Remote Desktop Services settings

Supported configurations for Remote Desktop Services

• Article
• 02/10/2022
• 6 minutes to read
• 14 contributors

Is this page helpful?

Yes No

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Submit

Thank you.

In this article

Applies to: Windows Server 2022, Windows Server 2016, Windows Server 2019

When it comes to supported configurations for Remote Desktop Services environments, the largest concern tends to be version interoperability. Most environments include multiple versions of Windows Server - for example, you may have an existing Windows Server 2012 R2 RDS deployment but want to upgrade to Windows Server 2016 to take advantage of the new features [like support for OpenGL\OpenCL, Discrete Device Assignment, or Storage Spaces Direct]. The question then becomes, which RDS components can work with different versions and which need to be the same?

So with that in mind, here are basic guidelines for supported configurations of Remote Desktop Services in Windows Server.

Note

Make sure to review the system requirements for Windows Server.

Deploy your Remote Desktop environment

• Article
• 12/23/2021
• 5 minutes to read
• 7 contributors

Is this page helpful?

Yes No

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Submit

Thank you.

In this article

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016

Use the following steps to deploy the Remote Desktop servers in your environment. You can install the server roles on physical machines or virtual machines, depending on whether you are creating an on-premises, cloud-based, or hybrid environment.

If you are using virtual machines for any of the Remote Desktop Services servers, make sure you have prepared those virtual machines.

1. Add all the servers you're going to use for Remote Desktop Services to Server Manager:

   1. In Server Manager, click Manage > Add Servers.
   2. Click Find Now.
   3. Click each server in the deployment [for example, Contoso-Cb1, Contoso-WebGw1, and Contoso-Sh2] and click OK.

2. Create a session-based deployment to deploy the Remote Desktop Services components:

   1. In Server Manager, click Manage > Add Roles and Features.
   2. Click Remote Desktop Services installation, Standard Deployment, and Session-based desktop deployment.
   3. Select the appropriate servers for the RD Connection Broker server, RD Web Access server, and RD Session Host server [for example, Contoso-Cb1, Contoso-WebGw1, and Contoso-SH1, respectively].
   4. Select Restart the destination server automatically if required, and then click Deploy.
   5. Wait for the deployment to complete successfully

3. Add RD License Server:

   1. In Server Manager, click Remote Desktop Services > Overview > +RD Licensing.
   2. Select the virtual machine where the RD license server will be installed [for example, Contoso-Cb1].
   3. Click Next, and then click Add.

4. Activate the RD License Server and add it to the License Servers group:

   1. In Server Manager, click Remote Desktop Services > Servers. Right-click the server with the Remote Desktop Licensing role installed and select RD Licensing Manager.
   2. In RD Licensing Manager, select the server, and then click Action > Activate Server.
   3. Accept the default values in the Activate Server Wizard. Continue accepting default values until you reach the Company information page. Then, enter your company information.
   4. Accept the defaults for the remaining pages until the final page. Clear Start Install Licenses Wizard now, and then click Finish.
   5. Click Action > Review Configuration > Add to Group > OK. Enter credentials for a user in the AAD DC Administrators group, and register as SCP. This step might not work if you are using Azure AD Domain Services, but you can ignore any warnings or errors.

5. Add the RD Gateway server and certificate name:

   1. In Server Manager, click Remote Desktop Services > Overview > + RD Gateway.
   2. In the Add RD Gateway Servers wizard, select the virtual machine where you want to install the RD Gateway server [for example, Contoso-WebGw1].
   3. Enter the SSL certificate name for the RD Gateway server using the external fully qualified DNS Name [FQDN] of the RD Gateway server. In Azure, this is the DNS name label and uses the format servicename.location.cloudapp.azure.com. For example, contoso.westus.cloudapp.azure.com.
   4. Click Next, and then click Add.

6. Create and install self-signed certificates for the RD Gateway and RD Connection Broker servers.

   Note

   If you are providing and installing certificates from a trusted certificate authority, perform the procedures from step h to step k for each role. You will need to have the .pfx file available for each of these certificates.

   1. In Server Manager, click Remote Desktop Services > Overview > Tasks > Edit Deployment Properties.
   2. Expand Certificates, and then scroll down to the table. Click RD Gateway > Create new certificate.
   3. Enter the certificate name, using the external FQDN of the RD Gateway server [for example, contoso.westus.cloudapp.azure.com] and then enter the password.
   4. Select Store this certificate and then browse to the shared folder you created for certificates in a previous step. [For example,\Contoso-Cb1\Certificates.]
   5. Enter a file name for the certificate [for example, ContosoRdGwCert], and then click Save.
   6. Select Allow the certificate to be added to the Trusted Root Certificate Authorities certificate store on the destination computers, and then click OK.
   7. Click Apply, and then wait for the certificate to be successfully applied to the RD Gateway server.
   8. Click RD Web Access > Select existing certificate.
   9. Browse to the certificate created for the RD Gateway server [for example, ContosoRdGwCert], and then click Open.
   10. Enter the password for the certificate, select Allow the certificate to be added to the Trusted Root Certificate store on the destination computers, and then click OK.
   11. Click Apply, and then wait for the certificate to be successfully applied to the RD Web Access server.
   12. Repeat substeps 1-11 for the RD Connection Broker - Enable Single Sign On and RD Connection Broker - Publishing services, using the internal FQDN of the RD Connection Broker server for the new certificate's name [for example, Contoso-Cb1.Contoso.com].

