By default Windows Server 2016 sets external remote desktop access to disabled as a security measure, we can easily optionally enable it from within the server console to everyone or a specific set of users or groups. See full list on docs.microsoft.com.
- Limit Windows Server 2016 RDP Sessions To One
- Windows Server 2016 Remote Desktop Services 5-user Cal
- CPU/Memory Usage Per User
- Windows Server 2016 Remote Desktop Services Licensing Crack
Last updated on February 27th, 2020
I installed windows server 2016 for a small company, so I don't need to have domain controller on this installation and for RDS I only need RD Licensing and RD Session Host roles. But only with that roles theres is no Remote Desktop Gateway which is used in many tutorials to install SSL certificate on terminal server (like here: https. Introduction This is a comprehensive guide for installing RDS services to a Windows Server 2016. We will see in great detail how to enable the Remote Desktop Roles, Activate the RDS licenses and make the final configuration to make it work. By default Windows Server 2016 sets external remote desktop access to disabled as a security measure, we can easily optionally enable it from within the server.
This article contains step by step instructions on how to install and configure the Remote Desktop Services on a Windows Server 2016 or 2012. In Windows Server 2016 & 2012 the Terminal Services role has been replaced by the Remote Desktop Session Host (RDSH) role service and is part of Remote Desktop Services (RDS). A Remote Desktop Session Host (RDSH) server, provides to remote users the ability to access the applications on the RDS host server and the company resources from anywhere by using an RDP client.
In this tutorial you 'll learn how to setup and configure a Windows Server 2016 or 2012 as a Remote Desktop Session Host (Terminal) server, in order to provide remote desktop sessions, based on the number of Remote Desktop Services client access licenses (RDS CALs) installed on the RDSH server.
How to Setup and Configure a Windows Server 2016/2012 as a Remote Desktop Session Host Server (Terminal Server).
Notes:
1. The mentioned steps below, can be applied either on a Domain Controller or in a standalone server 2016/2012.
2. If the Terminal services are installed on a server that will act as a Domain Controller also, then first install the Active Directory Domain Service (AD DS) role service and promote the Server to a Domain Controller, before installing the Remote Desktop Session Host (RDSH) role service (Terminal Service).
3. Keep in mind that the below configuration does provide access to RemoteApp programs or the RDWeb site, because the Remote Desktop Connection Broker role service will not be installed.
Limit Windows Server 2016 RDP Sessions To One
Step 1. Install Remote Desktop Services on Server 2016/2012.
Step 2. Activate the Remote Desktop License Server.
Step 3. Install Licenses on the Remote Desktop License Server.
Step 4. Configure RD Session Host role to use the local Remote Desktop Licensing server & Set the Remote Desktop licensing mode.
Step 5. Add RD Clients (Users) to the Remote Desktop Users Group.
Step 6. Allow the log on through remote desktop Services.
Step 1. Install Remote Desktop Licensing and Remote Desktop Session Host role services.
1. Open 'Server Manager' and click on Add Roles and Features.
2. At the first screen of 'Add Roles and Features wizard' leave the Role-based or feature-based installation option and click Next.
3. At the next screen, leave the default option 'Select server from the server pool' and click Next.
4. Select the Remote Desktop Services and click Next.
5. Leave the default settings and click Next at Features and Remote Desktop Services screens.
6. At Role Services screen, select the Remote Desktop Licensing role service and then click Add Features.
7. Then select the Remote Desktop Session Host role service and click Add Features again.
8. When done, click Next to continue.
9. Finally click Install to install the Remote Desktop Services: Remote Desktop Licensing and Remote Desktop Session Host.
10. When the installation is completed close the 'Add Roles and Features Wizard' and restart your server.
Step 2. Activate the Remote Desktop License Server.
1. Simultaneously press the Windows + R keys to open run command box.
2. Type licmgr.exe and press Enter to open the RD Licensing Manager *
* Note: Alternately, you can launch the RD Licensing Manager, from Control Panel –> Administrative Tools –> Remote Desktop Services –> Remote Desktop Licensing Manager.
3. At the right pane, right click on the server name and select Activate Server.
4. Click Next at the Welcome screen and then click Next again at Connection method options.
Windows Server 2016 Remote Desktop Services 5-user Cal
5. At 'Company Information' window, fill the required fields and click Next twice to activate your License Server.
6. When the activation is completed, leave checked the 'Start Install Licenses Wizard' checkbox and click Next.
7. Continue to next step.
Step 3. Install Licenses on the Remote Desktop License Server.
1. At 'Welcome to the install licenses wizard', click Next
2. On the License Program page, select the appropriate program through which you purchased your RDS CALs, and then click Next.
3. According the License Program you selected on the previous page, type either the license code or the agreement number provided when you purchased your RDS CALs and then click Next.
4. On the Product Version and License Type page, select the appropriate product version, license type, and the quantity of the RDS CALs based on your RDS CAL purchase agreement, and then click Next.
