Server 2012 has a new Remote Desktop Services (RDS) feature set which is a great addition to any network.  A common reason for wanting to implement 2012 RDS is for the Remote FX feature, RDP on steroids, which provides substantially better performance when remotely running graphic intensive applications, but there are other Remote FX bonus elements as well, in addition to other 2012 RDS features.  Remote FX was included with Server 2008 R2, but the pre 2012 hardware requirements were more restrictive, and configuration was a little more involved.

Remote Desktop Services is installed a little differently than it’s predecessor Terminal Services.  Most current instruction sets advise you to use the  “Remote Desktop Services installation” wizard, seen in the third image below.  However this automatically installs related services that conflict with those already installed on SBS, such as the Remote Desktop Gateway Service.  Therefore you need to install using the “Role Based or feature-based installation” method and manually select the features to be installed.

Installation:

To add a Server 2012, running the RDS role, the steps are as follows.

  • Install the basic Server 2012 operating system.  This can be on either a physical or virtual machine
  • Next join the computer to the domain. Where this is an SBS domain you want to do this for obvious reasons, but just to note; Server 2012 RDS does require it be domain joined.  To do so open the Server Manager Dashboard, click on “local server”, in the window to the right click on “Workgroup”, in the resulting window click “Change” and then select “Domain” and enter your internal domain name, such as MyDomain.local

image

  • Once completed and you have reboot the server, I recommend installing all Windows updates.
  • You can now begin the RDS installation.  Make sure you have first logged in with a Domain Admin account and not a local administrator account.
  • First from the Server Manager Dashboard select “Add roles and features”

image

  • Next, as mentioned earlier, choose “Role Based or feature-based installation”

image

  • Select the local server

image

  • Select the “Remote Desktop Service” role and click next

image

  • Do not select anything in the Features window, click next

image

  • There will be a pop-up window where you can select the RDS features you wish to install.  Select only the “Remote Desktop Session Host” option.  You may also want to add the “Remote Desktop Licensing” service, though you can do so at a another time.  The Licensing service will be discussed a little later on.  Click next

image

  • Click Add Features.

image

  • Select restart the server automatically, and choose install.

image

  • After a reboot the RDS service should be installed.

Tweak and configure access

There are some minor configurations to be done as well.

  • Computer OU: Firstly, on the SBS, in Active Directory Users and Computers (ADUC) you should move the new server from the Computer OU to the MyBusiness\Computers\SBSServers OU.  This will allow it to show up in the Windows SBS Console under the Computers tab (it may take a few minutes to show up).  I usually create a sub-OU for Terminal Servers when applying group policies, but this is by no means necessary.

image

  • User Group: Users must be granted the right to “log on though Remote Desktop Services”.  To do so they need to be added to the local Remote Desktop Users” group on the RDS server, not the SBS.  It would not be convenient to manage this from the RDS server, adding one user at a time so it is best in ADUC on the SBS to add a new Security Group named something like “Terminal Server Users”.  Then on the RDS server, under Administrative Tools | Computer Management | Local Users and Groups | Groups, add this domain group to the local Remote Desktop Users group.  This way from the SBS you can centrally manage by simply adding users to your new Terminal servers user group.

image

  • RWW / RWA: You will also want to make the new RDS server available through Remote Web workplace / Remote Web Access.  If added to the proper OU above it will be by default with SBS 2008, however with SBS 2011 you need to add a registry key.  The following link explains: https://blog.lan-tech.ca/2011/12/12/add-a-terminal-server-to-the-sbs-2011-rwa-page/   Note, that this does not apply to Server Essentials.
  • Certificate: Accessing the RDS server through RWA or using the RDP client and RD Gateway requires an SSL certificate.  Where you are adding this to an SBS domain, access will use your existing certificate.  Should you need to add a certificate, please see: https://blog.lan-tech.ca/2012/05/17/sbs-2008-2011-adding-an-ssl-certificate/
  • Router Configuration:  Traditionally Terminal Services required forwarding port 3389 from the router to the Terminal server’s IP.  SBS makes use of the Remote Desktop Gateway service and allows you to connect directly to the RDS server more securely using SSL and port 443.  This does require that port 443 be forwarded to the SBS, but presumably this is already configured if you are using OWA, RWA, and/or Sharepoint.
  • RDP client: To access using the RDP client simply enter the RDS server’s name in the “Computer” box, and your SBS site’s FQDN in the RD Gateway server name box, under advanced | settings.
  • image

Licensing

  • RDS also requires a CAL (Client Access License) be assigned to each device or user in order to use Remote Desktop Services.  This is managed with the Remote Desktop Licensing service mentioned earlier.  There is a 120 day grace period before you are required to install the Licensing service, purchase, and add your CAL’s.  If you exceed the 120 day grace period, users will be blocked from accessing the RDS server.
  • The service can be installed on an another similar vintage server in the domain, but for simplicity the following steps installs on the same server.  If not already done, It is installed by running the Add Roles wizard in Server Manager, in the Add Roles window, expand Remote Desktop Services, select the Remote Desktop Licensing service, then complete the wizard.
  • Open the RD Licensing manager, located under Administrative Tools | Remote Desktop services.  Expand All servers, right click on your server, choose Activate Server, and complete the required company information fields.  The last step will let you add your CAL’s now, but I recommend waiting until completing your configuration.
  • image
  • Right click on the server and choose “Review Configuration”.  You may need to add the licensing server to the appropriate group in ADUC.  You can do so easily by clicking the Add to Group button.
  • image
  • Licensing mode:  CAL’s can be purchased as Per Device or Per User.  The latter tends to be more common.  A single Per User CAL allows one user to connect from as many devices as they like; office PC, home PC, hotel lobby PC, laptop, etc.  A per Device CAL allows many users to connect from only one device.  The latter is generally only used in situations similar to a call center.  Though you can mix User and Device CAL’s it is best to pick one or the other. To set the licensing mode, open the local security policy by entering  gpedit.msc  in the Run box.  Locate the following policy, enable, and set the licensing mode.    Computer Configuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Licensing | Set the Remote Desktop licensing mode.

