Windows Remote Desktop Services with High Availability Set-up Guide

 

Configure Remote Desktop Services

Resources needed:

WS2016-Test

Ø  Domain Controller, RD connection broker, RD session host server, RD Web access server

Ø  OS - Windows Server 2016 datacenter, IP address – 192.168.1.50 /24

Win10pro

Ø  Domain member, RDS client

Ø  OS – Windows 10 Pro, IP address – 192.168.1.51 /16

1.       On the target server, Allow Remote Desktop Connection

a.       System properties>Remote tab>click allow remote connections to this computer radio button

Click ok.

1.       Install Windows Remote Desktop Services Role

a.       In Server Manager, Click Add roles and Features

b.       Click Remote Desktop Services Installation radio button

c.       Click Standard deployment radio button and click Next

d.       Click session-based desktop deployment radio button then click Next 2 times

e.       On specify RD Connection Broker server, click the target server then click right arrow button then Next

              

                   f. .       On Specify RD Web Access server, Click the target server then click right arrow button, check the Install the RD Web access role service on the RD Connection Broker server check box then click next

g.       On specify RD Session Host servers, click the target server then click right arrow button then Next

h.       On confirm selections, click the Restart the destination server automatically if required checkbox (as it requires to restart after role service is installed) then click deploy.

You will see the installation progress and the server will restart automatically.

i.       Once succeeded, click close.

1.       Edit RDS Deployment properties

a.       Create a folder on c drive (any location will do; we will use this to store the exported self-sign certificate later.)

b.       On the lower left side of server Manager, click Remote Desktop Services, On the deployment overview click task drop down button then click Edit Deployment properties

c.       On the Configure the deployment, click Certificates on the left side (we will skip the following: RD Gateway since we don’t need external access, RD Licensing since this is a test phase and RD Web access since we already configure it)

d.       Open Windows PowerShell and type these two commands for creating self-signed certificate:

New-SelfSignedCertificate -certstorelocation c:\rdscert -dnsname "RDP"

$pwd = ConvertTo-SecureString -String "Pa55w.rd" -Force -AsPlainText

(c:\rdscert folder is created on the first instruction)

Then type mmc and press enter

e.       On Console1, click File>Add/Remove Snap-in

f.       On Add or Remove Snap-in, click Certificate>Add>computer account>Next>Finish>Ok

g.       On Console1, Expand Certificate (Local computer), Personal, Click Certificate then right Click RDP, right click RDP>all task>Export

h.       On Welcome to the Certificate Export Wizard, click Next, click Yes, export the private key radio button then next, Next Click Password checkbox , Type Pa55w.rd on Password and Confirm Password then Next. On File to export, Type C:\rdscert\rdscert.pfx then Next, Finish.

i.       You will see that the export was successful. Click Ok

j.       On Server Manager> Configure the deployment>Certificates

Click RD Connection Broker – Enable Single Sign on then click Select Existing certificate

k.       On Select Existing certificate, click Choose a Different Certificate radio box, Type C:\rdscert\rdscert.pfx, Type Pa55w.rd on Password, check the Allow the certificate to be added to the Trusted Root Certification Authorities certificate store on the destination computer checkbox. Then Click Ok

l.       Click Apply

a.       Repeat steps to:
RD Connection Broker – Publishing

RD Web Access

Then Click Ok.

1.       Create a Collection and publishing App

a.       On Server Manager>Remote Desktop Services> click collections, click task drop down button then click Create Session Collection

b.       On Before you begin, click next. On collection name Type Browser on the name then click next. On RD Session Host, click target server, click right arrow button then Next. On User Groups, click Next. On Specify User Profile Disk type C:\rdscert on Location of user profile disks then next. On Confirmation, click Create.

c.       Once Succeeded, Click Close

d.       On Collections, click Browser
On Remote APP programs, click Publish Remote App Programs

e.       On Select RemoteApp Programs, select the Google Chrome checkbox then next.

f.       Click Publish, then close.

1.       Create DNS record (RD web access)

a.       In Server Manager, click tools then click DNS

b.       In DNS Manager, expand server, forward Lookup zone and click caspotest.com

Right click caspotest.com then click New Host (A or AAAA

c.       On New Host, type the following and then click add host

Name (uses parent domain name if blank): rds

Ip address: 172.30.196.50

d.       On message box (DNS) click Ok then click Done.

2.       Test RDS deployed app

a.       Login as domain user on client machine\workstation

b.       Open browser and type this url: http://rds.test.com/rdweb and press enter

c.       On browser click Continue to this Webpage (not recommended) -This is due to self-signed certificate of server

d.       On Work Resources, provide credentials (must be domain user) then click sign in

e.       Verify that the published app is available.