5. When the RDS CALs installed on the server, click Finish. *
TIP: If you cannot activate the RDS Server automatically, then try to activate it using the Web Browser or via Telephone. To do that:
a. Right-click on the Server's name and select Properties.
b. Change the Connection Method to Web Browser or to Telephone.When done, click OK.
c. Finally, right click on the server name, select Activate Server and follow the onscreen instructions to completed the activation.
Step 4. Configure RD Session Host role to use the local Remote Desktop Licensing server & Set the Remote Desktop licensing mode.
1. Open Group Policy Editor. To do that:
1. Simultaneously press the Windows + R keys to open run command box.
2. Type gpedit.msc and press Enter.
2. In Group Policy Editor navigate to:
- Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session Host Licensing
3. At the right pane, double click at Use the specified Remote License Servers.
4. Click Enabled, and then at 'License server to use' field, type the RDS license server name and click OK.
5. Then open the Set the Remote Desktop licensing mode setting.
6. Click Enabled and then specify the licensing mode (Per User or Per Device) for the RDS host server and then click OK again.
CPU/Memory Usage Per User
7.Close Group Policy Editor.
8. Verify the RD Licensing configuration, by going to: Windows Control Panel –> Administrative Tools –> Remote Desktop Services –> RD Licensing Diagnoser.
Step 5. Add RD Clients (Users) to the Remote Desktop Users Group.
1. Open Server Manager.
2. From Tools menu, select Active Directory Users and Computers. *
* Note: If the RD Session Host Service is not installed on the Domain Controller, use the 'Local Users and Groups' snap-in or the 'Remote' tab in the 'System Properties' on the RDS host server, to add the remote desktop users.
3. Double click at your domain on the left and then select Builtin.
4. Open Remote Desktop Users on the right pane.
5. At Members tab, click Add.
6. Type the name(s) of the users that you want to give Remote access to the RDS Server and click OK.
7. After selecting the remote desktop users, click OK again to close the window.
8. Continue to step-6 below.
Step 6. Allow the log on through remote desktop Services.
1. Open the Local Group Policy Editor. To do that:
1. Simultaneously press the Windows + R keys to open run command box.
2. Type gpedit.msc and press Enter.
2. In Group Policy Editor navigate to: Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
3. At the right Pane: double click at Allow log on through Remote Desktop Services.
4. Click Add User or Group.
5. Click Object Types, check all the available objects (Users, Groups, & Built-in security principals) and then click OK.
6. Type remote desktop users and then click OK.
7. Finally click OK again and close Group Policy Editor.
8. Now you 're ready to connect to the Remote Desktop Session Host Server 2016/2012 from any Remote desktop client.
That’s it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
We're hiring
We're looking for part-time or full-time technical writers to join our team! It's about a remote position that qualified tech writers from anywhere in the world can apply. Click here for more details.
Full household PC Protection - Protect up to 3 PCs with NEW Malwarebytes Anti-Malware Premium!
Applies To: Windows Server 2016, Windows Server 2019
When it comes to supported configurations for Remote Desktop Services environments, the largest concern tends to be version interoperability. Most environments include multiple versions of Windows Server - for example, you may have an existing Windows Server 2012 R2 RDS deployment but want to upgrade to Windows Server 2016 to take advantage of the new features (like support for OpenGLOpenCL, Discrete Device Assignment, or Storage Spaces Direct). The question then becomes, which RDS components can work with different versions and which need to be the same?
So with that in mind, here are basic guidelines for supported configurations of Remote Desktop Services in Windows Server.
Note
Make sure to review the system requirements for Windows Server 2016 and system requirements for Windows Server 2019.
Best practices
Use Windows Server 2019 for your Remote Desktop infrastructure (the Web Access, Gateway, Connection Broker, and license server). Windows Server 2019 is backward-compatible with these components, which means a Windows Server 2016 or Windows Server 2012 R2 RD Session Host can connect to a 2019 RD Connection Broker, but not the other way around.
For RD Session Hosts - all Session Hosts in a collection need to be at the same level, but you can have multiple collections. You can have a collection with Windows Server 2016 Session Hosts and one with Windows Server 2019 Session Hosts.
If you upgrade your RD Session Host to Windows Server 2019, also upgrade the license server. Remember that a 2019 license server can process CALs from all previous versions of Windows Server, down to Windows Server 2003.
Follow the upgrade order recommended in Upgrading your Remote Desktop Services environment.
If you are creating a highly available environment, all of your Connection Brokers need to be at the same OS level.
RD Connection Brokers
Windows Server 2016 removes the restriction for the number of Connection Brokers you can have in a deployment when using Remote Desktop Session Hosts (RDSH) and Remote Desktop Virtualization Hosts (RDVH) that also run Windows Server 2016. The following table shows which versions of RDS components work with the 2016 and 2012 R2 versions of the Connection Broker in a highly available deployment with three or more Connection Brokers.
| 3+ Connection Brokers in HA | RDSH or RDVH 2019 | RDSH or RDVH 2016 | RDSH or RDVH 2012 R2 |
|---|---|---|---|
| Windows Server 2019 Connection Broker | Supported | Supported | Supported |
| Windows Server 2016 Connection Broker | N/A | Supported | Supported |
| Windows Server 2012 R2 Connection Broker | N/A | N/A | Not Supported |
Support for graphics processing unit (GPU) acceleration
Remote Desktop Services support systems equipped with GPUs. Applications that require a GPU can be used over the remote connection. Additionally, GPU-accelerated rendering and encoding can be enabled for improved app performance and scalability.
