Sunday, 13 January 2013

How To Build a 2008 R2 Remote Desktop Services Farm

Below are brief walkthrough notes on how to create an RDS farm in a VMware environment (Brief in a sense that there’s a good bit of info to get started, 13 reference pictures, and outlines step by step from initial design to finally cloning the first session host multiple times to create the farm. Highly recommend the following posts by Aaron Walrath for more detail: Installing and Configuring RDS on Windows Server 2008 R2 and Configuring RDS Farm Connection Broker.)

0. Design

RDS00 – Web Access*, Licensing, Gateway, Connection Broker
RDS01 – 1st Session Host (and will clone for subsequent hosts)
RDS02 to RDS05 – Other Session Hosts
*We could have multiple Web Access Servers (perhaps even each Session host as a Web Access Server which would be overkill for most environments) here we’ve gone for just the one.

1. Prepare AD

New Global Security Group: RDS Users Group
New OU: RDS Servers (for the session hosts RDS01…X)

2. Install first RDS01 as the 1st Session Host

VMware Tools is installed prior to installing RDS Session Host.

Install Remote Desktop Session Host
RDS01 – install Remote Desktop Services Role

Specify Authentication Method for Remote Desktop Session Host:
Choose ‘Do not require Network Level Authentication’ if have legacy clients pre-Windows 7

Specify Licensing Mode:
Choose ‘Configure later’ – RDS Licensing server is done later

Select User Groups Allowed Access To This RD Session Host Server:
Choose users and groups

Configure Client Experience:
Choose options – here we tick for Audio, Video, and recording for functionality with dictation softwares, but not the Windows Aero elements

The Desktop Experience Feature includes:
Windows Calendar, Windows Mail, Windows Media Player, Desktop themes, Video for Windows (AVI support), Windows Photo Gallery, Windows SideShow, Windows Defender, Disk Cleanup, Sync Center, Sound Recorder, Character Map, Snipping Tool

Confirm Installation Selections:
Click Install

And restart.

Some Registry Settings for RDS in a VMware Environment
Set Read Access for users logging on to the server to the key: HKEY_LOCAL_MACHINE\Software\VMWare. Inc.\VMWare Tools
Set Value ShowTray = 0 on: HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools

Install Apps


3. Install RDS00 as the RDL, RDCB, RDG, RDWA

RDS00 install Remote Desktop Services >
- Remote Desktop Licensing
- Remote Desktop Connection Broker
- Remote Desktop Gateway (and add required role services)
- Remote Desktop Web Access (and add required role services)

Configure Discovery Scope for RD Licensing:
Leave unchecked the ‘Configure a discovery scope for this license server’

Default location for the RD Licensing database is C:\Windows\system32\LServer

Choose a Server Authentication Certificate for SSL Encryption:
Either choose an existing certificate, create self-signed, or we can ‘Choose a certificate for SSL encryption later’

Create Authorization Policies for RD Gateway:
Choose now or later

Network Policy and Access Services:
NPS is required with Remote Desktop Gateway and cannot be de-selected, choose any additional NPAS role services if required and continue

Web Server (IIS)
IIS is required with RDG and RDWA, choose any additional IIS role services if required and continue

Confirm Installation Selections:
Click Install

And restart taking a note of any warnings.

Further configuration


4. Fixing the Certificate Error and Other Annoying Little Things
http://community.spiceworks.com/how_to/show/15809-dealing-to-the-annoying-certificate-errors-and-multiple-credential-requests-in-remote-desktop-services-2008-r2

5. Group Policies, TS Profiles, and Folder Redirection

For consideration!

6. Cloning The First Session Host to Make RDS02 to RDS05

- Clone the server
- Power the clone server up with network disconnected
- Disjoin from the domain
- Set network to DHCP
- Sysprep the server and shutdown
- Clone server as many times as needed and bring back online
- Perform setup
- Configure with static IP and hostname
- Reboot and re-enable the network connection
- Join clones to the domain
- Take the new group of servers and join them to session broker and RDS farm

Note: There is a limit of 3 syspreps before requiring re-arm. The first session host (or whatever session host is later decided to be sysprep-ed) is never actually sysprep-ed, just the clone, hence we can keep adding/removing apps and follow the clone process to create new session hosts.

5 comments:

  1. Did you sysprep the server using the generalize button? When I choose generalize I am unable to RDP back onto the server. Without generalize it is OK.

    ReplyDelete
  2. Great article. I noticed you used the number "2." twice. Threw me off... I kept looking for 3. !!
    Very helpful once again.

    ReplyDelete
  3. That's half-guide of preparing to build a farm. Starting with creating RDS OU and RDS Group... and what's next? What should be included in that OU and in that group?
    Create a separate server as RDL, RDCB, RDG, RDWA and then? Nothing how about creating Farm, including RD Hosts in the farm, nothing about Folder Redirection or lets call it Roaming Profiles and etc.
    As I said, half of the guide how to start building a farm installing Roles on specified servers, but nothing how to setup that farm. Even as a Quick Note is not enough.
    It's true. For me was easier to write my opinion about this guide instead of writing my personal guide on a Blog that I don't have. But lets be honest and look at this from another angle.

    ReplyDelete
    Replies
    1. Hello Lone Admin,
      I get your point, it's far from being even half a guide to be honest. You've got to put it into context though, when I was faced with having to build my first ever RDS farm (then working as a jack-of-all-trades IT delivery consultant), these notes were enough to get me pointing in the right direction. If you want all the gory details of building an RDS farm, a Lone Bloggers ramshackle blog isn't the place to expect to find them.
      Thanks for comment and thanks for reading too,
      vCosonok

      Delete