Solved

Best practice for setting up a terminal server alongside a Windows Server Essentials 2012

Posted on 2014-04-15
10
909 Views
Last Modified: 2016-10-16
Hi there,

I am configuring a new environment on Windows Server 2012. I would just like to discuss the correct/best practice for setting up a terminal server alongside a Windows Server Essentials 2012 Domain

We have the following setup

Windows Server 2012 STD Hyper - V Host, with two guests

Guest 1 Windows Server 2012 STD (Windows Server Essentials Experience Role)

Guest 2 Windows Server 2012 STD (Remote Desktop Services)

In my experience, such as in a SBS2011 / Server 2008 R2 RDS environment, there are specific requirements for correctly setting up for operating a TS/RDS alongside an SBS. Namely that the SBS needs to hold specific roles to function correctly, including the RD gateway role.

Given the setup above, whats changed in server 2012? How should this be configured and in what order to ensure that it functions correctly, and so that users can access remote desktop sessions on the terminal server by using the RWW website operated by the 'Essentials Experience' component of the Windows Server 2012 Standard installation.

For your reference, we have done the following so far, but please consider your answers from a best practices perspective rather then what needs to be done to finalize my current configuration.

1. Install WS12STD on physical hardware and assigned Hyper V role

2. Install 2 virtual hyper-v instances of WS12STD

3. Added Essentials Experience role to Guest 1 and completed Essentials Configuration wizard (which setup domain)

4. Joined Guest 2 to the domain created by the Essentials Wizard. We initially joined the domain via the standard manual means (right click computer -> Properties -> Computer Name). Domain join was successful but the server did not show up in the essentials dashboard under devices so we went back and ran the Connect wizard as if it were a client computer not a server. Not really sure if this was the right thing to do, in the past you added the server to an SBS domain manually, then moved the server to the SBSServers OU under the Domain Users and Computers snap in, after which it would show up in the SBS Console, this didnt seem to happen with WS2012. The connect wizard went smoothly without complaints and the server showed up in the Essentials Dashboard right away including information on update statuses ETC.

5. Configured Guest 2 for RDS using RDS Quick Setup wizard, we did not add it as a role via standard means as research indicated that the new simplified management snap in (tile?) would not work if we did this. Instead we selected the second option in the "Add Roles" wizard titled "Remote Desktop Services. We selected Quick Setup and we chose Session-Based configuration

6. After the RDS wizard was completed, we recieved notification regarding the licensing server ETC. Normal so far. Under the new windows server 2012 management tile(?) for RDS we can see the map of the "Deployment Overview". It has large + icons next to RD Gateway and RD Licensing, whilst RD Web Access, RD Connection Broken, RD VIrtualization Host, and RD Session Host have icons.

So far, this seems good. So if nothing above is magorly wrong, whats next?
0
Comment
Question by:Paul
  • 5
  • 4
10 Comments
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 500 total points
ID: 40002341
So far, this seems good. So if nothing above is magorly wrong, whats next?

Everything you've done has been spot on.  I wish we had more users like you.  The next step would be to start using your new RDS server.  Add users to the server who can access it and start using it.

The one thing I might add is that you probably want a gateway by the sounds of it as it seems like you had one with your SBS2011 setup.  If that's true, then simply adding it with the "+" sign should be easy enough for you and following the prompts/wizard will also be your best bet.

Please let me know if you need more specific info on the Gateway or Broker, or even if you want to delve into RemoteApp.  I have good experience with them and would love to help.
0
 
LVL 1

Author Comment

by:Paul
ID: 40002985
Hi brad

Thanks for coming. I just wrote an extremely long post on my mobile and somehow my dolphin browser lost the whole thing so I'll paraphrase here until I can get to a terminal and type the rest. So excuse the brevity here

1. Whats your thoughts On running the connect wizard on servers as opposed to manually adding to the domain? Whilst it has worked fine comparability documentation for the latest wizard still does not include any mention of server OS.
My main concern is the application of some group policy innaptopriate for a server as a result of the wizard

2. Licensing server role, on the RDS server box as per old SBS/ts combo setups? Or on essentials box
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 40004167
Great questions.  Here are my thoughts:

1. Whats your thoughts On running the connect wizard on servers as opposed to manually adding to the domain? Whilst it has worked fine comparability documentation for the latest wizard still does not include any mention of server OS.
My main concern is the application of some group policy innaptopriate for a server as a result of the wizard
While both ways work, you are doing the best method by joining it through the Wizard.  The reason for this is then, as you noticed, you get it to appear in the Essentials Dashboard under Devices.  Now, in reference to the GPOs applied to it, you have a better shot of getting the right settings using the Connect Wizard than you do manually adding it because when you manually add it, it just stays in the default Computers OU.  I'm not sure where servers go, but even if they do go to the default Computers OU, simply look for a servers OU just like SBS and move them  there.  It won't hurt anything and you'll be able to see them on the Dashboard, which is a plus.

