Setting up a RDS Farm is not that hard but anyway I created a step by step guide to build a Windows Server 2016 Remote Desktop Services deployment.
there is a new feature in the Windows Server 2016 RDS : Full OpenGL support with RDS for VDI scenarios.
And Yes you can use the Quickstart but I’m not using this in this demo setup. I tried to do a complete setup,but doing this I noticed that I’m constantly expanding this demo with new options so. I’ll keep this pure to the setup and some PowerShell basics.
Quick Start is an option in RDS deployment during the process of adding roles and features with Windows Server 2012 Service Manager. It dramatically simplifies the deployment process and shortens go-to-market while still providing the ability to add additional RDS servers as needed. The abstraction formed by RDWA, RDCB, and RDSH offers such elegancy that the Quick Start process integrates the three and deploy all to one server in a process rather uneventful. For For prototyping a centralized remove access environment, demonstrating and testing a VDI solution, or simply building a study lab for self-training, Quick Start is a fast track for getting RDS up and running in a matter of minutes. – See more at: http://blogs.technet.com/b/yungchou/archive/2013/02/07/remote-desktop-services-rds-quick-start-deployment-for-remoteapp-windows-server-2012-style.aspx
As a lot of customers are using Citrix just to host some applications and never heard od RDS paying big license cost. as in the options is already build-in
My DC is running the License services and this is also my broker server.
Doing this setup is in two parts One add Roles and Second the RDS setup.
Adding the Roles to my DC and adding all the servers in the all server filter in the server manager of the DC.
Selecting the Server that holds the Remote Desktop Session host ( mvprds01 )
Selecting and installing the role. I did this in the menu but you can also do this in the configuration. and the role will be installed.
Now that the roles are installed there is an extra option in server manager <> Remote Desktop Services.
To configure Windows Server 2016 Remote Desktop Services you have to pick in the add roles and features the lower option Remote Desktop Services Installation.
As you can see a quick Start option is here but we are not using this. and check the standard deployment. now you need to configure all the stuff.
But for a quick demo you can pick the quick start option.
When using the VDI option you will need a machine that is running Hyper-v !. In my setup I’ll use the Session based desktop deployment.
A quick overview of the roles that I’ll need for this deployment.
Selecting the RD Connection Broker Server
Selecting the RD Web Access Server
Selecting the RD Session host Servers ( in this case only 1 )
The roles are getting configured and if needed deployed to the servers. I already did this but there is a check mark to deploy the Roles
Now that all the roles are installed in server manager you can go to the Remote Desktop Services
In the overview you can see what is deployed and what options you can do. but in every task pulldown item there are the same options.
I installed all my options and I’m ready to create a Collection.
Create a Collection.
In the task menu I choose the Create Session Collection,
Just Name it
Choose a RD Session host Servers
What users may access this collection. I’ll pick all domain users.
User profile disks offer several advantages:
- Configuration and deployment is simpler than roaming profiles or folder redirection.
- User profiles can be maintained even on pooled virtual desktops that get rolled back after logoff.
- Logon and logoff times are reduced.
- Previously, profiles could be corrupted if used simultaneously on multiple computers. User profile disks are specific to the collection, so they can’t be used on multiple computers simultaneously.
- Administrators can have granular control of exactly which locations get saved to the virtual hard disk (VHDX).
- User profile disks can be stored on Server Message Block (SMB) shares, cluster shared volumes, SANs, or local storage.
- In pooled virtual desktop collections, user profile disks work with virtual machines running both Windows 8 and Windows 7 with Service Pack 1 (SP1).
Some things to remember about user profile disks:
- User profile disks are available only in pooled virtual desktop collections and session collections—not in personal virtual desktop collections.
- Share permissions are automatically set up by the management tools.
- Use Server Manager or Windows PowerShell to manage user profile disks.
- User profile disks are for a single collection only. A user connecting to two different collections will have two separate profiles. If you want to synchronize settings, refer to Microsoft User Experience Virtualization.
When Creating the collection we can make a start for publishing applications.
