How to Activate Remote Desktop Services in Windows Server 2019 May 15, 2021 htshosting Post in Server A comprehensive guide has been put together to ensure the convenience of those who need information on activating Remote Desktop Services in Windows Server 2019. Let us run you through the necessary steps involved in activating Remote Desktop Services in Windows Server 2019. First you need to log on to the Domain Controller Right-click on the “All Servers” option in Server Manager Add the second server using the “Add Servers” command or select the “All Servers” node, then click “Manage” and click “Add Servers” Now click “Manage”, and click “Add Roles & Features”. Click on the option “Before You Begin” Click “Next” Select “Installation Type” Select “Remote Desktop Services installation” Click Next Select “Deployment Type” Keep the default selection Click “Next” Select “Deployment Scenario” Select “Session-based desktop deployment” Click “Next” Select “Role Services” in “Review role services” Review the services that will be installed Click “Next” Select “RD Connection Broker” in “Specify RD Connection Broker server” Click the member server and click the Add button. Click “Next” Select “RD Web Access” in “Specify RD Web Access server” Check “Install the RD Web Access role service on the RD Connection Broker server” Click “Next” Select “RD Session Host” in “Specify RD Session Host servers” Click the member server and click the Add button Click “Next” Select “Confirmation” in “Confirm selections” Check “Restart the destination server automatically if required” Click “Deploy” You need to wait until all role services have been deployed and the member server restarts Click “Close” In Server Manager click Remote Desktop Services and scroll down to the “Overview” Click the Add “RD Licensing” server button Select a server Click the domain controller and click the Add button Click “Next” Confirm selections Click Add View progress Wait until the role service is deployed. No need to restart. Click Close Click the Add RD Gateway server button Select a server Click the member server and click the Add button Click Next Name the self-signed SSL certificate Enter the external Fully Qualified Domain Name which you will also use for the Web Access URL Click Next Confirm selections Wait until the role service has been deployed. Again, no need to restart. Click Close. Let us have a quick look at the configuration that we have so far In Server Manager, Remote Desktop Services, Overview, click Tasks and click Edit Deployment Properties. Configure the deployment Review the RD Gateway settings and notice what settings are available Click RD Licensing Configure the deployment Notice, an RD License server is available, but no license type is selected yet. Select a type Click RD Web Access Configure the deployment By default the RD Web Access IIS application is installed in /RdWeb. Click Certificates Configure the deployment Notice it, the certificate level currently has a status of “Not Configured”. Certificates are used for different goals within the deployment. Change the internal FQDN for the Connection Broker to an external FQDN Click OK Changing the Connection Broker FQDN to an externally resolvable FQDN Open DNS Manager on the domain controller and browse to Forward Lookup Zones. Right click Forward Lookup Zones Click New Zone Go through this wizard accepting the defaults until you have to enter a Zone Name Enter the external FQDN which will also be used by the Connection Broker Finish the rest of the wizard accepting the defaults Browse to the newly created zone Right click the newly created zone and click New Host (A or AAAA)… New Host Leave the Name field blank, but enter the member server’s (holding the RD Connection Broker role) IPv4 address Click Add Host Create a new Global Security Group called “RD Connection Brokers” and add the computer account for the member server to it as a group member Reboot the member server to let it know it’s a member of the RDS Connection Brokers security group The next steps in re-configuring the RD Connection Broker depend on an SQL database shared by all Connection Brokers in the deployment. Without this configuration the RD Connection Broker will rely on the Windows Internal Database that was created during the initial deployment of the roles Install SQL Express on the Domain Controller (or use an existing SQL Server if you already have one) Here’s a list of needed features: Click Default, and do not leave the wizard’s selection on Named instance: SQLEXPRESS Set the SQL Service to start using SYSTEM because the default account of SQLSERVER cannot be used on a Domain Controller. When the installation is done, open SQL Configuration manager and browse to Client Protocols under SQL Native Client 11.0 Configuration. Check if TCP/IP is enabled under Client Protocols. SQL Express install enables this by default, but check it just to be sure, especially if you use an existing SQL Server. Browse to Protocols for MSSQLSERVER, under SQL Server Network