Hello. This video is part of a series explaining the process of deploying Remote Desktop Services in Microsoft Windows. As a brief introduction, Remote Desktop Services allows users to access applications, desktops and data hosted in remote servers.
Users can connect from a variety of devices to a centralized environment that provides them with a consistent and familiar experience regardless of their physical location. The current implementation of Microsoft Remote Desktop Services consists of various roles that accomplish several functions.
There's the role of the session host, for instance, that is more evident to the users as it hosts the desktops and applications they will interact with. Other infrastructure RDS roles include the licensing server, the connection broker the web access server, and the RDS gateway server.
Smaller deployments of RDS will use just a few, or maybe just the one server to implement all of these roles. Large deployments, on the other hand, serving many users and hosting many applications will need these roles to be distributed among several servers.
In this video I'll go over the steps required to implement a basic RDS infrastructure where all of the essential roles are installed on a single server.
Here I have a Windows Server 2022 computer that is not part of a domain. The steps I will take however can also be used in a computer that is a domain controller. In Server Manager click ‘Manage’ and then ‘Add Roles and Features’.
Click ‘Next’ to skip the ‘Before you begin’ screen. Select ‘Role-based or feature-based installation’ and click ‘Next’. On the ‘Select destination server’ screen select the local hostname as the destination server.
On the ‘Select server roles’ page select ‘Remote Desktop Services’ and then click ‘Next’. Click next again to skip the ‘Select features’ screen and then again to skip the ‘Remote Desktop Services’ overview screen.
At the ‘Select role services’ screen select the ‘Remote Desktop Licensing’ role and at the prompt, add the required features. Also click the ‘Remote Desktop Session Host’ role and one more time click ‘Add Features’ the required features.
Click ‘Next’ and at the confirmation screen click ‘Install’. Wait for the installation to finish, and when it is finished, click ‘Close’ to exit the wizard and restart the computer. After the restart the session host is ready to receive remote desktop connections, but first it's important to configure licensing.
First, in ‘Server Manager’ click ‘Tools’, ‘Remote Desktop Services’ and then ‘Remote Desktop Licensing Diagnoser’. Notice that zero licenses are available for clients, the licensing mode shows as ‘Not Configured’ and two warnings are displayed. Again, that the licensing mode is not configured, and that the session host is within its grace period and has not been configured with any license server.
This last part is also visible under the Remote Desktop Services License Server Information in Server Manager. Again, click ‘Tools’ and ‘Remote Desktop Services’ and now ‘Remote Desktop Licensing Manager’. Notice the red X next to the server name. Right click the server name and the reason is displayed. ‘License server is not activated’. Let's correct all of this.
First, open the Local Group Policy Editor by running ‘gpedit.msc’. Expand ‘Computer Configuration’, ‘Administrative Templates’, ‘Windows Components’, Remote Desktop Services’, ‘Remote Desktop Session Host’ and then ‘Licensing’. Double click ‘Use the Specified Remote Desktop License Servers’. Click the ‘Enabled’ radio button and then enter the computer name or IP address of the Local Host.
This is because I'm using one server to host all of the required RDS roles, including licensing. If I were to use a different workgroup server as my license server, I would have to enter its name here as well. Click OK when finished. Back in the RD Licensing Diagnoser, click ‘Refresh’ and notice that the license server for the deployment is now listed.
The second warning has now changed to ‘License server is not activated’, this will be taken care of shortly. Return to group policy editor and double click the ‘Set the Remote Desktop Licensing Mode’ policy. Click the enabled radio button and then ensure that the licensing mode is set to ‘Peer Device’.
This is a requirement when RDS client access licenses are in use in a workgroup environment because client access licenses need to be assigned to client devices, as opposed to users, in an Active Directory domain. Click OK. Back again in RD Licensing Diagnoser, click ‘Refresh’ and take note of the changes.