Now that the Application Collection is ready we can add applications to this collection. When selection the task <> publish remoteapp programs or in the hyperlink. there will be a discovery off all the apps on the RD Session host Servers in this case the mvprds01.mvp.local
But sure you can apps that are not discovered just press add
and press Publish and there is the APP
When Logon to the Portal you can see the RemoteApp
Changing the Icon of the RemoteApp can be done by PowerShell or copy and replace. On the RDS Broker server. goto the path :
C:\Windows\RemotePackages\CPubFarms\Application_1\CPubRemoteApps
all the RemoteApps are there and can be changed here.
OR change the ICON with the shell23.dll with powershell
To change the Icon
The Icon Index for this interface works top to bottom, starting with 0. So count the rows until you see your desired icon, multiply this by 4, subtract 1, and count up to your desired icon. The Icon Index for the Windows Update icon turns out to be 46.
Type one of the following commands in the Powershell box:
Get-RDRemoteApp -Alias "clustermvp" | Set-RDRemoteApp -IconPath "c:\windows\system32\shell32.dll" -IconIndex 46
Creating Subfolders in the Application
Using the The RemoteDesktop PowerShell module we’re also able to add subfolders in RD Web Access and “move” specific Remote Apps to specific folders.
In order to do so we use the same command as above, Set-RDRemoteApp. For example, to create a subfolder called “My tools” and move the Remote App MSpaint to that folder you can use the following command:
Set-RDRemoteApp -CollectionName “Application 1” -Alias clustermvp -FolderName “My tools” -ConnectionBroker mvpdc01.mvp.local
Creating File Extensions
A common setting is configuring the file extensions for Remote Apps. Inside the ServerManager GUI, file extensions are configured as a property of a RemoteApp, therefore you would expect that setting a file extension using PowerShell should be done using the command Set-RDRemoteApp. Instead, we need to use a different command called Set-RDFileTypeAssociation.
For example if we want to add the file extension .pdf or .txt to a Remote App Acrobat Reader or Wordpad we can use the following command:
Set-RDFileTypeAssociation –CollectionName “Application 1” -AppAlias AcrobatReader -FileExtension .pdf -IsPublished $true –ConnectionBroker mvpdc01.mvp.local
More about using Powershell to manage RemoteApp programs.
Get-RDRemoteApp (http://technet.microsoft.com/en-us/library/jj215454.aspx) is used to list properties for RemoteApps.
Example:
Get-RDRemoteApp -alias “wordpad” | fl
Set-RDRemoteApp (http://technet.microsoft.com/en-us/library/jj215494.aspx) is used to set properties for RemoteApps.
Example:
Set-RDRemoteApp -Alias “wordpad” -DisplayName “WordPad – Renamed”
New-RDRemoteApp (http://technet.microsoft.com/en-us/library/jj215450.aspx) is used to create a new RemoteApp in a certain collection.
Example:
New-RDRemoteApp -CollectionName “RemoteApps” -Alias “regedit” -DisplayName “RegEdit” -FolderName “Admin Tools” -FilePath “C:\Windows\regedit.exe”
Remove-RDRemoteApp (http://technet.microsoft.com/en-us/library/jj215493.aspx) is used to remove a RemoteApp.
Example:
Set-RDRemoteApp -CollectionName “RemoteApps” -Alias “wordpad”
Get-RDAvailableApp (http://technet.microsoft.com/en-us/library/jj215457.aspx) is used to list available applications to publish in a collection.
Example:
Get-RDAvailableApp -CollectionName “RemoteApps”
Get-RDFileTypeAssociation (http://technet.microsoft.com/en-us/library/jj215461.aspx) lists the filetype association(s) for a certain application.
Example:
Get-RDFileTypeAssociation -AppAlias “wordpad”
Set-RDFileTypeAssociation (http://technet.microsoft.com/en-us/library/jj215459.aspx) is used to set the filetype association(s) for a certain application.
Example:
Set-RDFileTypeAssociation -CollectionName "Application 1" -AppAlias "wordpad" -FileExtension ".txt" -IsPublished $True -IconPath "%ProgramFiles%\Windows NT\Accessories\wordpad.exe" -IconIndex 0
Happy RDS clustering
Robert Smit
https://robertsmit.wordpress.com
Share this:
Robert Smit MVP Blog 
Hey Robert,
Thanks for sharing.