Remote Desktop Services Session Hosts and single-session client operating systems can take advantage of the physical or virtual GPUs presented to the operating system in many ways, including the Azure GPU optimized virtual machine sizes, GPUs available to the physical RDSH server, and GPUs presented to the VMs by supported hypervisors.
See Which graphics virtualization technology is right for you? for help figuring out what you need. For specific information about DDA, check out Plan for deploying Discrete Device Assignment.
GPU vendors may have a separate licensing scheme for RDSH scenarios or restrict GPU use on the server OS, verify the requirements with your favorite vendor.
GPUs presented by a non-Microsoft hypervisor or Cloud Platform must have drivers digitally-signed by WHQL and supplied by the GPU vendor.
Remote Desktop Session Host support for GPUs
The following table shows the scenarios supported by different versions of RDSH hosts.
| Feature | Windows Server 2008 R2 | Windows Server 2012 R2 | Windows Server 2016 | Windows Server 2019 |
|---|---|---|---|---|
| Use of hardware GPU for all RDP sessions | No | Yes | Yes | Yes |
| H.264/AVC hardware encoding (if suppported by the GPU) | No | No | Yes | Yes |
| Load balancing between multiple GPUs presented to the OS | No | No | No | Yes |
| H.264/AVC encoding optimizations for minimizing bandwidth usage | No | No | No | Yes |
| H.264/AVC support for 4K resolution | No | No | No | Yes |
VDI support for GPUs
The following table shows support for GPU scenarios in the client OS.
| Feature | Windows 7 SP1 | Windows 8.1 | Windows 10 |
|---|---|---|---|
| Use of hardware GPU for all RDP sessions | No | Yes | Yes |
| H.264/AVC hardware encoding (if suppported by the GPU) | No | No | Windows 10 1703 and later |
| Load balancing between multiple GPUs presented to the OS | No | No | Windows 10 1803 and later |
| H.264/AVC encoding optimizations for minimizing bandwidth usage | No | No | Windows 10 1803 and later |
| H.264/AVC support for 4K resolution | No | No | Windows 10 1803 and later |
RemoteFX 3D Video Adapter (vGPU) support
Note
Because of security concerns, RemoteFX vGPU is disabled by default on all versions of Windows starting with the July 14, 2020 Security Update and removed starting with the April 13, 2021 Security Update. To learn more, see KB 4570006.
Remote Desktop Services supports RemoteFX vGPUs when VM is running as a Hyper-V guest on Windows Server 2012 R2 or Windows Server 2016. The following guest operating systems have RemoteFX vGPU support:
- Windows 7 SP1
- Windows 8.1
- Windows 10 1703 or later
- Windows Server 2016 in a single-session deployment only
Discrete Device Assignment support
Remote Desktop Services supports Physical GPUs presented with Discrete Device Assignment from Windows Server 2016 or Windows Server 2019 Hyper-V hosts. See Plan for deploying Discrete Device Assignment for more details.
VDI deployment – supported guest OSes
Windows Server 2016 and Windows Server 2019 RD Virtualization Host servers support the following guest OSes:
- Windows 10 Enterprise
- Windows 8.1 Enterprise
- Windows 7 SP1 Enterprise
Note
- Remote Desktop Services doesn't support heterogeneous session collections. The OSes of all VMs in a collection must be the same version.
- You can have separate homogeneous collections with different guest OS versions on the same host.
- The Hyper-V host used to run VMs must be the same version as the Hyper-V host used to create the original VM templates.
Single sign-on
Windows Server 2016 and Windows Server 2019 RDS supports two main SSO experiences:
- In-app (Remote Desktop application on Windows, iOS, Android, and Mac)
- Web SSO
Using the Remote Desktop application, you can store credentials either as part of the connection info (Mac) or as part of managed accounts (iOS, Android, Windows) securely through the mechanisms unique to each OS.
To connect to desktops and RemoteApps with SSO through the inbox Remote Desktop Connection client on Windows, you must connect to the RD Web page through Internet Explorer. The following configuration options are required on the server side. No other configurations are supported for Web SSO:
Windows Server 2016 Remote Desktop Services Licensing Crack
- RD Web set to Forms-Based Authentication (Default)
- RD Gateway set to Password Authentication (Default)
- RDS Deployment set to 'Use RD Gateway credentials for remote computers' (Default) in the RD Gateway properties
Note
Due to the required configuration options, Web SSO is not supported with smartcards. Users who login via smartcards might face multiple prompts to login.
For more information about creating VDI deployment of Remote Desktop Services, check out Supported Windows 10 security configurations for Remote Desktop Services VDI.
Using Remote Desktop Services with application proxy services
You can use Remote Desktop Services with Azure AD Application Proxy. Remote Desktop Services does not support using Web Application Proxy, which is included in Windows Server 2016 and earlier versions.