RD Web Access)

Before delving into the step by step guide I will quickly highlight some of the enhancements and improvements that have been incorporated in this release;  This is by no means a comprehensive list, however I have provided a number of links at the end of this post to TechNet articles outlining What’s New in RDS.

  • Windows Server 2008 R2 is 64 bit only, meaning that RDS is also 64 bit.
  • Forms based authentication for Remote Desktop Web Access
  • Per user RemoteApp program filtering
  • Enhancements to Remote Desktop Client experience such as multiple monitor support, Audio recording redirection and Audio and Video playback
  • Windows Installer compatibility
  • Introduction of Remote Desktop Virtualisation Host providing personal virtual desktops utilising Hyper-V (note: This technology will not be discussed in this series, however I will have a future post dedicated to this new inclusion)

So let’s begin the installation by Navigating to Start / Administrative Tools / Server Manager (This post is assuming that you already have a dedicated Windows 2008 R2 server setup)

Click on Roles located on the left navigation pane and then select Add Roles located on the right pane to invoke the Add Roles Wizard.

clip_image002

Click Next

Select Remote Desktop Services as the role to install on this server.

clip_image003

Click Next.

The below introduction to Remote Desktop Services is displayed. Microsoft have done a great job in providing administrators with thorough documentation pertaining to the role being installed.

clip_image005

Click Next

This is a single server setup so I will select all of the role services for Remote Desktop Services excluding Remote Desktop Virtualisation Host (this will be covered in a future post). I have provided Microsoft’s description of each service in the table below;

clip_image006

Remote Desktop Session HostRD Session Host, formerly known as Terminal Server, enables a server to host Windows-based programs or the full Windows desktop. Users can connect to an RD Session Host server to run programs, save files and use network resources on the that server
Remote Desktop LicensingRD Licensing, formerly known as TS Licensing manages RDS CALs that are required to connect to an RD Session Host.
Remote Desktop Connection BrokerRD Connection Broker, formerly known as TS Session Broker, support session load balancing and session reconnection to the RD Session Host.
Remote Desktop GatewayRD Gateway, formerly known as TS Gateway enables authorised users to connect to RD Session Host Servers over the Internet.
Remote Desktop Web AccessRD Web Access, formerly known as TS Web Access enables users to access RemoteApp and Desktop connection through Start Menu on a computer running Windows 7 or through a Web browser.

Adding the Remote Desktop Gateway and or Remote Desktop Web Access will prompt you to install other services that are prerequisites such as IIS.

clip_image008

clip_image009

Click Add Required Role Services

After you have the Selected Roles checked, click Next.

The below warning will appear advising that it is recommended to install the Remote Desktop Session Host prior to installing any “client” applications.

clip_image011

Because this is a new install of Windows 2008 R2, I can ignore this warning and click Next.

You will now be required to specify an Authentication Method for the Remote Desktop Session Host. The two options provided below are as follows;

Require Network Level Authentication: This is more secure as user authentication occurs before a full remote desktop session is established, however it is only supported by Remote Desktop Client 6 and greater running on Windows Vista or Windows XP SP3 (Windows 7 is equipped with Remote Desktop Client 7) as they are the only current operating systems that support Credential Security Support Provider (CredSSP) protocol. Please be aware that the CredSSP is turned off by default on Windows XP SP3 and must be turned on via the registry. Please refer to the following Microsoft KB article for more details http://support.microsoft.com/kb/951608

Do not require Network Level Authentication: This is less secure because authentication occurs later in the connection process, however is supported by all Remote Desktop clients and all versions of Windows.

More information can be found in the following TechNet article, Configure Network Level Authentication for Remote Desktop Services Connections; http://technet.microsoft.com/en-us/library/cc732713.aspx

We will select Require Network Level Authentication.

clip_image013

Click Next.

Specify your Licensing Mode

clip_image015

Click Next

You will then be prompted to select user groups that you would like to provide access to the Remote Session Host Server. By Default, the “Administrators” group is added and I will also be adding a security group that I have created specifically for my Remote Desktop Users. Users or User groups added in this section will be automatically added to the local Remote Desktop Users group.

clip_image017

Click Next

The next screen will allow you to configure the client experience providing your end users with similar functionality and visual experience found from a Windows 7 desktop.

clip_image019

I will be selecting all 3 options provided, with one of the enhancements to Remote Desktop Services in R2 being the ability to provide users with a much better Video playback experience than in previous releases. It does so by offloading the actual video playback to the local graphics processing unit. More information on Multimedia Redirection Improvements in Windows 7 and WS2008 R2 can be found here; http://blogs.msdn.com/rds/archive/2009/07/24/multimedia-redirection-improvements-in-windows-7-and-ws2008-r2-part-1.aspx

Click Next

The next screen provides you with the ability to configure discovery scope for RD licensing. Following Microsoft’s recommendation, I will not configure a discovery scope for the license server and will utilise the inbuilt RDS Host configuration tool instead.

clip_image021

Click Next

The next screen is requesting a server authentication certificate for SSL encryption. To simplify matters during the installation I will select create a self-signed certificate for SSL encryption and will discuss this in more detail in part 2 of this series.  Note that using a self-signed certificate will create additional administrative overhead for administrators as the certificate will need to be exported and imported to your remote desktop client computers.  Using a 3rd party certificate from a Trusted certificate authority will remove that administrative burden and provide end users with a seamless experience.

clip_image023

Click Next

The next screen introduces Authorisation policies for the RD Gateway. Recall, the RD Gateway is designed to provide users with the ability to log onto a Remote Desktop Host via the Internet and SSL. Windows 2008 first introduced the TS Gateway which incorporated 2 types of policies TS CAP and TS RAP. These have been superseded in Windows 2008 R2 with; you guessed it, RD CAP and RD RAP.