I’ve setup the deployment as described. It worked in the first place, but then I started to change some things and now it does not work anymore.
You’re not talking about certificates our any configuration changes you’ve made to the ‘edit deployment properties’ in server manager.
I’ve created a DNS record for rds.domain.com. this points to the web access / gateway server. The RD Web Access url is set to the local url (webaccessserver.domain.local/RDWeb)
Certificates are all set to *.domain.com and are all trusted.
Now I am facing the error: Remote Desktop can’t fint the computer rds.domain.com. This means that rds.domain.com does not belong to the network.
But when I try to ping rds.domain.com I get an reply from my webaccess server, so it is findable.
It’s an internal connection so the usual solution for this problem (changing gateway enty in IIS) is not working for this issue.
Based on my information, can you put me in a direction to take a look at?
So ping has no relation to trusted or not. make sure the gateways and DNS are fine. maybe for test you can put a host file on every involved machine with all the IP just to make sure. also the *.domain cert must be available on the involved machines and trusted so a bogus website must respond. did you check the local firewall.
Hi great to see this kind of information, do you know if I can manage this with 1 server ?
you can’t do this with just one server. you need a dedicated hyper-v server for the VDI. but you can use VM’s but it all depends on you configuration, VDI needs a hyper-v server the desktop sharing could based on one Hyper-v server.
thanks for reading my blog for direct questions you can tweet me @clustermvp
Hi Robert – I have setup Server 2016 as a simple RD Session Host and it is working fine – however the Remote Desktop Services Manager application doesn’t seem to be installed, just a couple of RDS Licensing apps. Should it be there, or is there a new way to keep tabs on who is logged in? Have done a bit of searching but documentation seems a little sketchy as yet on RDS 2016.
basically it is the same as in 2012R2 the Licensing services could be running on a other server. The big difference in 2016 is load and functionality. but not the configuration or management.
Hi Robert – I have been looking but cannot find an answer to this question. Are there differences in RDS capabilities when using 2016 Standard vs 2016 DataCenter? Appreciate your write up.
Hi,
the kernel is the same only the licensing is different. and datacenter has the storage replication see here for more detail https://www.microsoft.com/en-us/cloud-platform/windows-server-comparison
Click to access
I cannot access our RDS Deployment from outside of the LAN. Deployment details as follows:
EDIT: Server 2016
Broker01/Broker02 – Configured in HA both with internal IP (10.x.x.x) – Broker01 also holds the Web Access role
RDGateway01 – Two NICS, on internal IP address (10.x.x.x) and one for DMZ (192.x.x.x)
SessionHost01/02 – Both with internal IP Address (10.x.x.x)
Everything works beautifully on the inside, I can type our URL rds.mydomain.com and there is no problems. Issues arise when trying to access externally.
The firewall on the DMZ has been set to forward requests on port 443 to the RDSGateway01 but I keep getting “This Page Cannot Be Displayed” or something different depending on the browser. What am I missing?
Thanks
it could be the local firewall or misconfiguration from the iis GW if the GW server is only listening to the IP and not rds.mydomain.com
make sure the RDS site is also listening on that site
I’m looking at setting up this way for the first time…been using 2008r2 where everything Remote App can be on one server. I use a single hosted VM now, but looking at your article it looks like I’ll need a minimum of three. Correct?
yes that would be the best option.
Thanks for reading my blog
What about CALS on windows server 2016 regular and essentias. Do I need CALS to activate RDS or no?
it depends on your agreement with Microsoft.
Hi Robert,
We have setup Server 2016 as a simple RD Session Host, and everything it´s ok but printing redirection doesn´t works. Server not connecting local printers although the option is checked. Any ideas?. Regards.
is this on in the GPO enable printer redirection ? the client is connecting true the server.
Hi Robert,
Great post. We have a challenge though: can you somehow let one user connect to multiple vdi’s from the pool? We are having Kiosk-machines we want to wipe everytime a user logs of – and a way is rds in pools – we only have one user that is connecting (should happen automatically when someone starts the pc up) we tried with server 2012 r2 which looks quite similar to 2016.
