Accomplished systems administrator/engineer with 10+ years of experience managing server infrastructures and data-center operations.
There was quite a change from installing Remote Desktop Services (aka Terminal Services) with the introduction of Windows 2012. It was confusing, and when you install the Remote Desktop Services host server, there was no longer the familiar Remote Desktop Manager, and you could either work through the settings in the registry directly or bring over the remote desktop manager snap-in from Windows 2008R2.
However, that wasn't quite the right way to install Remote Desktop Services on Windows 2012 and later. This tutorial will show how to install Remote Desktop Services in Windows Server 2016, but it can be applied to Windows 2012 or Windows 2012R2. This tutorial assumes that there are no Windows 2012 or later versions of Remote Desktop Services installation in the Windows domain.
Summary of Steps
The following is a list of steps required to setup Remote Desktop Services. It is more of a checklist.
- Pre-installation steps. This is where you determine which servers will hold the RD Session Host Server, RD Connection Broker, RD Web Access server, RD Licensing Manager, and Remote Desktop Gateway roles.
- Add servers that will have the roles installed on the list of servers that will be managed by the Server Manager where we will run the Remote Desktop Services installation wizard
- Install Remote Desktop Services from Server Manager
- Install the RD Connection Broker role on a server
- Install the RD Web Access role on a server
- Install the RD Session Host server role on a server
- Install the RD Licensing Manager role on a server
- Create Session Collections
- Configure Collection settings
- Test Remote Desktop connection into the RD Session Host Server
The Remote Desktop Services installation is a wizard for installing the following roles:
- Remote Desktop Gateway
- Remote Desktop Session Host Server
- Remote Desktop Connection Broker
- RD Web Access server
- RD Licensing Manager
We will be installing these roles across multiple servers instead of installing all these roles onto one server.
If you only have one server to test on, you can install all the roles on the one server. However, for the purpose of trying to understand Remote Desktop Services better, we will install it across multiple servers.
I have already set up the following servers with the below names (highlighted in bold) and the planned role to be installed on them :
- RDGateway: This will have the Remote Desktop Gateway role, however, we won't install it in this tutorial.
- RDSessionBroker: This will have the Remote Desktop Connection Broker role
- RDServices: This will have the Remote Desktop Session Host Server Role and the RD Web Access role
- DC: This will be a domain controller and will have the RD Licensing Manager role installed. It is not necessary that this role is installed on a domain controller. However, it makes sense since the domain controller will still have the capacity to perform as a licensing server.
Add Servers to Manage in Server Manager
I will remote desktop into the RDServices server to do the Remote Desktop services installation.
I will then add the other servers as listed above to be managed.
Open Server Manager and click on Add other Servers to manager.
Install Remote Desktop Services
Open Server Manager and click on Add roles and features.
The following is the most important step. While it’s possible to select the Role-based or feature-based installation and then select just individual components of Remote Desktop Services such as Remote Desktop Gateway, if you are going to be setting up a Remote Desktop Services server, you WILL NEED to select the Remote Desktop Services installation option.
Select Remote Desktop Services Installation, then click Next.
We will choose Standard deployment.
Choose Standard deployment and click Next
Select Session-based desktop deployment and click Next
Windows Server 2016 will now ask you to install the roles that you would not normally have installed in Remote Desktop Services for Windows 2008R2.
Installing the Remote Desktop Connection Broker server
Select the server that will have the Connection Broker role ( RDSessionBroker.domain.local in this tutorial) by highlighting it, and clicking the button with the right arrow icon.
Install RD Web Access
Select the RDServices.domain.local by highlighting it, and clicking the button with the right arrow icon.
Install the RD Session Host Servers
Select the server that will have the RD Session Host Server role i.e. the server users will be accessing either directly or via a Connection Broker or Remote Desktop Gateway (RDServices.domain.local in this tutorial) by highlighting it, and clicking the button with the right arrow icon, then click Next
Tick Restart the destination server automatically if required, and click Deploy.
Install the RD Licensing Manager
Open Server Manager.
In the left pane, click on Remote Desktop Services.
Click on RD Licensing.
The wizard will display the list of servers we've added to Server Manager. Highlight the server that will have the RD Licensing Manager role (dc.domain.local in our tutorial). Click the right arrow icon to select it.
There is a grace period of 120 days to use the Remote Desktop Session Host server as a Remote Desktop Server (aka Terminal Server) without pointing it to an RD Licensing Manager with RD CALs installed.
I will create a followup article on how to add RD CALs.
Create Session Collections
We now need to create a session collection.
A session collection consists of one or more Remote Desktop Session Host servers. An RD Session Host server cannot be a member of more than one collection.
A session collection contains the apps and desktops that you want your users to use.
In Windows Server 2008R2, we didn't have to create session collections.
Click on Collections.
From the Tasks dropdown menu, select Create session Collection.
Name the Collection
Enter a name for the collection, and click Next.
