Windows 2022
Sponsored Link

Remote Desktop : Install RDS (Session based)
2021/12/20
 
Install Remote Desktop Service (RDS). It can connect to Desktop or Applications on a Server from remote Computers.
If many users or devices connect to RDS, it needs to buy RDS CAL.
Admin mode : It's possible to run 2 administrative sessions including the console session and also it does not require Remote Desktop Client Access Licenses (RD CALs).
Per User mode : It requires an RD CAL for each unique user.
Per Device mode : It requires an RD CAL for each unique device.
[1]
It needs that the Computer you'd like to install RDS is a member Host of an AD domain.
So Prepare Active Directory Domain Server in your network.
(It is not recommended to install RDS in Domain Controller because of security risk or performance reasons.)
[2]
[3] Logon with an user who are in [Domain Admins] group and Run PowerShell with Admin Privilege.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

# Install RDS and other services and tools
PS C:\Users\serverworld> Install-WindowsFeature Remote-Desktop-Services,RDS-Web-Access,RDS-RD-Server,RDS-Connection-Broker,RDS-Licensing -IncludeManagementTools 

Success Restart Needed Exit Code      Feature Result
------- -------------- ---------      --------------
True    Yes            SuccessRest... {ASP.NET 4.8, Remote Desktop Connection Br...
WARNING: You must restart this server to finish the installation process.

# restart computer to apply changes
PS C:\Users\serverworld> Restart-Computer -Force 

# enable PowerShell remote connection
PS C:\Users\serverworld> Enable-PSRemoting 

# configure ConnectionBroker/WebAccessServer/SessionHostServer
# specify Server's hostname or IP address for each value
PS C:\Users\serverworld> New-RDSessionDeployment -ConnectionBroker "rx-7.srv.world" -WebAccessServer "rx-7.srv.world" -SessionHost "rx-7.srv.world" 

# confirm settings
PS C:\Users\serverworld> Get-RDServer 

Server                                             Roles
------                                             -----
RX-7.SRV.WORLD                                     {RDS-RD-SERVER, RDS-CONNECTION-BROKER, RDS-WEB-ACCESS}


# SSL certificate for remote accessing is generated automatically by the installation steps, 
# however, it can not access with the generated certificate because ERR_SSL_KEY_USAGE_INCOMPATIBLE error is shown, 
# so remove it and set a valid certificate you got or set a self-signed certificate created by yourself.
# it uses self-signed certificate on this example.
# show current configured certificate
PS C:\Users\serverworld> Get-ChildItem "Cert:\LocalMachine\My" 

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
DD346A7E2069F7F254B37B953BCB65E8477061A3  CN=rx-7.srv.world

# remove the auto-generated certificate
PS C:\Users\serverworld> Remove-Item "Cert:\LocalMachine\My\DD346A7E2069F7F254B37B953BCB65E8477061A3" 

# get certificate or create self-signed certificate ⇒ refer to here for creating self-signed certificate

# show new configured certificate
PS C:\Users\serverworld> Get-ChildItem Cert:\LocalMachine\My 

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
99E0FDC7DBA905320BF746FD0BF09E8904FF0186  CN=rx-7.srv.world

# set a new certificate to the IIS for RDWeb site (Default Web Site)
PS C:\Users\serverworld> $Cert = Get-ChildItem Cert:\LocalMachine\My\99E0FDC7DBA905320BF746FD0BF09E8904FF0186 
PS C:\Users\serverworld> Get-Website 

Name             ID   State      Physical Path                  Bindings
----             --   -----      -------------                  --------
Default Web Site 1    Started    %SystemDrive%\inetpub\wwwroot  http *:80:
                                                                https *:443: sslFlags=0

PS C:\Users\serverworld> Set-Item IIS:\SslBindings\0.0.0.0!443 -Value $Cert 
Remote Desktop : Install RDS (Session based) (GUI)
 
On GUI installation, set like follows.
[4]
Logon with an user who are in [Domain Admins] group and Run PowerShell with Admin Privilege and run the command below to enable PowerShell remote connection.
PS> Enable-PSRemoting
[5] Run Server Manager and Click [Add roles and features].
[6] Click [Next] button.
[7] Select [Remote Desktop Services installation].
[8] On this example, select [Standard deployment] to proceed.
[9] On this example, select [Session-based desktop deployment].
[10] Click [Next] button.
[11] Specify Remote Desktop connection Broker server. The servers in the Domain are listed, select from it.
[12] Specify Remote Desktop Web Access server. The servers in the Domain are listed, select from it.
[13] Specify Remote Desktop Session Host server. The servers in the Domain are listed, select from it.
[14] Check a box [Restart the destination server automatically if required] and click [Deploy] button.
[15] During the installation, System will restart once automatically. After finishing installation, Click [Close] button.
[16]
SSL certificate for remote accessing is generated automatically by the installation steps,
however, it can not access with the generated certificate because ERR_SSL_KEY_USAGE_INCOMPATIBLE error is shown,
so remove it and set a valid certificate you got or set a self-signed certificate created by yourself.
it uses self-signed certificate on this example. (refer to here to create self-signed one)
Open [Run] and input [certlm.msc], then you can find auto-generated certificate under the [Personal] - [Certificate].
Remove it and set the one you got or you created on the same place.
[17] Run [Server Manager] and Click [Tools] - [Internet Information Services (IIS) Manager].
[18] Right Click the [Default Web Site] on the left pane and Select [Edit Bindings].
[19] Select [https] line and click the [Edit] button.
[20] Select the certificate you got or you created on the [SSL certificate] section and click [OK] button.
Matched Content