Link to home
Start Free TrialLog in
Avatar of Kevin Caldwell
Kevin CaldwellFlag for United States of America

asked on

Remote Desktop on Server 2012 WorkGroup server

I have just installed a server 2012 Standard server acting as a file server in a Workgroup for 6 PC's. I can access server internally by remote desktop connection using 192.168.1.220:3390 (server is on static on .220 and has port 3390 in registry) by enabling the remote option in system properties.

I need to enable remote access for 3 users outside the office using RDP. The office has just an ISP Adtran router, no other internal router is present with again port 3390 being ported by the ISP to the server 2012 box IP internal address. There is no AD services or and Remote services installed at this time.

I WAS able to do a RDP session to the server from outside the office, and I did the updates available for the server, rebooted, and now, I CANNOT rdp from outside the office,, really ?

The 2012 server was purchased with 10 CAL's but the client does NOT want to use AD, DNS, DHCP or and facet of AD, simply a workgroup server for QB file storage, and file storage.

Need specific help on what to setup, links are ok to other sites, but that's not really helping me. Thanks !
Avatar of Happy Tohelp
Happy Tohelp
Flag of United States of America image

If you can RDP internally it is probably the Adtran forwarding.
Avatar of Kevin Caldwell

ASKER

TMEKEEL,,

I mentioned the Adtran is doing the forwarding on the RDP port.. I created a inbound rule in the server firewall to allow the port 3390 to come through, But the ISP opens it in the Adtran. It was working fine until I did a batch of 27 updates for the server, after the reboot, I cant connect now..

What about allowing multiple rdp sessions ?
Right I was just a little confused as to can you still connect internally;  the original post makes it seem like you could, as you said "I did the updates available for the server, rebooted, and now, I CANNOT rdp from outside the office"

So I will go on the assumption that you cannot.  Can you telnet to 3390 on the server from a LAN client?

If not, the port is not listening for some reason or the firewall is blocking again. Try disabling the firewall perhaps?  

Terminal Services needs to be installed to allow multiple sessions.
did you change the default port 3389 to port 3390?
ve3ofa,

The port has been changed. I was testing the remote from inside the building before the updates, and it worked, as did access from outside. I figured the updates were OK to do, then after the reboot, i tried from inside again, and can't connect, then tried from outside, and can't connect..
Regarding Terminal Services, How exactly is is setup on a NON AD workgroup server? Does TS need a AD server ?
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
RobWill--correct, but I think that's what he's asking for.

Here is the Microsoft walkthrough.  Although, as you mentioned it's not recommended and most services are gone.

http://support.microsoft.com/kb/2833839/en-us?sd=rss&spid=16526&wa=wsignin1.0
There are several services that require AD, however those are probably not required in this situation and you can get around that using the 'old fashioned" add a role method as opposed to the new RDS wizard.  The issue, as I understand it, and did run into this a while back is with the RDS licensing services.  Unlike previous versions it requires AD integration.  AD can be hosted on any server version from 2003 to 2102, but is needed.   There is no way around eventually installing RDS licensing and adding CAL’s.

You can install RDS without the licensing service but on the 120th day you will not be able to access the RDS server.  During the 120 days you will receive periodic notifications; "Remote Desktop licensing mode is not configured."   Therefore eventually you install the licensing service, but you will not be able to complete the setup and will receive a message; "This license server is not a member of the Terminal Server License Servers group in Active Directory Domain Services. This license server will not be able to issue RDS Per User CALs to users in the domain, and you will not be able to track or report the usage of RDS Per User CALs on this license server."

It does say; “will not be able to issue RDS Per User CALs”, and fails to mention device CAL’s.  I am doubtful there is a difference but confess I have not tried using with device CAL’s.  In this age of users connecting to an RDS server from their work PC, another work PC, home, laptop on the road, tablet, and smart phone, there are very few situations where device CAL’s make sense.
RobWill,

For some the link I gave and the local gpedit does work, per the below discussion, in per user or per device.  Since I havent tested it I cannot say either way though.  Not trying to argue and you obviously have the experience over me on this one, but if you could review both links and let us know your thoughts that would be great.  Maybe something has changed?

http://support.microsoft.com/kb/2833839/en-us?sd=rss&spid=16526&wa=wsignin1.0 

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/ebc032e2-ab2d-4acd-aef7-28ed548be569/
RobWill,

Oh my.... All I need to do is to get 2-3 remote users remotely in this box. the in office users are fine on the workgroup. Questions,

I have the 2012 as a workgroup right now,, NO other services are installed, Framework 3.5 and 4.5 are installed, but no services.. The 2012 server disk came with 1 license and I have 10 Server 2012 CAL's. I also have 2 shared data folders setup. Does this license work on the 1 physical and the 2 virtual servers too ?