Add RD Session Host Server to Collection
Select RDServices.domain.local for the RD Session Host server to add to the Collection. Click on the button with the right arrow icon.
Specify User Groups Who can Access the Collection
We can enable specific groups of users to be able to access this Collection.
Enter the group that is allowed to access this collection. We will remove the Domain Users group because we don't necessarily want everyone on the domain to be able to Remote Desktop into the Remote Desktop server.
Specify User Profile Disks
In this tutorial, we won’t allow user profile disks for this collection. Some applications may require users to have user profiles to store temporary files etc. If so, we will need to enable this option and specify a location to a share that will store the user profiles. We specify a share since the collection can be hosted on multiple RD Session Host servers and we need to be able to access the share from any of the RD Session Host servers.
Configure Collection Settings
Click on the Applications1 collection on the left pane
In the Tasks drop down menu, select Edit Properties
The collection's properties window will appear. Some sections were properties we had already set during the creation of the collection. We can make changes to those settings here.
For other sections, we can leave as default or alter the settings to suit. For users who have setup Remote Desktop Services for Windows Server 2008R2 before, the sections here will be familiar as they used to be in the RD Session Host Server's properties.
Remote Desktop into the Collection
The Remote Desktop Services installation is now complete.
Users who are in the group that was allowed access to the collection can now Remote Desktop to the RD Session Host server which was part of the Applications1 collection. In our tutorial, it’s the RDServices.domain.local server.
In this setup, TCP Port 3389 must be opened on the firewall for connection to the RD Session Host server. You will need to setup any NAT-ing where appropriate on the firewall.
We have now setup Remote Desktop Services for Windows Server 2016. In this type of Remote Desktop Services setup, the clients will Remote Desktop directly to the RD Session Host server that is part of the collection to use the applications that are installed on the RD Session Host server.
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.
© 2018 sengstar2005
jergomez on December 23, 2019:
Thank you for this steps. I wanted to know in this scenario, how or where to setup the remote desktop services. 1 windows 2019 st: domain controller, windows 2019 2 terminal servers with license. Were do we setup terminal service Broker services? on domain controller ? and if this is the case we should see the 2 terminal servers to be added to broker in the drop down as available services? Also I am assuming the broker will perform the "round robin" on proving the access for users?
sengstar2005 (author) from Sydney on November 08, 2019:
Hi Byju, I've got no suggestions other than if you want to check the following article on how to setup RDS session broker for Windows 2016 :
Byju on November 08, 2019:
Thanks for the article. I was not able to find proper steps for 2016 online.
In my environment I have build RDS in high availability for 2012r2. But the same is failing when I am trying to do it for 2016 datacenter edition. I am able to configure high availability but addition of another server is not happening. It keeps failing, I have checked the permission of the group(session broker servers ad security group) at sql level and it has dbowner permission. But still while adding the other server in high availability the installation fails.
Any suggestion on this?
sengstar2005 (author) from Sydney on May 28, 2019:
Hi Jackland, in the old Windows 2008R2 environment, you would only need to install the RD License server and RD Session Host roles. In Windows 2012 and above, it is still possible to install the roles separately i.e. the RD Session Host role (which is what you need to allow User1 to work on App A, User2 to work on App A, etc.. on the same server) and install the RD License server separately. However, the RD Session Host role no longer comes with the nice GUI management interface you see in Windows 2008R2. You can either modify the registry settings directly or port over the RD management tool from Windows 2008R2 server, or just learn the new way Microsoft wants us to install the RDS services.
Jackland on May 16, 2019:
Hi, I only need a RD licence server and do not need rest of the stack. the sole intention is to allow 125 users to log on to a windows machine to work on application in independent sessions. like if User1 is working on Application A, User2 should also be able to work on Application A. User3 should also be allowed to work on Application A.
Which components of the RDS should I install.
sengstar2005 (author) from Sydney on December 12, 2018:
It is possible to install only the RDGW and RDWEB roles on the external server. When you use the wizard, you can choose to install those two roles on the external server, and then choose to install the other roles on your internal servers.
The RDGW will use the internal DNS server to redirect requests to the internal server.
If you want to understand the principle of how to set it up you can read the following articles. They were setup for Windows 2008R2 but the principle is the same even though the admin tool to do it is different from Windows 2016.
When you combine RD Web and RDGW, you can have your external users browse through to the RD Web. Because it is a Web Site, it can go through their proxy server if they use one. You publish your internal applications on RDWEB, and the RDGW will redirect requests to those resources.
Here's how to configure a remote desktop gateway in Windows 2016.
Al on December 06, 2018:
i'm missing some pieces...
I'm trying a soluzione where in DMZ i'v a RDGW/RDWEB on the same server and on the internal network the RDSH and RDLS.
1- is it possible to install only RDGW and RDWEB roles on the external server?
2- How to tell the perimeter server to redirect the requests to the internal server?
sengstar2005 (author) from Sydney on August 05, 2018:
Zoshef Anzum on August 05, 2018:
Thanks for your information. Very impressive and detailed.