Any guesses/ideas in that matter?
Hi,
One user connected to one VDI no other options.
I would do a logoff script / signoff that reboots the machine and wipe this VDI img.( say redeploy ) or in other words a mandatory user profile is your best option.
But if you build something new use 2016.
https://technet.microsoft.com/en-us/itpro/windows/manage/mandatory-user-profile
Hello,
I need to ask that do I need to make my VDMs part of same domain as my server is on? Is it necessary?
Thanks
Hi Robert, good post. What is difference between 2016 RDI and Multipoint services
Yes only domain Machines can be used
Multipoint server is used for giving instructions. So one master and many same screens. as RDS session host can run everybody his own desktop with his own apps.
https://blogs.technet.microsoft.com/enterprisemobility/2014/10/27/announcing-the-multipoint-services-role-in-window-server-vnext-technical-preview/
Hi Robert,
I have a question, in RDS 2008r2 I can create .msi installers for the Remoteapps. This is possible in RDS2016?
i installed RDCB 2016 with 3 session hosts behind that in a single collection. i have a single beta tester that logs in each day for the last 3 days. when she logs in it fails to send her to the collection behind the cluster. we have tried this from a thin Client and a PC. the RDP connection is point properly to the collection. once i reboot the RDC and the Session hosts it connects fine, but all of the settings we put on the day before ( like I.E. settings etc.) are no longer set properly. we are using UPD. any help would be greatly appreciated.
HI, thank you for your guide. But Here is a question for you. I am trying to install my self the RDS package on microsoft windows 2016. I am having trouble having user remote in to the right session host. I got everything working and they can use it internally. And they are able to access the web apps. But it is when they remote in it puts them in the main server and not the remote host. Error message ” remote desktop services failed to join the connection broker on server companydomainname”
Set up.
server1 – rd connection broker, rd webaccess, also rd session host. This one server house mostly everything cause its the main server.
server2 – rd session host 1
server3 – rd session host 2
group1 – user1
group2 – user2
group3 – user3
I want user1 to go into server1 and user2 go into server2 session host. and user3 to go to server3
But for something reason they are going on to server1.
Could you help me with this problem? and how much would that be? i already have it working. just want to know why i get the error and they cannot remote into the correct host.
And I thought it had to do something with the rd gateway.
so i installed that on server1 and set up rd gateway connection and everytime I get an error message. about the rd gateway is temporarily unavailable. Not quite sure what I am doing wrong or is there any more info you need from me to answer this?
yes you can and you can also uste powershell for this.
this seems like a miss configuration. Lately I see a lot of those config’s just not right. the RDCB is real important and there can be a lot of things wrong with this. But a reboot seems a quick fix.
Changing things to the farm you will need all servers up in the farm and make sure you have a Database that is holding your config. As this is the problem I think. you can configure this in the server farm.
In your configuration you will need to create 3 collections and give user 1 access to collection 1 etc. this is the only option to do this. your gateway is fine
Hi Robert, a quick question. I understand that the pre-requisites is that the RDS Farm server must be part of a domain; and not workgroup. My question is.. Does the configuration require a domain admin or a local admin will suffice?
a domain is needed! there is no option on not to use this. you can used Azure AD.
Thanks Robert! I understand a domain is needed. My question is if a domain administrator is required to perform the RDS deployment / Simply any user with administrative rights?
Hi, Thank you for this amazing post. I have fully configured and its working very well under tests. Although I only tested with 3 concurrent sessions using many different combinations of accounts. All tests were successful so I was very happy over the weekend. I pushed all our staff to test access today and only 3 users could get on. I have 3 session hosts and once one host had a user and another connection came in, the logged in user was asked if they wish to disconnect to allow user DOMAIN\USERNAME to log in.
I am investigating now. I can see disconnection messages (Code 5’s) in Event Viewer but I cannot see an issue which could cause this. I have no active CAL’S yet as I’m unsure hoe many to purchase. I thought I could simply use the demo mode for 119 days and in the first week monitor how many concurrent sessions we have so I know how many to purchase. Could this be the problem? Have you seen this before?