I would like to keep the current workgroup config as is, and install the AD virtual server for the means of having a licensing server for the virtual RDS server. Is this possible ? I have no need to attach the in office PC's on a AD, and I can't on some anyways, they are HOME based OS's, not Pro. The client purchased PC's that use the Home version of WIN 8, and Win 7.

Your understanding of 2012 server is MOST appreciated !!
Yes you use the same license and key to install the Hyper-V host and 2 VM's.  This assumes you have 2012 standard.  It does not apply to 2012 Essentials (which must be a domain), or 2102 Foundation.   2012 is also limited to two physical processors (not cores) per server 2012 license.

I am afraid you cannot use the hyper-v host to run any services, not even file sharing, basically it can only be accessed for administration of the host itself.
It has to a default install with only hyper-v added. Therefore you could not just add the role to your existing server.

However, non domain joined machines can still access resources on the VM's and the RDS server.  They will need an AD user account, and provide credentials when accessing such as mapping a drive.  
I always ask the client as politely as I can, how could Microsoft better explain the O/S was for use at home than labeling it home  :-)

Just for the record; an even better config for small businesses, with less than 25 users, is to buy a volume license for Server 2012.  This includes the same benefits previously mentioned but you can also exercise downgrade rights and use one VM as Server 2012 Essentials.  2012 Essentials gives you the domain, Remote Web Access to the PC's and servers, remote web based file access, and PC backup.  The second license you would still use for an RDS VM.  For most of those features home versions are supported as they rely on the Essentials connector, rather than domain membership.   You still retain the right to upgrade that machine to server standard at a later date, or buy a "transmog" kit allowing you to retain the Essentials features but apply to more users.
@ TMekeel
I apologize I only skimmed the article before and read about not installing the Remote Desktop Connection Broker role service which also requires AD, as does VDI, Remote Apps, RD Web and RD Gateway, but I missed the part about "This server can be part of a workgroup or may be configured as a Domain Controller."  

As for "may be configured as a Domain Controller".  Interesting as the latter contradicts with other Microsoft articles which state; "It is not supported to combine Remote Desktop Services role services and Active Directory Domain Services role on Windows Server 2012. This behavior is by design. It is never recommended, but allowed to install Domain Controllers and Remote Desktop Services role services until Windows Server 2012. From Windows Server 2012, this configuration is no longer supported."

And regarding a workgroup.  It shows the Licensing service is still required, but I don't know how they get past the error I mentioned earlier.

I don't take this as argumentative at all, and I appreciate you pointing it out.  I have been wrong many time sin the past :-)    As soon as I get a change I will test on a VM.  As a Microsoft MVP (does not make me any more knowledgeable) I am often privy to different discussions where it has clearly been stated 2012 requires AD, but to be honest it was taken as fact without discussion.  There are also numerous blogs stating the same, and I tried to set up an RDS Workgroup server back in the beta stages was unable to complete configuration of the licensing server, even with Microsoft's help, though they basically said "Unsupported!".

It is very convenient though that Microsoft has addressed this, Exchange, and the demise of SBS by allowing the 1+2 licensing, as I cannot imagine managing any network, with even 2 PC's without a domain, if a server is in place.  Workgroups are too complicated and time consuming for me, seriously.
I do INDEED have 2012 STANDARD !!  

The server has an Intel S1200BTS single processor motherboard, and it is a PAIN loading Server 2012 on it,, it does NOT see the raid5 in the onboard RAID chip. I looked all over for the correct driver, loaded, and it still wouldn't do it, even the MB DVD did not help. I had to load Server 2008 R2 WITH SP1 to see the raid, and then do on the fly upgrade to 2012 server.

I don't think I will have issues with the raid with the virtuals, since they are virtuals. Not sure how to reallocate the drive space or the ram, but I see how IF I have to redo the server as it is now. You are also saying I need to redo the installation again, or add the hyperV service on what I have, then create the virtuals? And I do not need to attach the user pc's, but just the AD name of the users who need the Remote Desktop Services ?

Have you done this before?  It seems alot of work for 3 people max to remote in !  :)
Is it a server board or PC.  The latter might explain the installation issues.  I wonder if the upgrade from 2008 R2 to 2012 might be related to your earlier problems.  I have to admit in all the servers I have built over the years I have never done an upgrade, I didn't even know you could, but doubt I would in any case.