7. Export self-signed public certificates and copy them to a client computer. If you are using certificates from a trusted certificate authority, you can skip this step.

   1. Launch certlm.msc.
   2. Expand Personal, and then click Certificates.
   3. In the right-hand pane right-click the RD Connection Broker certificate intended for client authentication, for example Contoso-Cb1.Contoso.com.
   4. Click All Tasks > Export.
   5. Accept the default options in the Certificate Export Wizard accept defaults until you reach the File to Export page.
   6. Browse to the shared folder you created for certificates, for example \Contoso-Cb1\Certificates.
   7. Enter a File name, for example ContosoCbClientCert, and then click Save.
   8. Click Next, and then click Finish.
   9. Repeat substeps 1-8 for the RD Gateway and Web certificate, [for example contoso.westus.cloudapp.azure.com], giving the exported certificate an appropriate file name, for example ContosoWebGwClientCert.
   10. In File Explorer, navigate to the folder where the certificates are stored, for example \Contoso-Cb1\Certificates.
   11. Select the two exported client certificates, then right-click them, and click Copy.
   12. Paste the certifcates on the local client computer.

8. Configure the RD Gateway and RD Licensing deployment properties:

   1. In Server Manager, click Remote Desktop Services > Overview > Tasks > Edit Deployment Properties.
   2. Expand RD Gateway and clear the Bypass RD Gateway server for local addresses option.
   3. Expand RD licensing and select Per User
   4. Click OK.

9. Create a session collection. These steps create a basic collection. Check out Create a Remote Desktop Services collection for desktops and apps to run for more information about collections.

   1. In Server Manager, click Remote Desktop Services > Collections > Tasks > Create Session Collection.
   2. Enter a collection Name [for example, ContosoDesktop].
   3. Select an RD Session Host Server [Contoso-Sh2], accept the default user groups [Contoso\Domain Users], and enter the Universal Naming Convention [UNC] Path to the user profile disks created above [\Contoso-Cb1\UserDisks].
   4. Set a Maximum size, and then click Create.

You've now created a basic Remote Desktop Services infrastructure. If you need to create a highly-available deployment, you can add a connection broker cluster or a second RD Session Host server.

How to Set up Remote Desktop Services in Windows Server 2016

• Author:

  sengstar2005

• Updated date:

  Dec 25, 2020

Accomplished systems and network administrator with 10+ years of experience managing server infrastructures and data-center operations.

There was quite a change from installing Remote Desktop Services [aka Terminal Services] with the introduction of Windows 2012. It was confusing, and when you install the Remote Desktop Services host server, there was no longer the familiar Remote Desktop Manager, and you could either work through the settings in the registry directly or bring over the remote desktop manager snap-in from Windows 2008R2.

However, that wasn't quite the right way to install Remote Desktop Services on Windows 2012 and later. This tutorial will show how to install Remote Desktop Services in Windows Server 2016, but it can be applied to Windows 2012 or Windows 2012R2. This tutorial assumes that there are no Windows 2012 or later versions of Remote Desktop Services installation in the Windows domain.

Author: Robert Smit [MVP]

Robert Smit is Senior Technical Evangelist and is a current Microsoft MVP in Clustering as of 2009. Robert has over 20 years experience in IT with experience in the educational, health-care and finance industries. Robert’s past IT experience in the trenches of IT gives him the knowledge and insight that allows him to communicate effectively with IT professionals who are trying to address real concerns around business continuity, disaster recovery and regulatory compliance issues. Robert holds the following certifications: MCT - Microsoft Certified Trainer, MCTS - Windows Server Virtualization, MCSE, MCSA and MCPS. He is an active participant in the Microsoft newsgroup community and is currently focused on Hyper-V, Failover Clustering, SQL Server, Azure and all things related to Cloud Computing and Infrastructure Optimalization. Follow Robert on Twitter @ClusterMVP Or follow his blog //robertsmit.wordpress.com Linkedin Profile //nl.linkedin.com/in/robertsmit Robert is also capable of transferring his knowledge to others which is a rare feature in the field of IT. He makes a point of not only solving issues but also of giving on the job training of his colleagues. A customer says " Robert has been a big influence on our technical staff and I have to come to know him as a brilliant specialist concerning Microsoft Products. He was Capable with his in-depth knowledge of Microsoft products to troubleshoot problems and develop our infrastructure to a higher level. I would certainly hire him again in the future. " Details of the Recommendation: "I have been coordinating with Robert implementing a very complex system. Although he was primarily a Microsoft infrastructure specialist; he was able to understand and debug .Net based complext Windows applications and websites. His input to improve performance of applications proved very helpful for the success of our project View all posts by Robert Smit [MVP]