In addition to the warning seen previously about the server not being activated, there's one indicating that there aren't any install licenses. Let's correct these warnings. Next, return to RD Licensing Manager, right click the license server and click ‘Properties’. Activating the license server is a process that will look different depending on which option is configured for the ‘Connection method’.
Here the ‘Automatic connection’ is a default and recommended method. As a description shows the license server requires internet connectivity to reach the Microsoft Clearinghouse servers to complete the activation. The other two methods are used when there's no internet connectivity directly from the server that needs to be activated and basically allowed to complete the activation through a web browser from a different system or over the telephone.
This server however has internet connectivity, so let's leave that default of ‘Automatic connection’ by clicking ‘Cancel’. Right click the license server again and click ‘Activate server’. At the wizard click ‘Next’ on the welcome screen. Leave the default for the connection method, and then click ‘Next.
Enter the required information and click ‘Next’ again. The following fields are not mandatory, but it is recommended to fill them out. When finished click ‘Next’. At the completing the wizard screen notice the message indicating that the server was successfully activated and click to uncheck the ‘Start Install Licenses Wizard now’ checkbox - we will do this later - and then click ‘Finish’.
Back in Remote Desktop Licensing Manager notice that the red ‘x’ next to the server name is now gone. The green check mark indicates that the license server is now activated. Return to RD Licensing Diagnoser, click ‘Refresh’ and notice that one of the warnings we had previously is no longer present. Before starting proper use of this newly deployed RDS Session Host slash License Server there's one more step, and that is to install the corresponding RDS Client Access Licenses.
These licenses are purchased in packs separately from the Operating System and are not the same as user CALs, which are also purchased separately. In the video description I've included a few links containing more information about RDS CALs, but for now let's just work with the premise that every device or user that connects to an RDS session host, requires an RDS CAL from the license server.
There's a grace period of somewhere between 52 and 120 days depending on the type of setup, during which this requirement is not enforced, but once this grace period is finished the connections will be refused due to the lack of licenses. This is what this error back in RD Licensing Diagnoser is about.
To install the licenses, back in RD Licensing Manager, right click the server and click ‘Install licenses’ click ‘Next’ at the welcome screen. Ensure that the right license program is selected. As seen in the description this license program refers to the method through which the RDS CALs were purchased.
Click ‘Next’ and enter the pertinent information. This information will sometimes be digital and available via email to the person that did the purchase, or through a website, but you can also be in physical documentation in the form of product keys. Click ‘Add’. You can review the status and type of the CALs and then click ‘Next’. After completing the Install Licenses Wizard click ‘Finish’.
Notice that the newly installed licenses are now visible in RD Licensing Manager. Back in RD Licensing Diagnoser click ‘Refresh’ and notice that there isn't any warning anymore, and all of the information about the deployment is shown correctly. This deployment is now ready to be put in production.
At this stage we can create the user account. The users connecting to this RDS session host must be added to this local group, ‘Remote Desktop Users’. Next steps are setting up group policies and installing the applications that users would access when connected to this RDS session host. So this has been the overall process to set up a standalone RDS session host in a workgroup environment.
Before ending I’d like to show how some of these same steps discussed today can be completed with three PowerShell lines. On this workgroup system with a fresh installation of Windows, in PowerShell I will run this command. It's included in the video description.
This is the equivalent of the steps I completed earlier in Server Manager to add the required roles for this deployment. Wait for the command to finish and then restart the computer. When it's back up run the following two lines. This first line will configure the licensing mode as per device and this second line will configure the license server. I'll now open RD Licensing Diagnoser to confirm the changes.
We can see that the license server is configured, and all that is missing is activating this license server and installing the RDS CALs using the steps I discussed earlier.
Once again this has been the overall process to set up a basic Remote Desktop Services environment in a workgroup, with all of the roles running on a single server. In an upcoming video I will go over the steps required to set up an RDS deployment in a domain and with roles distributed across different servers.
Thank you very much for watching.
