Microsoft Silver Partner

Microsoft Silver Partner

mobile-logo
22 May

How to Setup Remote Desktop Services RDS 2019 Farm on Azure

by Andrew Fitzgerald
in Azure
Comments

To setup/install an RDS farm in Azure, the quickest and easiest way to do it, is to use our deployment Azure template that fully sets up a 2019 Remote desktop services farm.

 

setup RD on Azure

 

Post Deployment Configuration / Setup

After deploying RDS in Azure, there are some post configuration steps in order to allow users to start logging in.

 

First is to confirm the deployment has completed successfully. It normally takes just over an hour to complete the installation, depending on how many RDS Hosts were selected during the deployment.

 

Within Azure navigate to the Resource Group the RDS 2019 farm was deployed to and click on ‘deployments

 

rds azure deployment

 

 

To get the RDS web URL address, if you click on cloud-infrastructure-services.rds-2019-basic-depl and then click on Output, you will find the URL to login to your RDS desktop collection.

 

RDS-WEB-URL

 

 

Post Deployment RDS Powershell Script

 

Run the following Powershell script to check the connectivity to RDWeb and also checks the certificates. If you are using a self signed certificate (which this deployment uses as part of the installation), it will download the certificate to your computers local certificate store, allowing you to connect and test the connectivity.

 

post-deployment-script

 

RDS Farm Certificates

 

If you are going to run a Remote Desktop Services farm in a production environment, its recommended to use either an externally purchased SSL trusted root certificate or use an internal PKI cert if you have a root certificate server.  This way all users connecting will have a trusted cert in their local computer store.  You can however also use self signed RD Gateway certificate that was generated during the deployment and use a GPO from your Active Directory domain to deploy the certificates to users local certificate store (not recommended for production sensitive environments).

 

Manage the RDS Deployment Using Server Manager

 

To view and manage Remote Desktop Services from Server Manager we recommend that you remotely connect to the RD Connection Broker server and open Server Manager.

 

This can be done by running mstsc.exe (RDP client), entering the name of the connection Broker server name and log on using the domain administrator credentials. Once logged onto the RD Connection Broker server, launch Server Manager, select Manage and Add servers . In the Add servers dialog select Find now , select all of the servers (‘RDSbroker’, ‘RDSgateway’, and all the RD Session Host servers), and select OK . Now select Remote Desktop Services in Server Manager and you will see something similar:

RD-Broker

 

Now you could add more users to your AD, configure Gateway and Single-Sign-On (SSO) certificates, and have the new users connect and use your new Remote Desktop Services deployment running in Azure.

 

Manage RDS Desktop Collection Users

 

It’s recommended to create an AD group and put users into this group who will require access to the RDS farm.

 

Once you’ve created the users and groups in Active Directory, you can add some granularity regarding who has access to the Remote Desktop collections in your deployment.

 

  1. Connect to the server running the Remote Desktop Connection Broker (RD Connection Broker) role.
  2. Add the other Remote Desktop servers to the RD Connection Broker’s pool of managed servers (if not already done):
    1. In Server Manager click Manage > Add Servers.
    2. Click Find Now.
    3. Click each server in your deployment that is running a Remote Desktop Services role, and then click OK.

  3. Edit a collection to assign access to specific users or groups:

    1. In Server Manager click Remote Desktop Services > Overview, and then click a specific collection (Desktop Collection).
    2. Under Properties, click Tasks > Edit properties.
    3. Click User groups.
    4. Click Add and enter the user or group that you want to have access to the collection. You can also remove users and groups from this window by selecting the user or group you want to remove, and then clicking Remove.

 

Licencing RDS 2019 Farm

 

The Azure RDS 2019 Farm deployment comes installed with a 120 grace period. After this time you will have to purchase a licence in order for users to connect.  The deployment is configured with Per User CALs.

 

Activate the license server

 

Login to the RDS Broker server.

 

  1. Open the Remote Desktop Licensing Manager: click Start > Administrative Tools > Remote Desktop Services > Remote Desktop Licensing Manager.
  2. Right-click the license server, and then click Activate Server.
  3. Click Next on the welcome page.
  4. For the connection method, select Automatic connection (recommended), and then click Next.
  5. Enter your company information (your name, the company name, your geographic region), and then click Next.
  6. Optionally enter any other company information (for example, email and company addresses), and then click Next.
  7. Make sure that Start Install Licenses Wizard now is not selected (we’ll install the licenses in a later step), and then click Next.

 

Your license server is now ready to start issuing and managing licenses for upto 120 days as part of Microsoft’s grace period.

 

activated-terminal-services-licence

 

 

Install RDS CAL Licences

 

If you have purchased CAL licences for your RDS deployment, these are the steps to add the licence to your Licence server (required before the 120 grace period).

 

Login to your RDS Broker server.

 

Once the CALs are installed, the license server will issue them to users as appropriate.

 

Note: You need Internet connectivity on the computer running Remote Desktop Licensing Manager but not on the computer running the license server.

 

  1. On the license server (The first RD Connection Broker), open the Remote Desktop Licensing Manager.
  2. Right-click the license server, and then click Install licenses.
  3. Click Next on the welcome page.
  4. Select the program you purchased your RDS CALs from, and then click Next. If you are a service provider, select Service Provider License Agreement.
  5. Enter the information for your license program. In most cases, this will be the license code or an agreement number, but this varies depending on the license program you’re using.
  6. Click Next.
  7. Select the product version, license type, and number of licenses for your environment, and then click Next. The license manager contacts the Microsoft Clearinghouse to validate and retrieve your licenses.
  8. Click Finish to complete the process.

 

installing-paid-licence-option

 

RDS Farm Firewall Ports

 

As part of the Azure RDS deployment, an NSG is created and the following firewall ports are configured to allow access to the RDS Gateway server via an Azure Load Balancer:

 

  • 443
  • 3391
  • 3389

 

Support

 

If you have any questions about the setup of RDS in Azure using our RDS 2019 Deployment solution, leave your comments below and we will reply within 24 hours.

Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud

5 1 vote
Article Rating
Subscribe
Notify of
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Adrian

Can this be used to access External Resources? By external i mean that i want to be able to connect from my PC through the RDS GW using RDP to a Internet IP.

0
Andrew Fitzgerald

Yes you can access your internal network from the Internet and vice versa.

0
2
0
Would love your thoughts, please comment.x
()
x