Configure High Availability

Resources needed:

WS2016-Test

Ø  Domain Controller, RD connection broker, RD session host server, RD Web access server

Ø  OS - Windows Server 2016 datacenter, IP address – 172.30.196.50 /16

2016SERVER1

Ø  Member Server of Domain, RD connection broker, RD Web Access server

Ø  OS – Windows Server 2012 R2 datacenter, IP address – 172.30.196.55 /16

Win10pro

Ø  Domain member, RDS client

Ø  OS – Windows 10 Pro, IP address – 172.30.196.51 /16

Ø  SQL Server database

Installer:

Ø  SQL Server 2017 – SQLServer2017-SSEI-Expr.exe

Ø  .Net Framework 3.5 – dontnetfx35.exe

Ø  SQL Server Management Studio – SSMS-Setup-ENU.exe

Ø  SQL Server Native Client – sqlncli.exe

Ø  Microsoft ODBC SQL Driver – msodbcsql.exe

1.       Create DNS Record of Second RD Web Access

a.       Repeat step 5 with the following details:

Name (uses parent domain name if blank): rds

Ip address: 172.30.196.55

Note: same rds.test.com hostname with 2 different IP

 

2.       Create a domain group named RDSCB (Remote desktop services connection broker) and add two target servers on this group

a.       On Server Manager, Click tools>Active Directory Users and Computers

b. On Active Directory Users and Computers, click and right click caspotest.com Click New, then click Group

c.       On New Object – Group, Type RDSCB on Group name then click ok

 

d.       Double click RDSCB, Click Members Tab then click add

 e. On Select Users, contacts, computers, Service accounts or groups,
Click object types, click computers checkbox then Ok

f. On enter the object names to select (examples): Type WS2016-TEST;2016SERVER1 then click Ok.

you will see the 2 servers added to members tab. Click ok

1.       Install SQL Server Database on target Node (RDS High Availability requires dedicated database) – Win10pro

a. On target node, download .Net Framework 3.5 as it is required in installing SQL Server
(it requires internet connection)
click download and install this feature

b.       Click Close once it is done.

c. Run the SQLServer2017-SSEI-Expr.exe
Click Custom, accept default media location path then click install (it requires internet connection)

    It will take a few minutes.

d. On SQL Server Installation Center, Click New SQL Server stand-alone installation or add features to an existing installation

e. On SQL Server 2017 Setup, in License and terms, click I accept the license terms checkbox then click Next.

f. On Microsoft Update, click next. On Install rules, click Next. On Feature Selection, Click Next. On Instance configuration, click Default instance radio button then click next.

g.       On Server Configuration, click Next. On Database Engine Configuration, Click Next.
On Consent to Install Microsoft R Open, Click Accept then click Next.
On Consent to install Python, click Accept then click Next.
On the Complete, Click Close.

h. Run the SSMS-Setup-ENU.exe (SQL Server Management Studio)
On the Microsoft SQL Server Management Studio, Click Install

It will take a few minutes.
After the installation, click Restart. (target Node will restart)

 

2.       Configure SQL Server Database on target Node

a. On Target Node, Click Start button then Click Microsoft SQL Server Management Studio

b. On Microsoft SQL Server Management Studio, In Connect to server, Click Connect

On Object Explorer, Under WIN10PRO (SQL Server 14.0.100 – <domain name>\vince,
Expand Security, Click and right click Login then click New Login

d. On Login – New beside Login name: click search (ensure that windows authentication is selected)

e. On Select User or Group, click Locations.

On Locations, click Entire Directory then Click Ok

f. On Select User or Group, Click Object Types. On the Object Types, click Groups checkbox then click Ok.

g. On Select User or Group, Under Enter the object name to select (example):

Type RDSCB, click check names then click Ok.

h. On the Select a page, Click Server roles, click dbcreator checkbox then click Ok.

i. Open Control panel - click Systems and Security, Windows Firewall, Advance settings.
On Windows Firewall with Advanced Security, click and right click Inbound Rules, then click New rule

Repeat step for Outbound Rules.

j. On Rule Type, click Port radio button then Next.

On Protocol and Ports, Click UDP radio button, beside specific local ports: Type 1434 then click Next. On the Action, click Allow the Connection radio button and then click Next. On the profile, click Next. On the Name, Type sql udp port on name then click Finish.

Repeat task for TCP port 1433 (Inbound and Outbound rule)

k. Right click start menu button, click Run, Type Services.msc then click Ok
On Services, Run/Start the following services:
* Remote Access Auto Connection Manager
* Remote Desktop Services
* Remote Procedure Call (RPC) Locator

l. Click Start Menu button, click Microsoft DQL Server 2017 then click SQL Server 2017 Configuration Management.

m. On SQL Server Configuration Manager, Under SQL Server Configuration Manager(Local)

Expand SQL Server Network Configuration, click Protocols for MSSQLSERVER
Click and right click Name Pipes then click Enable.
Click and right click TCP/IP then click Enable

n. On SQL Server Configuration Manager, Under SQL Server Configuration Manager(Local)

Click SQL Server Services, click and right click SQL Server (MSSQLSERVER) then click Restart – To apply changes from Named pipes and TCP/IP the services must restart

1.       Install and Configure Microsoft SQL Server 2012 Native Client, ODBC Driver on Remote Desktop Connection Broker (RDCB), Firewall rule and System Services.

a.       On two Target Server Node, Run the sqlncli.exe

b. On Microsoft SQL Server 2012 Native Client Setup on welcome page, Click Next,
On License agreement, click I accept the terms in the license agreement radio button then click next.
On Feature Selection, click  SQL Server Native Client SDK dropdown button, click Entire Feature will be installed on the local hard drive then Next.

