Windows Terminal Services has come a long way since its infancy and has improved with every version of Windows, and Windows 2008 R2 is no exception. There are even noticeable differences between Windows 2008 and Windows 2008 R2 and should be highly considered as a worthy upgrade for those currently running older versions of the Windows component. I first began working with Terminal Server technologies back in the day of WinFrame which was a “special” version of Windows NT 3.5.1 that was developed by Citrix. Since then I have worked with all versions of Terminal Server from NT4 to the most recent Windows 2008 R2 which I am excited about.
This 3 part series will consist of the following articles and will provide you with step by step instructions in getting most of your Remote Desktop infrastructure in place;
- Part 1 – Installation of Remote Desktop Services
- Part 2 – Configuration of Remote Desktop Gateway and Remote Desktop Client
- Part 3 – Configuration of Remote Desktop Web Access
In Windows 2008 R2, Terminal Server and its underlying components is now referred to as Remote Desktop Services (RDS). The below table is a snippet directly from TechNet outlining the renaming of Terminal Server and it’s services;
| Previous name (Windows 2008) | Name in Windows Server 2008 R2 |
| Terminal Services | Remote Desktop Services |
| Terminal Server | Remote Desktop Session Host (RD Session Host) |
| Terminal Services Licensing (TS Licensing) | Remote Desktop Licensing (RD Licensing) |
| Terminal Services Gateway (TS Gateway) | Remote Desktop Gateway (RD Gateway) |
| Terminal Services Session Broker (TS Session Broker) | Remote Desktop Connection Broker (RD Connection Broker) |
| Terminal Services Web Access (TS Web Access) | Remote Desktop Web Access (RD Web Access) |
Before delving into the step by step guide I will quickly highlight some of the enhancements and improvements that have been incorporated in this release; This is by no means a comprehensive list, however I have provided a number of links at the end of this post to TechNet articles outlining What’s New in RDS.
- Windows Server 2008 R2 is 64 bit only, meaning that RDS is also 64 bit.
- Forms based authentication for Remote Desktop Web Access
- Per user RemoteApp program filtering
- Enhancements to Remote Desktop Client experience such as multiple monitor support, Audio recording redirection and Audio and Video playback
- Windows Installer compatibility
- Introduction of Remote Desktop Virtualisation Host providing personal virtual desktops utilising Hyper-V (note: This technology will not be discussed in this series, however I will have a future post dedicated to this new inclusion)
So let’s begin the installation by Navigating to Start / Administrative Tools / Server Manager (This post is assuming that you already have a dedicated Windows 2008 R2 server setup)
Click on Roles located on the left navigation pane and then select Add Roles located on the right pane to invoke the Add Roles Wizard.
Click Next
Select Remote Desktop Services as the role to install on this server.
Click Next.
The below introduction to Remote Desktop Services is displayed. Microsoft have done a great job in providing administrators with thorough documentation pertaining to the role being installed.
Click Next
This is a single server setup so I will select all of the role services for Remote Desktop Services excluding Remote Desktop Virtualisation Host (this will be covered in a future post). I have provided Microsoft’s description of each service in the table below;
| Remote Desktop Session Host | RD Session Host, formerly known as Terminal Server, enables a server to host Windows-based programs or the full Windows desktop. Users can connect to an RD Session Host server to run programs, save files and use network resources on the that server |
| Remote Desktop Licensing | RD Licensing, formerly known as TS Licensing manages RDS CALs that are required to connect to an RD Session Host. |
| Remote Desktop Connection Broker | RD Connection Broker, formerly known as TS Session Broker, support session load balancing and session reconnection to the RD Session Host. |
| Remote Desktop Gateway | RD Gateway, formerly known as TS Gateway enables authorised users to connect to RD Session Host Servers over the Internet. |
| Remote Desktop Web Access | RD Web Access, formerly known as TS Web Access enables users to access RemoteApp and Desktop connection through Start Menu on a computer running Windows 7 or through a Web browser. |
Adding the Remote Desktop Gateway and or Remote Desktop Web Access will prompt you to install other services that are prerequisites such as IIS.
Click Add Required Role Services
After you have the Selected Roles checked, click Next.
The below warning will appear advising that it is recommended to install the Remote Desktop Session Host prior to installing any “client” applications.
Because this is a new install of Windows 2008 R2, I can ignore this warning and click Next.
You will now be required to specify an Authentication Method for the Remote Desktop Session Host. The two options provided below are as follows;
Require Network Level Authentication: This is more secure as user authentication occurs before a full remote desktop session is established, however it is only supported by Remote Desktop Client 6 and greater running on Windows Vista or Windows XP SP3 (Windows 7 is equipped with Remote Desktop Client 7) as they are the only current operating systems that support Credential Security Support Provider (CredSSP) protocol. Please be aware that the CredSSP is turned off by default on Windows XP SP3 and must be turned on via the registry. Please refer to the following Microsoft KB article for more details http://support.microsoft.com/kb/951608
Do not require Network Level Authentication: This is less secure because authentication occurs later in the connection process, however is supported by all Remote Desktop clients and all versions of Windows.
More information can be found in the following TechNet article, Configure Network Level Authentication for Remote Desktop Services Connections; http://technet.microsoft.com/en-us/library/cc732713.aspx
We will select Require Network Level Authentication.
Click Next.
