-->
Applies To: Windows Server 2016, Windows Server 2019
This guide will show you how to enable Remote Desktop Protocol (RDP) service on Windows Server 2019. RDP is a proprietary protocol developed by Microsoft for connecting to another computer with a graphical interface over a network connection.
Feb 11, 2021 Following this article, one can install and configure Remote Desktop Services on a Windows Server 2019 and publish the RDP app to access a server or a desktop as per need on the remote desktop web app portal. Add Remote Desktop Services Role Add Server to RD Licenses and RD gateway Install public CA certificate to each role of RDS. I have a Remote Desktop server running on Server 2019. I know that the licenses expire at a random interval after about 50 days to 90 days. If I have devices that are always logged in and the licenses expire will it automatically log the devices out so they would have to be signed into again?
When it comes to supported configurations for Remote Desktop Services environments, the largest concern tends to be version interoperability. Most environments include multiple versions of Windows Server - for example, you may have an existing Windows Server 2012 R2 RDS deployment but want to upgrade to Windows Server 2016 to take advantage of the new features (like support for OpenGLOpenCL, Discrete Device Assignment, or Storage Spaces Direct). The question then becomes, which RDS components can work with different versions and which need to be the same?
So with that in mind, here are basic guidelines for supported configurations of Remote Desktop Services in Windows Server.
Note
Make sure to review the system requirements for Windows Server 2016 and system requirements for Windows Server 2019.
Best practices
Use Windows Server 2019 for your Remote Desktop infrastructure (the Web Access, Gateway, Connection Broker, and license server). Windows Server 2019 is backward-compatible with these components, which means a Windows Server 2016 or Windows Server 2012 R2 RD Session Host can connect to a 2019 RD Connection Broker, but not the other way around.
For RD Session Hosts - all Session Hosts in a collection need to be at the same level, but you can have multiple collections. You can have a collection with Windows Server 2016 Session Hosts and one with Windows Server 2019 Session Hosts.
If you upgrade your RD Session Host to Windows Server 2019, also upgrade the license server. Remember that a 2019 license server can process CALs from all previous versions of Windows Server, down to Windows Server 2003.
Follow the upgrade order recommended in Upgrading your Remote Desktop Services environment.
If you are creating a highly available environment, all of your Connection Brokers need to be at the same OS level.
RD Connection Brokers
Windows Server 2016 removes the restriction for the number of Connection Brokers you can have in a deployment when using Remote Desktop Session Hosts (RDSH) and Remote Desktop Virtualization Hosts (RDVH) that also run Windows Server 2016. The following table shows which versions of RDS components work with the 2016 and 2012 R2 versions of the Connection Broker in a highly available deployment with three or more Connection Brokers.
| 3+ Connection Brokers in HA | RDSH or RDVH 2019 | RDSH or RDVH 2016 | RDSH or RDVH 2012 R2 |
|---|---|---|---|
| Windows Server 2019 Connection Broker | Supported | Supported | Supported |
| Windows Server 2016 Connection Broker | N/A | Supported | Supported |
| Windows Server 2012 R2 Connection Broker | N/A | N/A | Not Supported |
Support for graphics processing unit (GPU) acceleration
Remote Desktop Services support systems equipped with GPUs. Applications that require a GPU can be used over the remote connection. Additionally, GPU-accelerated rendering and encoding can be enabled for improved app performance and scalability.
Remote Desktop Services Session Hosts and single-session client operating systems can take advantage of the physical or virtual GPUs presented to the operating system in many ways, including the Azure GPU optimized virtual machine sizes, GPUs available to the physical RDSH server, and GPUs presented to the VMs by supported hypervisors.
See Which graphics virtualization technology is right for you? for help figuring out what you need. For specific information about DDA, check out Plan for deploying Discrete Device Assignment.
GPU vendors may have a separate licensing scheme for RDSH scenarios or restrict GPU use on the server OS, verify the requirements with your favorite vendor.
GPUs presented by a non-Microsoft hypervisor or Cloud Platform must have drivers digitally-signed by WHQL and supplied by the GPU vendor.
