Remote Apps server løsning (2012/2016?) Question

Topic Author
  • Posts: 124
  • Karma:
  • Gender: Unknown
  • Birthdate: 11 Sep 2019
Remote Apps server løsning (2012/2016?) #53
Vejledning til at installere server 2012 std. med remote app server.
Link 1 -http://msfreaks.wordpress.com/2013/12/09/windows-2012-r2-remote-desktop-services-part-1/
​OBS! Når installation er gennemført, skal man gå til RD Gateway manager (på rds serveren), resource authorization policies, under network resources skal man ændre indstillingen til allow users to connect to any resource, på den måde kan man tilgå programmer fra "alle PC" og ikke kun domæne tilknyttede PC.
For at gøre tilgangen nemmere kan man ændre adressen, således at man kan nøjes med f.eks. at skrive apps.mitrum.dk istedet for apps.mitrum.dk/rdweb, følg denne vejledning:
msfreaks.wordpress.com/2013/12/07/redire...-access-pages-rdweb/
De "rigtige" porte skal pege på RD Serveren, IKKE på DC serveren, desværre komplicerer dette også tilgangen til Essentials Webhalløjet lidt, har p.t. ikke fået en sådan løsning til at virke, men det må kunne laves med den samme type "redirect" som bruges til exhcangge

Hermed hele opsætnings vejledningen klippet fra det første link:Step by Step Windows 2012 R2 Remote Desktop Services – Part 1
Posted onDecember 9, 2013 byArjan Mensch—101 Comments








i

16 Votes


A step by step guide to build a Windows 2012 R2 Remote Desktop Services deployment.
Part 1 – Deploying a single server solution.
Although it is called a single server installation, we will need 2 servers as shown below.

Software used in this guide:
Windows Server 2012 R2 ISO (evaluation can be downloaded here:http://technet.microsoft.com/en-us/evalcenter/dn205286.aspx)
SQL Server 2012 SP1 Express x64 With tools (free version can be downloaded here:http://www.microsoft.com/en-us/download/details.aspx?id=35579. After clicking the download button select SQLEXPRWT_x64_ENU.exe)
SQL Server 2012 SP1 Native Client (free version can be downloaded here:http://www.microsoft.com/en-us/download/details.aspx?id=35580. After clicking the download button select ENU\x64\sqlncli.msi)
And a certificate. I got mine for free fromhttps://startssl.com. This certificate needs to contain the FQDN you will use as the RD Web Access URL (mine isgateway.it-worxx.nl in this guide). It needs to be in .pfx format and you need to have the private key in it.
This guide will not focus on building a domain using a single domain controller and adding the second server as a member server to this domain.
Also some basic knowledge is assumed in this guide. I will not detail how to create a Security Group and adding a computer account to it. I will also not detail how to install SQL Express, or adding logins to a SQL Server Instance security context. If you need extra help with this, Bing it or drop me a mail with details, and I will provide steps to continue.
I will be using Hyper-V 3.0 on my Windows 8.1 laptop and I have prepared 2 servers:
ITWDC01 (1 vCPU, 512MB memory, dynamic, 60GB Harddisk)
Installed Windows IPv4 192.168.66.20/24
Added .NET Framework 3.5 as a feature
Added Active Directory Domain Services as a role
Configured this server as a Domain Controller in a new forest:itw.test
ITWRDS01 (1 vCPU, 512MB memory, dynamic, 60GB Harddisk)
Installed Windows
Added .NET Framework 3.5 as a feature
IPv4 192.168.66.21/24, DNS server 192.168.66.20
Configured it as a member server in theitw.test domain
Installing the Remote Desktop Services Roles
Log on to the Domain Controller, and in Server Manager right-click the All Servers node and add the second server using the Add Servers command (or select the All Servers node, click Manage and click Add Servers).

Now that all servers needed in this deployment scenario are present, click Manage, and click Add Roles & Features.
Before you begin

Click Next.
Select Installation Type

Select Remote Desktop Services installation. Click Next.
Select Deployment Type

Although Quick Start might be a valid option for a single server deployment, leave the default selected. This will explain the steps necessary to install Remote Desktop Services in greater detail.
Click Next.
Select Deployment Scenario

Select Session-based desktop deployment. The other option will be a different post in this series.
Click Next.
Review Role Services

Review the services that will be installed.
Click Next.
Specify RD Connection Broker server

Click the member server and click the Add button.
Click Next.
Specify RD Web Access server

Check Install the RD Web Access role on the RD Connection Broker server.
Click Next.
Specify RD Session Host server

Click the member server and click the Add button.
Click Next.
Confirm selections

Check Restart the destination server automatically if required.
Click Deploy.
View progress

Wait until all role services are deployed and the member server has restarted.
Click Close.
In Server Manager click Remote Desktop Services and scroll down to the overview.