Glad that this helped you on building a RDS farm.
You can have the trail of 180days but you must add a Licensing server to the farm only then you can add more users than 3.
I found the issue after intensive Googling… I am using RemoteFX for my Graphics cards on the session hosts. These were only allowing one active session per host. For now I have removed the G Cards from the virtual session hosts and we have had 100 users on today. Ill investigate further regarding RemoteFX.
This info is worth being here as I guess its a common issue and there’s not much information out there regarding. Hopefully this will save someone some time if they are having the same issue and not seeing any negative logs reported in Event Viewer. It drove me wild for a couple of days 🙂
Hi,
Iam unable to configure Remote Desktop Session Host service in Windows server 2016 standard version.
I configured this service through server manager, but iam unable to see it in Administrative Tools> Remote Desktop Services Tab.
This server needs Remote Desktop (Terminal Services) licenses for multiple users sessions( We need to point this server to license server (2012 OS) which we have for acquiring licenses).
It would be pleasure if someone provide quick resolution on this.
Just point the RDS host to the RDS lic server. this can be done with a GPO.
can i have a group of servers RDS1,RDS2,RDS3. a single RDCB, and on the RDSD servers host both Session host collection and remoteapp collection?
Hi Robert – In setting up RDS remote app on VPS machines from a hoster, is there anything special that must be done that wouldn’t be needed on physical hardware? Thanks
no RDS runs perfect on a VM. just follow the guidance and it will work
Hi Robert!
Is there a known reason why remoteapps (only) don’t start on session hosts?
I set up a collection with two desktop session hosts and another collection with one host for publishing remoteapp-programs.
RDCB, RDWeb, RDG and licensing together on another single vm. Internal domain.local, external domain.com, trusted wildcard certificate for .com installed. (All Server 2016)
Everything works as desired except for the fact that we can’t start remoteapp-programs on the session hosts. RADC connects without error and remoteapps are published to the start menu. When starting a remoteapp on rdsh we see “Starting…” and after quite a while a window pops up “RemoteApp disconnected – An internal error has occured.”
When startet from another (non-rdsh) host or from an external client via rdweb the same remoteapps start without any problem.
Any idea what I’m doing wrong?
Thx
Do you have a license server in place and are the licenses applied to the rds host
So can you run a 2012 R2 RDS Licensing Server and install 2016 RDS CALs onto it? I can’t get confirmation anywhere either way. From what I can tell it seems like it might want a 2016 Licensing Server, which will really suck because I can’t do that for other reasons.
What you need is 2016RDS licences and this can be run on a 2012R2 server. but make sure you have 2016RDS lic.
Thanks Robert. I don’t have the option to add “2016 RDS” CALs on my 2012 R2 Licensing server. Is there a KB that I need to install that will expose that as an option or is this an issue with the 2016 license itself not working correctly?
Yes, and licensing was not a problem.
RDSH wasn’t fully patched an after installing all mircosoft updates and restarting the server everything worked as expected.
Thanks for your reply and sorry for this stupid problem.
hi Robert,
i got a 3 server RDS farm using 2016, i seem to be having an issue with the connection broker. server1 has the CB, webaccess, license mgr roles. Both server 2&3 have only the session broker role. I created a DNS record called RDS with the ip of server1. when trying to connect to rds its trying to connect to server1 and not one of the 2 servers with the session broker role…..server2 or 3. For the time being I’ve been using DNS round robin which is sort of doing the job.
Secondly, regarding the web access role which is currently on server1, should it be on both server 2&3 since the company’s accounting app will be installed on server 2 & 3??
Hi Bob,
for redundancy it is best to use 2 webservers can be on the same as the gateway and two connection brokers. the Gateway or website on the Connection broker is not the best option when using 2 CB make sure there is a SQL DB on a separated machine. and yes DNS roundrobing should work. the CB is transferring the users to a RDS host based on the load if there is no limit default then all gets to the same server. set a value of 1 or 2 in the RDS when testing to make sure the next logon (different user) is on the other rds host.
the webserver role should only be on the server that is facing the internet/website for access , all the other servers doesn’t need the web role.
