These days I’m trying in depth Windows Server 2019. Today I chose to pay attention to Remote Desktop Services. The goal of my lab is to deploy a RDS Farm with all components and with the new HTML5 Remote Desktop Client. Even though I’m running my lab on Windows Server 2019, you can also deploy the HTML5 client on Windows Server 2016. In this topic, I wanted to share with you the steps I followed to deploy the Windows Server 2019 RDS farm.
To make this lab, I have deployed four virtual machines which are running Windows Server 2019:
- RDS-APP-01: RD Host Server that hosts the RemoteApp collection
- RDS-DKP-01: RD Host Server that hosts the Remote Desktop collection
- RDS-BRK-01: Hosts RD Broker and RD Licensing
- RDS-WEB-01: Hosts RD Web Access and RD Gateway
Then I have a public certificate for RD Web Access and RD Gateway role:
I have also a private certificate for RD Broker publishing and RD Broker connection. To create this certificate, I duplicated the Workstation Authentication ADCS template as described in this topic.
I have register both certificates in PFX (with private key) and in cer (just the public certificate).
Finally, I have two DNS zone:
- SeromIT.local: Active Directory forest zone
SeromIT.com: splitted zone: hosted by local domain controllers and by public provider. I use this zone to connect from Internet. In this zone I have created two registrations:
- Apps.SeromIT.com: leading to RDS-WEB-01 (CNAME)
- RDS-GW.SeromIT.com: leading to RDS-BRK-01 (CNAME) for the gateway
RDS farm deployment
To deploy the RDS farm, I use only PowerShell. In this way I can reproduce the deployment for other customers. First of all, I run a Remote Desktop deployment to configure a RD Web Access, a RD Broker and a RD Host Server:
New-RDSessionDeployment -ConnectionBroker RDS-BRK-01.SeromIT.local ` -SessionHost RDS-DKP-01.SeromIT.local ` -WebAccessServer RDS-WEB-01.SeromIT.local
Then I run a PowerShell cmdlet to add another RD Host Server, a RD Licensing and a RD Gateway role.
Add-RDServer -Server RDS-APP-01.SeromIT.local ` -Role RDS-RD-SERVER ` -ConnectionBroker RDS-BRK-01.SeromIT.local Add-RDServer -Server RDS-BRK-01.SeromIT.local ` -Role RDS-Licensing ` -ConnectionBroker RDS-BRK-01.SeromIT.local Add-RDServer -Server RDS-WEB-01.SeromIT.local ` -Role RDS-Gateway ` -ConnectionBroker RDS-BRK-01.SeromIT.local ` -GatewayExternalFqdn RDS-GW.SeromIT.com
Once these commands are run, the role deployment is finished:
Now we can configure the certificates.
To configure each certificate, I use again PowerShell. Remember, I have store both certificates in PFX in C:\temp\RDS of my broker server.
$Password = Read-Host -AsSecureString $Password = Read-Host -AsSecureString Set-RDCertificate -Role RDGateway ` -ImportPath C:\temp\RDS\wildcard_SeromIT_com.pfx ` -Password $Password ` -ConnectionBroker RDS-BRK-01.SeromIT.local ` -Force Set-RDCertificate -Role RDWebAccess ` -ImportPath C:\temp\RDS\wildcard_SeromIT_com.pfx ` -Password $Password ` -ConnectionBroker RDS-BRK-01.SeromIT.local ` -Force Set-RDCertificate -Role RDPublishing ` -ImportPath C:\temp\RDS\Broker.pfx ` -Password $Password ` -ConnectionBroker RDS-BRK-01.SeromIT.local ` -Force Set-RDCertificate -Role RDRedirector ` -ImportPath C:\temp\RDS\Broker.pfx ` -Password $Password ` -ConnectionBroker RDS-BRK-01.SeromIT.local ` -Force
Once these commands are executed, the certificate are installed for each role:
Now I create a collection to add resources inside the RD Web Access portal:
New-RDSessionCollection -CollectionName Desktop ` -CollectionDescription "Desktop Publication" ` -SessionHost RDS-DKP-01.SeromIT.local ` -ConnectionBroker RDS-BRK-01.SeromIT.local
Then from Server Manager, you can configure settings of this collection:
Enable HTML 5 Remote Desktop client
In this lab, I don’t want to use the legacy portal. I’d like to use the super cool new HTML5 RD client. To enable this client, I connect to the server hosting RD Web Access role and I run the following cmdlet:
Install-Module -Name PowerShellGet -Force -Confirm:$False
After, close and open again a PowerShell window. Then execute this command:
Install-Module -Name RDWebClientManagement -Confirm:$False
Then copy the RD Broker certificate in cer format into the RD Web Access server and run the following cmdlets:
Install-RDWebClientPackage Publish-RDWebClientPackage -Type Production -Latest
Now you can connect to the RD Web client by using the following URL: https://
I like the RD Web client for several reasons. First, you can connect to a RDS session from a HTML5 ready web browser. You don’t need anymore a compatible RD client and you can connect from several devices such as Mac, a Linux device or maybe a tablet or smartphone. Secondly, the HTML5 client doesn’t require settings for SSO like we did with the legacy portal. The deployment is easier as before. And finally I found this client more user friendly than the legacy portal. The only thing missing is the ability to enable the HTML5 client by a single click or PowerShell cmdlet, or to enable it by default.