2. Licensing server role, on the RDS server box as per old SBS/ts combo setups? Or on essentials box
Definitely on the RDS Server box.  Keep as many ancillary roles/services off of Essentials as possible.
0
 
LVL 1

Author Comment

by:Paul
ID: 40049444
Hi Brad

Sorry I have been so busy with all this and preparing the migrations from the other geolocations

RDS is working fine with the Essentials Remote Web Access and users can access the RDS server and connect to desktop based sessions.

"Please let me know if you need more specific info on the Gateway or Broker, or even if you want to delve into RemoteApp.  I have good experience with them and would love to help."

I am definitely interested in understanding this better

Right now, we seem to have two RD gateways? Or i may be confused. One is with the essentials RWW, and there is the ability to access the RDS server directly by going to "https://RDSSERVERNAME/RDweb"

When we use the second one we get the option to run web apps without launching into a full remote desktop session. We like this idea, and we want to test this further.

On 2008 R2 TS we have deployed remote apps to domain users automatically via group policy. It required the creation of an MSI package, then the users can operate applications on the ts like a normal desktop window on their desktop without having to go in and out of a RDP desktop instance. Is there capability for this in 2012? I read somewhere that MSI remote apps weren't supported anymore.

Basically we want domain users (local and remote) to be able to simply click an icon on their desktop to run an application on the Remote Desktop Server, w/o logging in through the website every time. Also, if this is possible, how would the application behave if it called on Outlook via MAPI to send an email? Would it open the users local outlook, or would it attempt to launch outlook in the remote desktop instance?

Lots of different questions I know. Apologies. Paul
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 40220597
You'll want to use Remote App for this then... and anything called in the remote instance will try to open apps in the remote instance.

See this for starters:  http://technet.microsoft.com/en-us/library/cc730673(v=ws.10).aspx
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 1

Author Comment

by:Paul
ID: 40220626
Thanks Brad

Unfortunately it doesn't cover my specific config. In my setup I want remote users to come in over anywhere access website (formerly RWW), not RDweb :\

So I was trying to work out how to integrate the remote apps via RD web to launch through Anywhere access
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 40226705
I'm assuming by the word not you meant now in your first paragraph.  If that's the case then have you seen something like this:  http://www.youtube.com/watch?v=aXBiV3pQrLg

?
0
 
LVL 1

Author Comment

by:Paul
ID: 40230951
Hi Brad

Again, appreciate your ongoing input into this issue despite already being assigned the points.

In short, I meant 'not'. Basically, I already have the Essentials Role, along with RWW/Anywhere Access working fine and pointing to the outside world. Users can login in easily to the terminal server in the form of DESKTOP SESSIONS, along with their own computers no problem, and all other resources available through RWW/Anywhere Access.

Problem is, I am trying to determine if its possible to have the RemoteApp's published on the RWW/Anywhere Access website, rather than only visible on the RDWeb website, we want users to access all remote resources through RWW/Anywhere Access
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 40267821
Sorry for the delay.  I can say that RemoteApp through the RDWeb I've done, but I haven't tried integration with Anywhere Access unfortunately.
0
 

Expert Comment

by:Eduardo Puindi
ID: 41845982
Hello, I have an issue that I cannot fix and I’ll thank a lot your help about the it.
I installed Windows Server 2012 R2 Standard in the virtual machine (VMwere 12) and installed Windows Essentials Experience to set up anywhere access.
I have my name domain with dynamic dns support and created (A) record in goddady, pointing to the public address.
When configuring anywhere access everything is working fine until the installation is complete. But it happens that when I open internet explorer to access the external domain I am not able to access the site.
I tried to see if there is a problem with the certificate and from my point of view there could not find any. Even with all this process cannot access the external domain remote.it-resolution1.com.
When I try to repair the connection to the site in internet explorer there is a message saying that the server has been configured correctly but the site remote.it-resolution1.com cannot be open, is being stopped by remote resource.
I went to Server Manager, in the panel saw that the Remote Desktop Services is in red and maybe is not working properly. Anyway I do not know what can be the possible problem that it is making the site not open with the external domain.
Please help me solve this issue and going to be very thankful for that.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now