Microsoft RDS – Thoughts and walkthrough 2/3

Microsoft RDS – Thoughts and walkthrough 1/3 – Introduction, architecture and installation
Microsoft RDS – Thoughts and walkthrough 2/3 – Setup, security and optimization
Microsoft RDS – Thoughts and walkthrough 3/3 – SP1 and Remote FX – Citrix

Now everything is install, we need to configure and establish a communication between each component. Here we go, first we need to authorize TESTRDS1, TESTRDS2 and TESTRDSINFRA to exchange information about their RDS roles :

On TESTINFRA, in the local group TS WEB Access Computers you need to add TESTRDS1 and TESTRDS2 serveurs :

On TESTRDS1 and TESTRDS2, make sure to add TESTINFRA to the very same group

Then on TESTINFRA, through the Server Manager console, you need to go in Remote Desktop Services  / Remote Desktop Connection Manager and then click on RD Web Access Server make sure all the machine are added :

Now, still on TESTINFRA, web need to add the two Remote Session host servers to the Session Broker Computers local group

This is now the DNS part, we need to create two (A) records, I chose applications and you’ll need the two IP addresses of your RD servers.

In my case it mean : TESTRDS1 = 192.168.0.11 and TESTRDS2 = 192.168.0.18

Now we need to configure the two session host servers (TESTRDS1 / TESTRDS2) to use the broker (TESTINFRA), to do so, on TESTRDS1 and TESTRDS2, go through the server manager console to the Remote Desktop Session Host Configuration and double click on the option, Member of farm in RD connection broker:

And change as follow :

And finally, configure RemoteApp (on TESTRDSINFRA) to Connect to the RD Server Farm (TESTRDS1 and TESTRDS2)

Don’t forget to make the change on both servers (TESTRDS1 & TESTRDS2) then we need to configure the Connection Broker for RemoteApp Programs (on TESTRDSINFRA) by changing the following options (right click on the main panel) and fill the information by the name you chose to add earlier in the DNS.

We’re done for the configuration part, now we can test (don’t forget to publish some application), launch Internet Explorer and type the url of you Web Access server, for it look like : http://testrdsinfra.suomi.inc/rdweb

Beside the warning we got because we didn’t deploy any certificate, everything is working well and it looks good.

I tested a bit and tried to connect with a old Wyse Sx0 / Winterm S30 and I faced a weird issue connecting directly to the RDS desktop, I had to logon two time. This is an issue with the RDP version used by this device, only RDP 6.1 and 7 are ok with this issue. It’s a bit weird because I tried to look for a KB on the Microsoft website and I didn’t find anything…

Now we need to setup the certificate part to get rid of most of the pop-up we got while opening an application and we begin by the Web Access, on TESTRDSINFRA, open you IIS and do as follow to generate the CSR. I will use my own Certificate Authority (Microsoft and Local)

So the CSR is done, now I move on my local Certificate Authority to continue :

Now back to our IIS on TESTINFRARDS to apply this new certificate

The you need to edit the binding of the default website :

And give a try :

The certificate is installed, no more messages to accept before being able to see the Web Access logon page. Now the very latest step to add a certificate on the remote host servers TESTRDS1 and TESTRDS2 to sign the rdp files. You can us the same step as above to generate a certificate, I generated one for each Session Host servers, then follow the next step :

And then in RD Session Host Configuration, double clic on the RDP-Tcp protocol and make this change :

Check the box, “Allow connections only from computers running…..”

And you’re all set !

Resources :
TS Session Broker Load Balancing Step-by-Step Guide

Microsoft RDS – Thoughts and walkthrough 1/3 – Introduction, architecture and installation
Microsoft RDS – Thoughts and walkthrough 2/3 – Setup, security and optimization
Microsoft RDS – Thoughts and walkthrough 3/3 – SP1 and Remote FX – Citrix

Post author