Then click Install. Then Click Finish.

c.    On two Target Server Node, Run the msodbcsql.exe

d. On Microsoft ODBC Driver 11 for SQL Server Setup, click Next.
On License agreement, click I accept the terms in the license agreement radio button then click next.
On Feature Selection, click  ODBC Driver for DQL Server SDK dropdown button, click Entire Feature will be installed on the local hard drive then Next.

Then click Install. Then Click Finish.

e. On two Target Server Node, open Control panel - click Systems and Security, Windows Firewall, Advance settings.
On Windows Firewall with Advanced Security, click and right click Inbound Rules, then click New rule

Repeat steps for Outbound Rules.

f. On Rule Type, click Port radio button then Next.

On Protocol and Ports, Click UDP radio button, beside specific local ports: Type 1434 then click Next. On the Action, click Allow the Connection radio button and then click Next. On the profile, click Next. On the Name, Type sql udp port on name then click Finish.

      Repeat task for TCP port 1433 (Inbound and Outbound rule)

g. Right click start menu button, click Run, Type Services.msc then click Ok
On Services, Run/Start the following services:
* Remote Access Auto Connection Manager
* Remote Desktop Services
* Remote Procedure Call (RPC) Locator

h. Click Start menu button then type ODBC, click ODBC Data Sources (32-bit)

i. On ODBC Data Source Administrator (32-bit), Click System DSN Tab,

click Add, Scroll down, Click SQL Server Native Client 11.0 then click Finish

j. On Create a New Data Source to SQL Server, fill the following fields:

* Name: connection string
*Server: WIN10PRO
Then click finish.

k. On ODBC Microsoft SQL Server Setup, click Test Data Source

l. On SQL Server ODBC Data Source Test. Ensure that tests completed successfully

1.       Configuring RDS High Availability

a. On RD Connection broker (WS2016-TEST) Server Manager, click Remote Desktop Services on the left pane
On the Deployment Overview, Right click RD Connection Broker then click Configure High Availability.

b. On Before you begin, click Next. On Configuration Type click Dedicated database server radio button then click Next.

On Configure High Availability fill up the required fields with the following details:
* DNS Name for the RD Connection Broker Cluster: rds.test.com
* Connection String: DRIVER=SQL Server Native Client 11.0;SERVER=win10pro.test.com;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=RDSCB
* Folder to store database files: C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA
Then click next.

c. On the confirmation, click Configure

d. Once succeeded, click close

1.       Add Second node as RD Connection broker Server and RD Web Access Server

a. On Server Manager  (WS2016-Test), click Manage on the upper right corner then click Add servers

b. On name (CN) Type 2016SERVER1 then click Find now. Click 2016SERVER1, click right arrow button then click Ok.

c. On Server Manager> Remote Desktop Services under Deployment overview,
right click RD Connection Broker then click Add RD Connection Broker Server

d. On Before you begin, click Next. On Server Selection, click target server, click right arrow button then click Next.

On confirmation, click Add.

e.    Once succeeded, click Close.

f. Under deployment overview, right click RD Web Access then click Add RD Web Access Servers

g. On Server selection click target server, click right arrow button then click next.

On Confirmation, click Add

h.       Once succeeded, click Close.

1.       Use Existing certificate for new RD Web Access Server

   

          a. On deployment Overview, click task dropdown button then click Edit Deployment Properties. 

b. On Configure the deployment, click certificates on the left pane

c. Click RD Connection Broker – Enable Single Sign On, click Select existing certificate.

d. On Select Existing Certificate, click Choose a different certificate radio button,

on certificate path, type C:\rdscert\rdscert.pfx
Type Pa55w.rd on password, Click Allow the certificate to be added to the Trusted Root Certification Authorities certificate store on the destination computers checkbox Then click Ok.

e. On the RD Connection Broker - Enable Single Sin On, you will see the state Ready to Apply, click Apply button.

On the RD Connection Broker - Enable Single Sin On, you will see the state Success.

f. Repeat steps for:

* RD Connection Broker – Publishing
* RD Web Access

g. When three Role service state is Success, click Ok.

h. You will see that Two Servers hosted the RD Connection Broker and RD Web Access on Deployment Servers Pane.