image

  • If you run the RD Licensing Diagnoser under Administrative Tools | Remote Desktop services, and it states a licensing server has not been specified, you may also have to manually enter the server’s name in the local security policy . It is located in the same place as the policy in the last step and named “Use the specified Remote Desktop license servers”.
  • Server CAL’s: The discussion so far relates to RDS CAL’s but it should be noted that any user accessing any server on the network also requires Server CAL’s.  Accessing the SBS and any other server of the same version year or older is covered by SBS CAL’s.  Anyone accessing the new 2012 Server will also need Server 2012 CA’s in addition to SBS CAL’s.

Firewall

  • You may also have to edit the Windows firewall.  Exceptions should automatically be created but on occasion they are not.  You can verify and edit by using Control Panel |  Windows Firewall | Allow an app or feature through the windows Firewall, and compare to the following screen shot.  It seems to be the Remote Desktop Services Public setting that is not always enabled.

image

Your RDS server should now be fully functional.

Comments on: "Add 2012 RDS server to SBS 2008/2011" (17)

  1. app.box.com said:

    Wonderful site!

  2. southern home decor said:

    I’m really enjoying the design and layout of your website.
    It’s a very easy on the eyes which makes it much more enjoyable for
    me to come here and visit more often. Fantastic work!

  3. Howdy! This is my first comment here so I just wanted to give a quick
    shout out and tell you I truly enjoy reading your articles.
    Many thanks!

  4. Thank you soooooooooooooooo much for this article. Our environment is similar to what you just describe and I’d searched e everywhere and all I could find suggested using the wizard but I kept getting a Windows PowerShell error. You saved my life. The only other thing I had to do was to configure the license server manually using powershell instructions found here:
    http://blogs.technet.com/b/askperf/archive/2013/09/20/rd-licensing-configuration-on-windows-server-2012.aspx

  5. Hi, Does Remote Desktop services requires to be on a Domain to install and run properly?
    And if yes can I run AD + DNS Server on the same server that is running remote Destop Services?

    • Since the release of server 2012 remote desktop services needs to be run in a domain. Prior to that you could have a stand-alone Remote Desktop server. In addition you cannot run Remote Desktop Services on the same server as one running Active Directory services. The ideal solution is to buy a Server 2012 license which includes licensing for 1 Hyper-V host and 2 virtual 2012 servers. One can run AD, DNS, and file and print services, the other can run your Remote Desktop Services.

  6. Thank you a lot for sharing this with all of us you actually know what you are speaking about!
    Bookmarked.

  7. Thanks for this post. I have just added a new RDS server (Windows Server 2012 r2) to SBS 2011 SBS environement. However, I get a message on new RDS Server that “There is no RD Connection Broker servers in the server pool. Should I ignore this message?

    Thanks

    • When you installed Remote Desktop services, the first option is to select either; “Role Based or Feature Based Installation”, or “Remote Desktop Services Installation”. I know it is deceiving but you want the first option, then in the add roles section, select Remote Desktop Services. If you choose the second option in the first screen it will want to set up a lot of services you will not be using.

      You only need Remote Desktop Services, and Remote Desktop Gateway which is already installed on the SBS.

  8. Thanks. I followed your instructions step by step. Its all good. I was just confirming about the message that I am getting about there is “no RD connection broker”. From your comment it seems that I can safely ignore this message. Thanks

  9. I did all of the above. Can connect to desktop with user. I am getting a Remote Desktop Services deployment error. Do I assume correctly that this method of installation does not install this service. If not, ???

  10. Thanks for the response. After digging into this much deeper, I probably should have worded it differently. I did your installation step by step and it worked great, except for ability to preform sessions deployment. Digging into that, I read that installing connection broker would give me that ability. Wrong, but it did not effect my original installation at all. However that is when I received the “Remote Desktop Services deployment error” in Server Manager. My question is does your style of installation allow for preforming sessions deployment or did I do something wrong?

    • No I am afraid not. This article addresses only the installation of a basic RDS server. If you wish to do session deployment you will need the connection broker and you are best to use the “Remote Desktop Services Installation” method, but doing so can interfere with your SBS default configuration and its Remote Web Access.

      • Well thanks, but you are right, this is the only way in this environment AND it works great like this. That in mind, do you have any tips on locking down the desktop sessions. I see many ways, but wondering if you prescribe a tried and true one.
        Also, although another subject, due to our environment, we will be changing the entire network in a couple of months. At that point we will be using the entire “Remote Desktop Services” installation. Have you ever installed it on an existing installation like yours?

  11. Sorry those questions are rather outside the scope of the article. If you “will be changing the entire network” why would you be using SBS 2011, a 6 year old operating system. In a normal domain environment, yes you would install all RD services. The issue with SBS is some services, such as the RD gateway are already present on an SBS by default, and you can create conflicts with a full install of RDS, even though on another server. For the record, you cannot install the RD server services on an SBS. Best of luck with your project.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Tag Cloud