Hey Robert,
We have 3 servers setup in a simple farm. When connecting to the gateway.server/RDWeb and clicking on the remote desktop icon – you get the “Do you trust the publisher of this remote connection” popup and everything in there looks good – you hit connect and it tries to connect to a server.local and is failing due to the certificate. I can’t put a trusted certificate on .local and I have made sure the broker connection is name with the public.com address. Any ideas?
Hi josh,
just make sure the name of the conection broker is in the certificate. Create a GPO and place the certificate as trusted. if you use your own certificate and in the RDS gpo place the certificate thumb in the GPO.
Computer Configuration -> Administrative Templates -> Windows Desktop Services -> Remote Desktop Connection Client). Specify SHA1 thumbprints of certificates
Hi – is there a way to have the Remote Desktop App interact with local client installed app? I have a CRM c/s app that calls to the default mail client – but the mail client is on local machine not on remote machine – is there interaction between remote streamed app and the local machine running the RDP client?
this is not possible. the RDP session runs on a server and is isolated from the client. you should add an email client in RDP also.
Reblogged this on Konkretor Blog, IT Stuff and more.
Hi
In RDS Application I am not able to set print range option.
Please suggest.
Printing should be done with a GPO. Or use a follow me printer.
Hi,
I have deployed a Server 2016 as RDS with all services required. I can access my published apps via Browser with the url, but when trying to add the RemoteApp in “Access RemoteApp and desktops” it keeps saying “Your Credentials did not work”. I am sure the credentials are correct.
Do you have a idea of what could be missing or failing?
Many thanks in advance.
are you using domain\user or name.name@domain.local as this should work the old login style is not working
Is this the best solution for migrating Terminal Server 2008 with approximately 100 Client licenses to 2016?
Hi Sonia thanks for reading my blog.
Well If you don’t want to use Azure as Windows virtual desktop Could be an option but that is a totally different topic. If you want to migrate From Server 2018 you can rebuild everything in 2016 but better in Server 2019. Or do a in place upgrade from 2008<.20162019 but rebuilding is quicker but it is depending on your hardware configuration.
Thanks for sharing such beautiful information with us.
I hope you will share some more info about Remote Desktop Services Remote .
Please keep sharing.
Can I connect the RDS Server from a client that not join the domain (The domain that RDS joined)?
When I connect from a non-joined Client, I always get “The remote computer not found”
the problem is DNS make sure the RDS server can be found or use an IP connection.
I have using single serve for RDS role after RDS installtion give “There are no available computers in the pool. Try connecting again, or contact your network administrator”
& Also unable to connect RDP server & serve is other locations I m do in activity form remote
Plz suggest me
Hi thanks for your comment, a single server you should be able to RDP, make sure the users are in the local RDP group. and that NLA is not blocking your connection or firewall.
I have been running a 2016 RDS single server setup. Can I easily broaden that into a multi-server farm environment, or do I have to install a new multi-server farm from scratch?
Hi,
I have a strange issue at a customer, I have published a application that in it’s turn got a hook to Excel to generate a report and export the result to Excel.
That works fine from a computer on the same lan as the RDSserver, but if I connect with vpn or over internet it is unable to start Excel. Any thougths how to solve that?
/Lennart
Hi Doug, no you can extend your site but you will need an connection broker installation on a different server than the RDS host. your current RDS host can be added to the Connection broker and the new server can be added also or removed.
Hi it could be a couple of things a firewall could block things. and or DNS is not resolving the correct servers. make sure that when you use vpn you can resolve all te servers in your network FQDN and netbios name only. 99% that these two things will fix your issue
Hi Robert, thanks for your quick response, It’s dosent seem to be related to name resolution, it all in one box. I have added fqdn and short name to the hostfile on the computer that I’m testing on. VPN connected computer get a ip address from a other subnet then what the server is on, but is no firewall rules between them. I will try to set them on the same ip segment and see if that helps, Thanks a lot for your help
/Lennart