Here is a brief primer on the two;

RD CAP (Remote Desktop Connection Authorisation Policy): Here you will specify users and groups who will have the ability to connect to a Remote Desktop Gateway Server. With an RD CAP you can also specify conditions for specific users and groups such as, you can only connect to this RD Gateway if you are using a smart card.

RD RAP (Remote Desktop Resource Authorisation Policy): After providing users and groups the ability to authenticate with an RD Gateway, RD RAP provides you with the ability to specify which computers located in the internal network are accessible to your user groups.  This could be restricted to a number of Remote Desktop Servers depending on the user or group authenticating.

Add your users and groups that you would like to connect through the RD Gateway as per the below screen capture.

clip_image027

The next part of the wizard is all about creating your RD CAP and RD RAP. Don’t worry too much if you don’t get everything right in the wizard as all of these options are configurable post wizard installation.

clip_image029

Notice, I have created a specific Active Directory Group called “Remote Desktop Computers” in which I have added computers with Remote Desktop enabled.

clip_image031

Click Next

The next part of this wizard provides you with a primer on Network Policy and Access Services.

clip_image033

Click Next

Leave Network Policy Server selected….

clip_image035

Click Next

The following screen provides you with an introduction to the Web Server Role that is required to be installed for Remote Desktop Web Access.

clip_image037

Click Next and Next again to accept the default role services options.

clip_image039

We are finally presented with a summary of the confirmed installation selections that we have made throughout this wizard. It is worthwhile printing and or saving this information via the available hyperlink to form part of your documentation.  Kudos to Microsoft who in my own opinion have done a great job with their wizard based installations which eases the usual configuration pains associated with such an install.

clip_image041

Click Install. The installation process will now begin and you will be presented with the installation results screen below notifying you of completion. Click Close and then restart your server to complete the process.

clip_image043

Upon shutdown, restart and logon, Windows will proceed with the installation and configuration of our roles and services.

clip_image045

clip_image047

That’s it for now.  In this first article of this series on RDS, we went through the process of adding and configuring the necessary roles and services associated with Remote Desktop Services via  Windows 2008 R2 Server manager.  In the next article, I will be discussing the Remote Desktop Gateway (RD Gateway) in some detail and will go through some of it’s configuration settings both at the server and remote desktop client level.

Subscribe to this blog and join our Facebook page and Twitter Page to keep up to date and be notified of our latest articles.

If you require any assistance with your SharePoint or other IT needs, the team at GKM2 are happy to assist.  You can contact us via info@gkm2.com.au or 1300 797 288 within Australia.

____________________________________________________

What’s New – TechNet Resources

Remote Desktop Session Host; http://technet.microsoft.com/en-us/library/dd560667(WS.10).aspx
Remote Desktop Virtualisation Host; http://technet.microsoft.com/en-us/library/dd560648(WS.10).aspx
Remote Desktop Connection Broker; http://technet.microsoft.com/en-us/library/dd560675(WS.10).aspx
Remote Desktop Web Access; http://technet.microsoft.com/en-us/library/dd560668(WS.10).aspx
Remote Desktop Gateway; http://technet.microsoft.com/en-us/library/dd560672(WS.10).aspx
RemoteApp  And Desktop Connection; http://technet.microsoft.com/en-us/library/dd560650(WS.10).aspx
Remote Desktop Licensing; http://technet.microsoft.com/en-us/library/dd560655(WS.10).aspx
Remote Desktop Client Experience; http://technet.microsoft.com/en-us/library/dd560636(WS.10).aspx

Remote Desktop Services Management; http://technet.microsoft.com/en-us/library/dd939782(WS.10).aspx
__________________________________________

Articles in this series;

  1. Remote Desktop Services in Windows 2008 R2 -Part 1 , Installation and Configuration
  2. Remote Desktop Services in Windows 2008 R2 – Part 2 – RD Gateway
  3. Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp

No Comments

Trackbacks/Pingbacks

  1. Remote Desktop Services in Windows 2008 R2- Part 2 - RD Gateway | SharePoint George - [...] the Remote Desktop (RD) Gateway in the first release of Windows 2008 and as previously mentioned in part 1…
  2. Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp | SharePoint George - [...] Remote Desktop Services in Windows 2008 R2 -Part 1 – Installation [...]
  3. Microsoft FAQ « Another bla bla blog - [...] FAQ dotyczące instalacji Remote Desktop Services w Windows 2008 R2 [...]
  4. Publish Remote Desktop Web Access and Gateway with Forefront TMG 2010 | SharePoint George - [...] already in place and that your RD Gateway and RD Web Access are on the same server.   Refer to…
  5. Microsoft FAQ | ... - [...] dotyczące instalacji Remote Desktop Services w Windows 2008 R2, tutaj kolejne ze strony [...]