Remote Desktop Session Host support for GPUs
The following table shows the scenarios supported by different versions of RDSH hosts.
| Feature | Windows Server 2008 R2 | Windows Server 2012 R2 | Windows Server 2016 | Windows Server 2019 |
|---|---|---|---|---|
| Use of hardware GPU for all RDP sessions | No | Yes | Yes | Yes |
| H.264/AVC hardware encoding (if suppported by the GPU) | No | No | Yes | Yes |
| Load balancing between multiple GPUs presented to the OS | No | No | No | Yes |
| H.264/AVC encoding optimizations for minimizing bandwidth usage | No | No | No | Yes |
| H.264/AVC support for 4K resolution | No | No | No | Yes |
VDI support for GPUs
The following table shows support for GPU scenarios in the client OS.
| Feature | Windows 7 SP1 | Windows 8.1 | Windows 10 |
|---|---|---|---|
| Use of hardware GPU for all RDP sessions | No | Yes | Yes |
| H.264/AVC hardware encoding (if suppported by the GPU) | No | No | Windows 10 1703 and later |
| Load balancing between multiple GPUs presented to the OS | No | No | Windows 10 1803 and later |
| H.264/AVC encoding optimizations for minimizing bandwidth usage | No | No | Windows 10 1803 and later |
| H.264/AVC support for 4K resolution | No | No | Windows 10 1803 and later |
RemoteFX 3D Video Adapter (vGPU) support
Note Tomb raider: sure-shot skin download for mac.
Because of security concerns, RemoteFX vGPU is disabled by default on all versions of Windows starting with the July 14, 2020 Security Update and removed starting with the April 13, 2021 Security Update. To learn more, see KB 4570006.
Remote Desktop Services supports RemoteFX vGPUs when VM is running as a Hyper-V guest on Windows Server 2012 R2 or Windows Server 2016. The following guest operating systems have RemoteFX vGPU support:
- Windows 7 SP1
- Windows 8.1
- Windows 10 1703 or later
- Windows Server 2016 in a single-session deployment only
Discrete Device Assignment support
Remote Desktop Services supports Physical GPUs presented with Discrete Device Assignment from Windows Server 2016 or Windows Server 2019 Hyper-V hosts. See Plan for deploying Discrete Device Assignment for more details.
VDI deployment – supported guest OSes
Windows Server 2016 and Windows Server 2019 RD Virtualization Host servers support the following guest OSes:
- Windows 10 Enterprise
- Windows 8.1 Enterprise
- Windows 7 SP1 Enterprise
Note
- Remote Desktop Services doesn't support heterogeneous session collections. The OSes of all VMs in a collection must be the same version.
- You can have separate homogeneous collections with different guest OS versions on the same host.
- The Hyper-V host used to run VMs must be the same version as the Hyper-V host used to create the original VM templates.
Single sign-on
Windows Server 2016 and Windows Server 2019 RDS supports two main SSO experiences:
- In-app (Remote Desktop application on Windows, iOS, Android, and Mac)
- Web SSO
Using the Remote Desktop application, you can store credentials either as part of the connection info (Mac) or as part of managed accounts (iOS, Android, Windows) securely through the mechanisms unique to each OS.
To connect to desktops and RemoteApps with SSO through the inbox Remote Desktop Connection client on Windows, you must connect to the RD Web page through Internet Explorer. The following configuration options are required on the server side. No other configurations are supported for Web SSO:
- RD Web set to Forms-Based Authentication (Default)
- RD Gateway set to Password Authentication (Default)
- RDS Deployment set to 'Use RD Gateway credentials for remote computers' (Default) in the RD Gateway properties
Note
Due to the required configuration options, Web SSO is not supported with smartcards. Users who login via smartcards might face multiple prompts to login.
For more information about creating VDI deployment of Remote Desktop Services, check out Supported Windows 10 security configurations for Remote Desktop Services VDI.
Using Remote Desktop Services with application proxy services
You can use Remote Desktop Services with Azure AD Application Proxy. Remote Desktop Services does not support using Web Application Proxy, which is included in Windows Server 2016 and earlier versions.
Preface:
Remote Desktop Services is a robust role in the windows role group. RDS is used to remote into the central RDS server or any member server or the user’s desktop computer through the RDS server using the Remote Desktop web services either on the internal network or through the internet.
This article discusses the access of the servers and desktops accessed over the internet using RD Gateway using the https port. The Servers and desktops on the on-premises can be accessed without the need RDP port 3389 opened on the firewall. Where the RDP port 3389 is the hacking target for hackers over the internet. As the https port used for the access of remote desktop, the port is usually used for most of the businesses to access the webserver hosted internally.
The Remote Desktop Services will be cost-effective when the number of users or devices accessing applications with an excessive amount of licenses needed. Also, this role is most useful where the client computers installed on the company network or home is not the latest, and the application demands such as hardware or operating systems.
We are going to delve deep into this installation and configuration on an active directory domain network with network policy server (NPS) security. We are using a public CA certificate in this demonstration and hostname assigned on the public DNS.
The following points discussed in this article. Following this article, one can install and configure Remote Desktop Services on a Windows Server 2019 and publish the RDP app to access a server or a desktop as per need on the remote desktop web app portal.