Correct the VM's should have no problem.  I would first make sure the server is compatible with Hyper-V, but even most current PC's are.  There is a quickie test tool at: http://www.grc.com/securable.htm

>>"Not sure how to reallocate the drive space or the ram"
Before doing anything make sure you have a tested backup.
The drive space can be changed (shrink) with Server 2008 R2 and 2012 allowing you to change, however it possible to just create a folder for the VM's.  RAM is not an issue, you just assign to a VM and hyper-V gets the rest.  I usually leave 2GB for it.  How much RAM do you have in total.

>"You are also saying I need to redo the installation again, or add the hyperV service on what I have, then create the virtuals?"
Technically I needs to be a clean install, but you may be OK to stop using it as a file server, clean up the accounts, and install Hyper-V as is.

>>"And I do not need to attach the user pc's, but just the AD name of the users who need the Remote Desktop Services ?"
Any user accessing the server will need a user account, the same as in a workgroup.   For example when mapping a drive.  When they do so, they will need to use as a user name  domain\user.  You can even save the credentials so mappings are automatic.

>>"Have you done this before?  It seems a lot of work for 3 people max to remote in !  :) "
Absolutely.   I set up a client last week with only 2 users and no intention of ever expanding, and I have done several with 2-10 users.

Totally unrelated to this question, but always a consideration with RDS.  If you plan to install Microsoft Office, any version, on an RDS or TS server it requires enterprise/volume licensing.  One per user, which is 2-3 times the price of the lesser Office versions.  In this case installing a Win7 VM for each user can in some cases be less expensive in very small networks.  Just something to consider.
We have a server class motherboard from Intel, 32 gig ram, 2 TB raid 5 (3 1TB drives).

I NEED to have Office 2007 or better as I have 07 installed on the server now.. It is imperative for all users to access to WORD, Excel, and Outlook. I have about 15 hours in billable time now for this week, and the client is already complaining. It is nearly impossible for me to redo things again, the client will not tolerate the added costs and since I have home operating systems on the in office pc's,  it won't work with the AD as I can't join them to the virtual domain.

Very perplexing between what needs to be done and what I am going to be able to do within the constraints of the client..
Rob,

Exactly what I was thinking, until I read further down in the second link, they use gpedit to get by the other restrictions using local policy and setting the licensing server manually.

Still a workaround, but it looks like it would work without the OP going through all the VM reinstalls.
Robwill,

Forgot to mention...I dont like clients having anything less than Win 7 Pro at this point, workgroups are the worst and for that matter, I never was a fan of SBS.  Too much stuff going on in one box!
>>"Very perplexing between what needs to be done and what I am going to be able to do within the constraints of the client.. "
The limitations are Microsoft licensing and your understanding of them.  Sorry I have no magic bullet to say all is well.  Keep in mind we can all be audited by Microsoft at any point and time.  Ignorance of licensing is not an excuse and penalties are high.

If you have office 2007 installed it can't be with RDS installed as when you start to install it will tell you the version is not compatible and not continue.  It will install on the server without RDS enabled, i.e. in administrative mode.

I asked about server specs to see if it would support Hyper-V and the VM's, but for 10 or less users you should be fine.
@TMekeel
Anxious to try this in a VM.
I agree except with SBS, it is/was my favorite product.  Unfortunately many very talented IT pros did not understand the product.  I have a lot of very unhappy clients I have to gradually move away from SBS over the coming years, all of which thought it was an incredible product, at an incredible price, and very trouble free.
@Robwill,

Yeah, I didn't want to derail the thread for the poor OP, but I do understand SBS, the major failure for me is all the stuff in one box.  I always liked a nice clean 2xDC setup, separate file servers, separate application servers.  I support plenty of them, and for the most part they are solid.  But when SBS goes down, the whole site goes too. Most of the folks who buy SBS only have the one box in my experience.
Yes most SBS sites have only 1 or two servers, but with 17 SBS servers in place I have only had one occasion where the client was down for more than 1/2 hour in 10 years and that was due to a 3rd party service.  It is very stable but wizards and defaults must be used.  Very competent IT experts do not realize this and do things manually which will bring the server to its knees.  I have not one complaint about SBS 2003 and newer.  However, this is probably not the place for this discussion, nor does it matter since it has been retired.
This is the main correct answer in my opinion, the 2012 sever must be an AD controller to properly function in my scenerio.
Thanks kevinecaldwell.
You mention; "the 2012 sever must be an AD controller ", but keep in mind as mentioned earlier AD must also be on a different server than RDS as per http://support.microsoft.com/kb/2799605

Cheers!
--Rob
Avatar of zombiekil
zombiekil

Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing

"Use the specified RD license servers" = myservername

"Set the Remote Desktop licensing mode" = Per User or Per Device

Regards,
Shawn.