Configuration. Enable TCP/IP. If this is a new SQL installation, this will be disabled by default. Restart the SQL Server service if you changed this setting. On the SQL Server, make sure port 1433 is not being blocked by Windows Firewall. Add the SQL Server executable to the exception list to allow all inbound traffic, but TCP 1433 inbound should suffice. If you installed SQL Server using the default folder locations, the sqlservr.exe executable is found in “C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn”. Open SQL Server Management Studio, connect to the default instance on the Domain Controller and browse to Logins under Security. Remember the Management Studio is no longer available with the SQL Server download, but is a different download. Right click Logins and click New Login… Login – New Click Search… Select User, Service Account, or Group Click Object Types… and select Group Type the RDS Connection Brokers security group name and click Check Names Click OK Login – New Click Server Roles and select dbcreator Click OK The RDS Connection Broker server now has the right to create databases. Install the SQL Native Client on the member server (Client Components only). If you used the member server in this setup to install the SQL Management Studio, you can skip this step because the Native Client was installed with installing the Management Studio. In Server Manager click Remote Desktop Services and scroll down to the “Overview”. Right click RD Connection Broker and click Configure High Availability Before you begin Look at the pre-requisites. If you have more than one RD Connection Broker they need to be configured using DNS Round Robin. Click Next Configure RD Connection Broker for High Availability leave the default selected Click Next Configure RD Connection Broker for High Availability DNS name for the RD Connection Broker cluster: The DNS Zone name we configured in DNS earlier: rds.it-worxx.nl Connection string: DRIVER=SQL Server Native Client 11.0;SERVER=ITWDC;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=ITWRDCB Folder to store database files: C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA I used the instance default folder. Click Next Confirmation If you get an error before this page: Check if TCP/IP is enabled in client protocols and for your instance Check if you can reach port 1433 on the SQL Server from the member server Click Configure Progress If you get an error on this page: Check SQL permissions for the security group Check if the database path you entered is correct Click Close The RD Connection Broker is now in High Availability Mode, and configured as “rds.it-worxx.nl” and we are finally ready to complete the configuration. Configuring Certificates In Server Manager, Remote Desktop Services, Overview, click Tasks and click Edit Deployment Properties, then click Certificates. Configure the deployment Click RD Connection Broker – Enable Single Sign On and click Select Existing certificate Browse to the .pfx file, enter its password, and check Allow the certificate.. Click OK Click Apply. This takes a little while, be patient. Configure the deployment Click RD Connection Broker – Publishing and click Select Existing certificate Browse to the .pfx file, enter its password, and check Allow the certificate.. Click OK. Click Apply. This again takes a little while, be a little more patient. Configure the deployment Click RD Web Access and click Select Existing certificate Browse to the .pfx file, enter its password, and check Allow the certificate.. Click OK Click Apply again. This takes another little while longer, be slightly more patient Configure the deployment Click RD Gateway Click Select Existing certificate Browse to the .pfx file, enter its password, and check Allow the certificate.. Click OK. Click OK to apply the final certificate step Configured all servers, configured certificates.. One thing left to do: Tell our RDS environment exactly what to publish. Publishing resources to your users In fact you can use this setup to either provide full desktop sessions on the Session Host, or you can choose to publish only applications on the Session Host. Let’s publish full desktop sessions. In Server Manager, Remote Desktop Services, Session Collections, click Tasks and click Create Session Collection. Before you begin Review the requirements. This won’t be an issue in this setup, but you could restrict access to this collection by selecting a select group of people. Click Next Name the collection Enter a descriptive name. This name will be displayed under its icon in the Web Access interface. Click Next Specify RD Session Host servers Click the member server and click the Add button Click Next Specify user groups You can limit access to the resource here if you want to do that. Click Next Specify user profile disks Uncheck Enable user profile disks for now Click Next Confirm selections Review the information and click Create. View Progress Wait until the collection is created and the server is added to the collection Click Close