Step by Step Windows 2019 Remote Desktop Services

Steps

-We will need two servers to host the following roles:

Software used in this guide:

-Windows Server 2019 ISO (evaluation can be downloaded from MS official website)

-SQL Server 2017 Express x64 (free version can be downloaded from MS official website)

-SQL Server 2016 Native Client (free version can be downloaded from MS official website)

-SQL Server Management Studio (free, and can be downloaded from MS official website)

-A certificate contain the FQDN you will use as the RD Web Access URL (example:”rds.domainname” ). It needs to be in .pfx format and you need to have the private key in it.

1-Installing the Remote Desktop Services Roles

-Log on to the Domain Controller, and

-In Server Manager right-click the All Servers node and add the second server using the Add Servers command (or select the All Servers node, click Manage and click Add Servers).

-click Manage, click Add Roles & Features.

-Click Next

-Select Installation Type

-Select Remote Desktop Services installation.

-Click Next.

-Select Deployment Type

-Click Next.

-Select Deployment Scenario

-Select Session-based desktop deployment.

-Click Next.

-Review Role Services

-Review the services that will be installed.
-Click Next.

-Specify RD Connection Broker server

-Click the member server and click the Add button.
-Click Next.

-Specify RD Web Access server

-Check Install the RD Web Access role on the RD Connection Broker server.

-Click Next.

-Specify RD Session Host server

-Click the member server and click the Add button.
-Click Next.

-Confirm selections

-Check Restart the destination server automatically if required.
-Click Deploy.

-Wait until all role services are deployed and the member server has restarted.
Click Close.

2-In Server Manager click Remote Desktop Services and scroll down to the overview.

-The deployment is missing an RD Gateway server and a RD Licensing server.

-Click the Add RD Licensing server button.

-Select a server

-Click the domain controller and click the Add button.
-Click Next.

-Confirm selections

-Click Add.

-View progress

-Wait until the role service is deployed. No restart is needed.
Click Close.

-Click the Add RD Gateway server button.

-Select a server

-Click the member server and click the Add button.
-Click Next.

-Name the self-signed SSL certificate

-The wizard creates a self-signed certificate. (Later we will replace the self-signed certificate.)

-Enter the external Fully Qualified Domain Name which you will also use for the Web Access URL.
-Click Next.

-Confirm selections

-Click Add.

-Wait until the role service is deployed. Again, no restart is needed.

-Click Close.

-Change the internal FQDN for the Connection Broker to an external FQDN.

-Click OK

-Changing the Connection Broker FQDN to an externally resolvable FQDN

-Open DNS Manager on the domain controller and browse to Forward Lookup Zones.

-Right click Forward Lookup Zones and click New Zone… Go through this wizard accepting the defaults until you enter a Zone Name.

-Enter the external FQDN which will also be used by the Connection Broker.

-Finish the rest of the wizard accepting the defaults.

-Browse to the newly created zone.

-Right click the newly created zone and click New Host (A or AAAA)…

-Right click the newly created zone and click New Host (A or AAAA)…

-Leave the Name field blank, but enter the member server’s (holding the RD Connection Broker role) IPv4 address.
-Click Add Host.

-Now the configuration will be able to resolve “rds.domainname” to the server holding the Connection Broker role, and this will work because “rds.domainname” is also on the certificate that we will configure later.

-Create a new Global Security Group called “RD Connection Brokers” and add the computer account for the member server to it as a group member.

-Reboot the member server.

3-Install SQL Express on the Domain Controller (or use an existing SQL Server if you already have one).

-Here’s a list of needed features:

-Use the Default Instance (so click Default, and do not leave the wizard’s selection on Named instance: SQLEXPRESS).

-Set the SQL Service to start using SYSTEM because the default account of SQLSERVER cannot be used on a Domain Controller.

-When the installation is done, open SQL Configuration manager and browse to Client Protocols under SQL Native Client 11.0 Configuration.

-Check if TCP/IP is enabled under Client Protocols. SQL Express install enables this by default.

-Browse to Protocols for MSSQLSERVER under SQL Server Network Configuration.

-Enable TCP/IP. If this is a new SQL installation, this will be disabled by default.
(Restart the SQL Server service if you changed this setting.)

-On the SQL Server, make sure port 1433 is not being blocked by Windows Firewall.

-Open SQL Server Management Studio, connect to the default instance on the Domain Controller and browse to Logins under Security.

-Right click Logins and click New Login…

Login – New

-Click Search, Select User, Service Account, or Group

-Click Object Types… and select Group.
-Type the RDS Connection Brokers security group name and click Check Names.
-Click OK.

-Login – New

-Click Server Roles and select dbcreator.
-Click OK.

-Install the SQL Native Client on the member server (Client Components only). (If you used the member server in this setup to install the SQL Management Studio, you can skip this step)

4-In Server Manager click Remote Desktop Services and scroll down to the overview.

-Right click RD Connection Broker and click Configure High Availability.

Before you begin

-Note:If you have more than one RD Connection Broker, they need to be configured using DNS Round Robin.

-Click Next.

-Configure RD Connection Broker for High Availability

-Click Next.

-Configure RD Connection Broker for High Availability

-DNS name for the RD Connection Broker cluster:
The DNS Zone name we configured in DNS earlier: rds.domainname

-Connection string:
DRIVER=SQL Server Native Client 11.0;SERVER=DOMAINNAME;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=ITWRDCB

-Folder to store database files:
C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA

-Click Next.

-Confirmation

-The RD Connection Broker is now in High Availability Mode, and configured as “rds.domainname” and ready to complete the configuration.

5-Configuring Certificates

-In Server Manager, Remote Desktop Services, Overview, click Tasks and click Edit Deployment Properties, then click Certificates.

-Configure the deployment

-Click RD Connection Broker – Enable Single Sign On and click Select Existing certificate.

-Browse to the .pfx file, enter its password, and check Allow the certificate.
-Click OK.

-Click Apply.

-Configure the deployment

-Click RD Connection Broker – Publishing and click Select Existing certificate.

-Click RD Web Access and click Select Existing certificate.

-Last one. Click RD Gateway and click Select Existing certificate.

-Browse to the .pfx file, enter its password, and check Allow the certificate..
Click OK.

-Click OK to apply the final certificate step.

6-Publishing resources to your users

-You can use this setup to either provide full desktop sessions on the Session Host, or you can choose to publish only applications on the Session Host.

Example: publish full desktop sessions.

-In Server Manager, Remote Desktop Services, Session Collections, click Tasks and click Create Session Collection.

-Review the requirements.
-Click Next.

-Name the collection

-Enter a descriptive name. This name will be displayed under its icon in the Web Access interface.
-Click Next.

-Specify RD Session Host servers

-Click the member server and click the Add button.
-Click Next.

Specify user groups

-Click Next.

-Specify user profile disks

-Click Next.

-Confirm selections

-Review the information and click Create.

-View Progress

-Wait until the collection is created and the server is added to the collection.
-Click Close.

7-Testing the setup

On a machine that has access to the setup, open https://rds.domainname/rdweb

-Enter a valid username and password (Domain \username or username@Domainname).
-Create a user for this or simply use the domain admin account.
-Click Sign in.

-After logging in you are presented with the full desktop session collection we created.

-After clicking the Full Desktop icon, you get the warning that devices are going to be redirected.

- click Connect