- Add Remote Desktop Services Role
- Add Server to RD Licenses and RD gateway
- Install public CA certificate to each role of RDS
- Configure RD Licenses
- Configure Remote App Collection
- Publish and Configure Remote App
- Access RD Web and Remote App
To begin with, the demonstration, let’s add the Remote desktop Roles group on the server manager and going forward to configure each component.
Add Remote Desktop Services Role
There are two Windows Server 2019 servers used on this demonstration where the first server is installed as a domain controller, and the RDS server has been joined to the domain of the domain controller, which we have added in the first place.
On the planned RDS installation server called remote, we are going to install the RDS role by launching the server manager dashboard and by clicking the “Add roles and features” link.
The instruction of wizard will show up on the screen, and if you don’t want to see this page on adding roles and features anymore, just check the skip this page checkbox and continue by clicking next.
Makefile syntax cheat sheet. Makefile cheatsheet Var assignment foo = 'bar' bar = $(foo) foo # dynamic (renewing) assignment foo:= 'boo' # one time assignment, $(bar) now is 'boo foo' foo?= /usr/local # safe assignment, $(foo). C Makefile cheatsheet. Automatic variables. Using $ (warning text) check make rules (for debug) string functions. Using $ (sort list) sort list and remove duplicates. Single dollar sign and double dollar sign. Build executable files respectively. Using $ (eval) predefine variables. Build subdir and link together. Makefile commands $(file op f,t) Open the file f using mode op and write t to that file $(value v) Evaluates v, with no expansion Functions $@ $(@D) $(@F) Name of the target $% $(%D) $(%F) Target member name, when target is an archive member $. This simple Makefile compiles a hello.cpp program. It also includes a clean target that removes our executable in case we want to clean up the directory. Hello: hello.cpp g -g -Wall hello.cpp -o hello clean: rm -f hello. If we’re in the same directory as our Makefile, we can run the following to compile hello.cpp.
The RDS Installation can be installed through Role-based or feature-based installation. Still, it requires a lot of effort as there are a number of components to be selected and configured after installation. To make life easier, Microsoft has consolidated all the component installation in one group. That installation method can be used by clicking the Remote Desktop Services installation option at the select installation type.
On the deployment type, select Quick Start so that all components will be installed by itself, and the Quick App Collection will be added to the Remote Desktop Services deployment. Select Quick Start and click Next.
In this article, we are going to look into Session-based desktop deployment, so select session-based desktop deployment and click Next.
On the Server Selection page, select the local server where we have planned for RDS deployment and click next.
On the confirmation page, check the checkbox “Restart the destination server automatically if required” and click deploy to start the RDS deployment.
When the Deploy tab is clicked, the RDS Role installation will start installing roles, and the progress can be monitored on the popup.
The server will be restarted in the middle of the installation. When the server restarted and logged in as the same administrator account, the installation will continue, and the progress will show succeeded on the RDS roles deployment completion.
Once the Remote Desktop Services role has been added, the very next step is to configure it. On the server manager, you would find a Remote Desktop Service deployment setup on the left side navigator. Click on that, and additional configuration of this service will be available.
Add Server to RD Licenses and RD gateway
The icons in green or not configured with a deployment server, here the RD licensing and RD Gateway, are in green, and we are going to configure them in the coming up steps. Click RD Licensing, and the configuration window will show up.
On the RD Licensing deployment windows select the server which in our case the local server and selects the server and click on the arrow next to it to deploy RD Licensing server and click Next. Deadside steam.
Once the RD licensing server added, the result indicates succeeded next to the progress bar. Click close to close out the RD License server deployment wizard.
As we have already planned, this RDS server is accessed through the internet also, so our very next move is the deploy RD Gateway. Click the RD Gateway icon on the deployment overview area, which is in green, which means it has not been deployed yet. The RD Gateway deployment wizard will open, and we can deploy it with adding the server.
We are adding the local server as an RD Gateway server to the Remote Desktop Services by clicking the arrow in the middle of the selection, and once the server added, click next to configure SSL certificate name.
In this demonstration, I have already created a hostname under my public domain mrigotechno.club called remote, but you need to give a name that is relevant to your RDS gateway hostname and certificate pertinent to be purchased and installed on the internet information Server (IIS). Once the Certificate Name typed, click Next.
On the confirmation, click add to add RD Gateway server to the deployment. Click Add.
On the Results page, the progress indicator will show succeeded and click Configure Certificate to install the certificate.