Specify your Licensing Mode
Click Next
You will then be prompted to select user groups that you would like to provide access to the Remote Session Host Server. By Default, the “Administrators” group is added and I will also be adding a security group that I have created specifically for my Remote Desktop Users. Users or User groups added in this section will be automatically added to the local Remote Desktop Users group.
Click Next
The next screen will allow you to configure the client experience providing your end users with similar functionality and visual experience found from a Windows 7 desktop.
I will be selecting all 3 options provided, with one of the enhancements to Remote Desktop Services in R2 being the ability to provide users with a much better Video playback experience than in previous releases. It does so by offloading the actual video playback to the local graphics processing unit. More information on Multimedia Redirection Improvements in Windows 7 and WS2008 R2 can be found here; http://blogs.msdn.com/rds/archive/2009/07/24/multimedia-redirection-improvements-in-windows-7-and-ws2008-r2-part-1.aspx
Click Next
The next screen provides you with the ability to configure discovery scope for RD licensing. Following Microsoft’s recommendation, I will not configure a discovery scope for the license server and will utilise the inbuilt RDS Host configuration tool instead.
Click Next
The next screen is requesting a server authentication certificate for SSL encryption. To simplify matters during the installation I will select create a self-signed certificate for SSL encryption and will discuss this in more detail in part 2 of this series. Note that using a self-signed certificate will create additional administrative overhead for administrators as the certificate will need to be exported and imported to your remote desktop client computers. Using a 3rd party certificate from a Trusted certificate authority will remove that administrative burden and provide end users with a seamless experience.
Click Next
The next screen introduces Authorisation policies for the RD Gateway. Recall, the RD Gateway is designed to provide users with the ability to log onto a Remote Desktop Host via the Internet and SSL. Windows 2008 first introduced the TS Gateway which incorporated 2 types of policies TS CAP and TS RAP. These have been superseded in Windows 2008 R2 with; you guessed it, RD CAP and RD RAP.
Here is a brief primer on the two;
RD CAP (Remote Desktop Connection Authorisation Policy): Here you will specify users and groups who will have the ability to connect to a Remote Desktop Gateway Server. With an RD CAP you can also specify conditions for specific users and groups such as, you can only connect to this RD Gateway if you are using a smart card.
RD RAP (Remote Desktop Resource Authorisation Policy): After providing users and groups the ability to authenticate with an RD Gateway, RD RAP provides you with the ability to specify which computers located in the internal network are accessible to your user groups. This could be restricted to a number of Remote Desktop Servers depending on the user or group authenticating.
Add your users and groups that you would like to connect through the RD Gateway as per the below screen capture.
The next part of the wizard is all about creating your RD CAP and RD RAP. Don’t worry too much if you don’t get everything right in the wizard as all of these options are configurable post wizard installation.
Notice, I have created a specific Active Directory Group called “Remote Desktop Computers” in which I have added computers with Remote Desktop enabled.
Click Next
The next part of this wizard provides you with a primer on Network Policy and Access Services.
Click Next
Leave Network Policy Server selected….
Click Next
The following screen provides you with an introduction to the Web Server Role that is required to be installed for Remote Desktop Web Access.
Click Next and Next again to accept the default role services options.
We are finally presented with a summary of the confirmed installation selections that we have made throughout this wizard. It is worthwhile printing and or saving this information via the available hyperlink to form part of your documentation. Kudos to Microsoft who in my own opinion have done a great job with their wizard based installations which eases the usual configuration pains associated with such an install.
Click Install. The installation process will now begin and you will be presented with the installation results screen below notifying you of completion. Click Close and then restart your server to complete the process.
Upon shutdown, restart and logon, Windows will proceed with the installation and configuration of our roles and services.
That’s it for now. In this first article of this series on RDS, we went through the process of adding and configuring the necessary roles and services associated with Remote Desktop Services via Windows 2008 R2 Server manager. In the next article, I will be discussing the Remote Desktop Gateway (RD Gateway) in some detail and will go through some of it’s configuration settings both at the server and remote desktop client level.
Subscribe to this blog and join our Facebook page and Twitter Page to keep up to date and be notified of our latest articles.
If you require any assistance with your SharePoint or other IT needs, the team at GKM2 are happy to assist. You can contact us via info@gkm2.com.au or 1300 797 288 within Australia.
____________________________________________________
What’s New – TechNet Resources
Remote Desktop Session Host; http://technet.microsoft.com/en-us/library/dd560667(WS.10).aspx
Remote Desktop Virtualisation Host; http://technet.microsoft.com/en-us/library/dd560648(WS.10).aspx
Remote Desktop Connection Broker; http://technet.microsoft.com/en-us/library/dd560675(WS.10).aspx
Remote Desktop Web Access; http://technet.microsoft.com/en-us/library/dd560668(WS.10).aspx
Remote Desktop Gateway; http://technet.microsoft.com/en-us/library/dd560672(WS.10).aspx
RemoteApp And Desktop Connection; http://technet.microsoft.com/en-us/library/dd560650(WS.10).aspx
Remote Desktop Licensing; http://technet.microsoft.com/en-us/library/dd560655(WS.10).aspx
Remote Desktop Client Experience; http://technet.microsoft.com/en-us/library/dd560636(WS.10).aspx
Remote Desktop Services Management; http://technet.microsoft.com/en-us/library/dd939782(WS.10).aspx
__________________________________________
Articles in this series;
No Comments
Trackbacks/Pingbacks