Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Simplify Remote Desktop Connection Login in RDS

RRAS, VPN, TS/RDP, Routing and remote Access.

Simplify Remote Desktop Connection Login in RDS

Postby chicagotech » Tue Sep 26, 2017 5:08 pm

Currently, we have many outside clients access our system using remote desktop connecting our Windows 2008 R2 server directly. We are creating RDS on Windows 2012 R2 replacing Windows 2008 R2 remote servers. The new RDS works and users can access rdweb. The way to access RD Host Servers involves many steps: 1. login https://www.ourdomain.com/rdweb.

2. Now, the remote user clicks "Connect to a remote PC".

3. Then, the user enters DNS Round Robin for Session Host Servers. Click "Connect" to login the Host Servers.

Is it possible that the user just enters the hostname or FDNS to login the Host Servers like using RDP without the above steps?
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7086
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: Simplify Remote Desktop Connection Login in RDS

Postby chicagotech » Tue Sep 26, 2017 5:09 pm

I am sorry that I am a little unclear about the request, you still want to use RDWeb, but you want to know if we can simplify steps, right? Because, as your description, it seems like using the MSTSC.exe to login to the server directly may be a preferable option for you.

In addition, if you still want to use RDWeb and would like to simplify the steps. Based on my experience, we can try to enable SSO in RDWeb so that we do not need to input the credential every time. Then please also try to publish your desktop or mstsc.exe as a Remoteapp to check if this can meet your request.

How to enable SSO:

Remote Desktop Web Access single sign-on now easier to enable in Windows Server 2012

https://blogs.technet.microsoft.com/ent ... rver-2012/
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7086
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: Simplify Remote Desktop Connection Login in RDS

Postby chicagotech » Tue Sep 26, 2017 5:10 pm

Yes, if it is possible, I would like use MSTSC.exe instead of rdweb. However, the problem is this is RDS environment meaning we have RD gateway, RD Broker, RD Host Server.

If I use MSTSC.exe/remote desktop connection and enter RD gateway FDNS, it login RD Gateway instead of Host server. Also I don't want to use MSTSC.exe login host server directly because I need RD Broker for load balance.

The question may be how we use MSTSC.exe login host server through RD gateway. Or How can we forward RDP traffic from RD gateway to RD host server?
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7086
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: Simplify Remote Desktop Connection Login in RDS

Postby chicagotech » Tue Sep 26, 2017 5:10 pm

Based on my research, you can try creating the RDS Farm with DNS Round Robin referring to the following link:

https://ryanmangansitblog.com/2013/03/3 ... und-robin/

Note: The above content includes the third party link. The content might be changed and Microsoft does not guarantee the accuracy of information in it.

After that, users can use the farm name in MSTSC.exe to connect to the farm.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7086
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: Simplify Remote Desktop Connection Login in RDS

Postby chicagotech » Tue Sep 26, 2017 5:11 pm

Thank you for the tip. However, I ma not sure how it works.

For example, Our public IP points to rdgateway.ourdomain.com for rdweb. We can also create FDNS dnsfarm.ourdomain.com for RDS Farm with DNS Round Robin. However, we have two private IP addresses for host servers pointing to RDS Farm. How do you configure firewall?

Also, we use wildcard SSL (*ourdomain.com) for rdgateway.ourdomain.com, but how do you install wildcard SSL for dnsfarm.ourdomain.com because we don't have physical server for dnsfarm.ourdomain.com? dnsfarm.ourdomain.com is just RDS Farm with DNS Round Robin.

Please help.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7086
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: Simplify Remote Desktop Connection Login in RDS

Postby chicagotech » Tue Sep 26, 2017 5:11 pm

For firewall configuration, could you please specify what your concern is?

Based on my knowledge, on RD Gateway, TCP port 443 should be open to allow traffic from clients. Then RD Gateway will forward the traffic to RD Session Host. The Session Hosts should be configured to open TCP port 3389 to allow traffic from RD Gateway’s IP (if there are multiple RD Gateway that configured for HA, then the private IP of HA should be used).

For wildcard SSL, in my experience, the wildcard also works with the farm DNS name. Besides, please help verify that the certificate has been assigned to RD Session Hosts.
•Run “mmc” and add Certificates snap-in with computer account
•Import the certificate in Local Computer\Personal store
•Then run the following command with administrator privilege
•wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="e2f034c171b92afc96b23b7f4da15728c1e461a9"
•Note: modify the certificate's thumbprint before running the command
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7086
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: Simplify Remote Desktop Connection Login in RDS

Postby chicagotech » Tue Sep 26, 2017 5:11 pm

1. How do you do that "The Session Hosts should be configured to open TCP port 3389 to allow traffic from RD Gateway’s IP". Let me give you an example. If I use MSTSC.exe to access RD Gateway, it accesses the RD Gateway, not RD Host server. Where and how do you configure to allow traffic from RD Gateway to RD Host server?


2. I know how to install SSL, but I don't know where to install SSL for RDS Farm with DNS Round Robin. These are all RD servers we have:

RD Gateway - *ourdomain.com installed

RD Broker - *ourdomain.com installed

RD Web Access - *ourdomain.com installed

RD Host server - *ourdomain.com installed

where or which server do you install *ourdomain.com installed for RDS Farm with DNS Round Robin?
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7086
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: Simplify Remote Desktop Connection Login in RDS

Postby chicagotech » Tue Sep 26, 2017 5:12 pm

Where and how do you configure to allow traffic from RD Gateway to RD Host server?

When using mstsc.exe, the target computer should be the FDNS “dnsfarm.ourdomain.com”. You may need to manually specify the RD Gateway: go to the Advanced tab, click Settings and configure RD Gateway.

Then the client would connect to the gateway, and RD Gateway will forward the traffic to RD Session Host automatically.

Besides, referring to the following link, configurations on RD Gateway should be done to allow clients to access the resource of farm “dnsfarm.ourdomain.com”

https://ryanmangansitblog.com/2013/03/3 ... und-robin/

Note: The above content includes information from third party link. Microsoft does not guarantee the accuracy of it.


1.I know how to install SSL, but I don't know where to install SSL for RDS Farm with DNS Round Robin.

Is there any error message when connecting by MSTSC.exe?

In my experience, SSL does not need to be installed for RDS Farm with Farm DNS name “dnsfarm.ourdomain.com”. However, SSL should be installed on physical machine “HostServerName.ourdomain.com”, and it cannot be done by the Deployment Properties GUI, because Deployment Properties GUI does not have a place to install SSL on RD Session Hosts.

To install SSL on RD Session Host:
•Run “mmc” and add Certificates snap-in with computer account
•Import the certificate (contains the private key) in Local Computer\Personal store
•Then run the following command with administrator privilege
•wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="e2f034c171b92afc96b23b7f4da15728c1e461a9"
•Note: modify the certificate's thumbprint before running the command
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7086
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA


Return to VPN, TS and Remote Access

Your Ad Here

Who is online

Users browsing this forum: No registered users and 4 guests