Windows Remote Desktop Server 2019
Install public CA certificate to each role of RDS
On each role services on the Manage Certificate, we need to configure the certificate, there are four roles, and we need to configure the certificate for them. I have installed the third-party CA certificate on Internet information server and export it as a pfx file format while exporting I have secured the certificate with a password. Please have your third party certificate in pfx format file and the password of the pfx file handy as we are going to apply the certificate from the topmost role and apply one by one till the fourth role.
Select the first role and select an existing certificate to apply the certificate dialogue window.
On the Choose a different Certificate, click browse and select the pfx certificate file and type the password of the certificate and check “Allow the certificate to be added to the trusted root certification authorities certificate store on the destination computer.” Click OK to go back to manage the certificate window.
On the state of the certificate configuration for the role, you would see Ready to Apply on state column, click apply and wait to change for the level to Trusted and status to OK and the state to Success.
Do the same steps to apply the certificate to the next three roles, and you would see the State changes to Success as in the below screen capture. Click OK to complete the certificate Configure.
Configure RD Licenses
The Next step is to Edit Deployment properties, on the deployment overview click tasks, and select edit deployment propertied to start the wizard.
As we have already completed Certificate configuration, we have only edit that we need to do RD Licensing. On the RD Licensing under Configure the deployment, select the RDS Licensing mode as per your requirement in the example. I have chosen Per user, but choose the one which is relevant to your environment and click OK.
Configure Remote App Collection
On the left side navigation on the Remote Desktop Services Setup, you would see Quick Session Collection, where the App publisher available to published App, which we would access through RD Web Access. On the Properties area, click properties and select edit properties.
We are going to edit only one option in these properties that we are going to add the User groups to associate to this collection. I have already created a security group called RDS_Users and added some test users to it. I’m adding that group here to associate with the collection., click OK and back to the main window.
Publish and Configure Remote App
Microsoft Remote Desktop Server 2019
In this demonstration we are going to see how to access a member server or a user desktop from the RD web access from the internet, without opening RDP port 3389, the same steps will apply to add a user’s desktop. But make sure the member server or user desktop is enabled Remote Desktop on the system property of the computer. So I got a server on the network that can be configured to access from RD Web, we are going to configure Remote Desktop App by publishing the RDP app to the Quick Collection Apps.
On the Remote App Programs area, click tasks on the screen below and click “Publish RemoteApp Programs.”
You will be presented with selecting the RemoteApp programs list and choose the App you want to publish. In this case, the Remote Desktop Connection. Select “Remote Desktop connection” and click Next.
On the confirmation page, click publish.
On the completion page, you would see published status message click close to go back to the main window.
On the Remote Desktop Connection RemoteApp that we just published right-click and select edit properties to configure the properties of the App.
On the General page, type a name that is appropriate for the RDP Connection Computer. In this case, it a server called server1, so I type the name server1 on the name box.
The next page is parameters, on the parameters page, click “Always use the following command paraments” radio button and type the IP address of the server or desktop to which the RDP connection to be established. In this case the private IP4 address of server1 is 192.168.24.190. The correct parameter value is /v:192.168.24.190. Replace the IP address with the one of the servers or Desktop IP address on your network.
The next item is User Assignment, add the user account to which users need to find this Remote App program that has to be visible on the RD Web Access login. Click add and choose the relevant user or group.
On the next page, leave the file type association with default setting and click OK.
Access RD Web and Remote App
We have completed all RDS configuration and moving on to the RD Web portal to login to the portal and access the apps assigned to the use. The URL for the RD Web is https://remote.mrigotechno.club/rdweb
Replace the remote.migotechno.club with the one you have configured for your environment.
See Full List On Docs.microsoft.com
Type the username and password with the domainuser format and password of the user and click Sign In.
The portal will show the web resources, the Remote desktop connection app that we have configured with the name server1 is available for us to access from the RD Web access login. Click Server1 and follow the login screen.
What Is Remote Desktop Services (RDS)? - Definition From ..
Click connect on the notification popup.
On the security login dialogue, type the user name and password of the user and click OK.
See All Results For This Question
The RDP connection is remote into the server1 computer, as shown below.
The RDP access is successful to the IP address 192.168.24.190, and this concludes our demonstration.
Conclusion
Windows Server 2019 Training 25 - How To Install RDS Session Host (Remote Desktop Services)
In this article, we have discussed and gone through the demonstration of deploying Remote Access Services on Windows Server 2019 elaborately. You can follow the same step and deploy Remote Desktop Services on your lab or production environment.
Microsoft Remote Desktop Services Management Pack For Windows Server 2019
I have demonstrated other roles of Windows Server 2019 in Get An Admin article. You may have some questions or feedback to share with me, please click the comments below and share your thoughts. I am so happy to answer your questions.