As you can see the deployment is missing a RD Gateway server and a RD Licensing server.
Installing the missing Remote Desktop Services Roles

Click the Add RD Licensing server button.
Select a server

Click the domain controller and click the Add button.
Click Next.
Confirm selections

Click Add.
View progress

Wait until the role service is deployed. No restart is needed.
Click Close.

Click the Add RD Gateway server button.
Select a server

Click the member server and click the Add button.
Click Next.
Name the self-signed SSL certificate

The wizard creates a self-signed certificate. We will deal with certificates in this deployment in a little bit. Enter the external Fully Qualified Domain Name which you will also use for the Web Access URL. In my case, for lack of a better name, I used “gateway.it-worxx.nl”. I didn’t want to use “remote.it-worxx.nl” or “desktop.it-worxx.nl” or anything else.
Click Next.
Confirm selections

Click Add.
View progress

Wait until the role service is deployed. No restart is needed.
Notice that “gateway.it-worxx.nl” was configured for the deployment.
Also notice that even more certificate configuring is need, but we’ll get to that later. Pay no attention to it for now.
Click Close.
Let’s have a quick look at the certificate configuration.
Reviewing the Remote Desktop Services certificate requirements

In Server Manager, Remote Desktop Services, Overview, click Tasks and click Edit Deployment Properties.

Configure the deployment

Review the RD Gateway settings and notice what settings are available.
Click RD Licensing.
Configure the deployment

Notice that a RD License server is available, but no license type is selected yet.
I selected Per User, but since this is just a guide setup, it really doesn’t matter.
Click RD Web Access.

Configure the deployment

By default the RD Web Access IIS application is installed in /RdWeb. If you want to know how to change this, check another post:http://msfreaks.wordpress.com/2013/12/07/redirect-to-the-remote-web-access-pages-rdweb/
Click Certificates.
Configure the deployment

Notice that the certificate level currently has a status of Not Configured.
As you can see, certificates are used for different goals within the deployment.
The RD Gateway certificate is used for Client to gateway communication and needs to be trusted by the clients. Either install the self-signed certificate on all clients, or use a certificate for which the complete certificate chain is already trusted by all clients. As it said in the wizard, the external FQDN should be on the certificate.
The RD Web Access certificate is used by IIS to provide a server identity to the browser clients (and to the Feed clients, but that’s a subject for a future post).
The RD Connection Broker actually has two goals for which it needs certificates. To enable single sign on (server to server authentication), and for publishing (signing RDP files). If you look in the deployment you’ll see that the Connection Broker is now configured to use “itwrds01.itw.test”, so we have to change it to use an external FQDN as well.
If we use the same FQDN for all goals described above, we need only 1 certificate, and only 1 external IP address.
We’ll come back to this wizard later to assign the certificate. First order of business is to change the internal FQDN for the Connection Broker to an external FQDN.
Click OK (no reason why we shouldn’t commit the change we made on the licensing tab, remember?)
Preparing for completing the Remote Desktop Services configuration
Open DNS Manager on the domain controller and browse to Forward Lookup Zones.

Right click Forward Lookup Zones and click New Zone… Go through this wizard accepting the defaults until you have to enter a Zone Name.

Enter the external FQDN which will also be used by the Connection Broker.
Finish the rest of the wizard accepting the defaults.
Browse to the newly created zone.

Right click the newly created zone and click New Host (A or AAAA)…
New Host

Leave the Name field blank, but enter the member server’s (holding the RD Connection Broker role) IPv4 address.
Click Add Host.
Create a new Global Security Group called “RDS Connection Brokers” and add the computer account for the member server to it as a group member.
We need this group to be able to convert the RD Connection Broker to a highly available RD Connection Broker. You’ll see why we need to do this in a few steps.
Reboot the member server to let it know it’s a member of the RDS Connection Brokers security group.
Install SQL Express on the Domain Controller (or use an existing SQL Server if you already have one). Here’s a list of needed features:

Now you see why I pre-configured the servers with the .NET Framework 3.5 feature before starting anything.
OBS! Tror der mangler noget tekst i bunden af vejledningen, så læs den evt. igennem inden du går i gang med opsætning.. ;-)

Use the Default Instance (so click Default, and do not leave the wizard’s selection on Named instance: SQLEXPRESS).
When the installation is done open SQL Configuration manager and browse to Client Protocols under SQL Native Client 11.0 Configuration.

Check if TCP/IP is enabled under Client Protocols. SQL Express install enables this by default, but check it just to be sure, especially if you use an existing SQL Server.
Browse to Protocols for MSSQLSERVER under SQL Server Network Configuration.

Enable TCP/IP. If this is a new SQL installation, this will be disabled by default.
Restart the SQL Server service if you changed this setting.
On the SQL Server, make sure port 1433 is not being blocked by Windows Firewall.

I added the SQL Server executable to the exception list to allow all inbound traffic.
Open SQL Server Management Studio and browse to L
1 year 3 months ago

Please Log in to join the conversation.

Time to create page: 0.210 seconds