Windows Server 2019 Essentials Remote Desktop

Posted onby

Install a Fresh Windows 2019 Standard Server with Full GUI. Enable Remote Desktop Session Host & Remote Desktop Licensing; Only. Import-Module ServerManager Add-WindowsFeature -Name RDS-Licensing, RDS-RD-Server -IncludeManagementTools Restart Server; Restart-Computer Create a Local User and add it to Local Remote Desktop Users Group.

  • A step by step guide to build a Windows Server 2019 Remote Desktop Services deployment. I posted this before based on Windows Server 2012 R2 RDS and thought it was high time to update this post to a more modern OS version. I will provide all the steps necessary for deploying a single server solution using the GUI tools.
  • In this article. Applies To: Windows Server 2016 Essentials, Windows Server 2012 R2 Essentials, Windows Server 2012 Essentials. There are multiple ways to access resources that are located on the server when you are away from your network if Anywhere Access functionalities (Remote Web Access, virtual private network, and DirectAccess) are configured on the server.
  • I have an application that will be installed on this server, and it will host a file that acts like a database. What I am looking for: 1- a couple of users will use remote desktop to the server (4-5 users). All accounts are created locally. 2- more than 2 users will be connected at the same time. 3- no active directory or any other service.

You may have heard that Microsoft has removed the Essentials role from Server 2019 Standard/Datacenter but is still offering a Server 2019 Essentials SKU. But did you know that the Essentials SKU will not include the Essentials Experience role either?

Robert Pearman lays out the implications here:

Gone is the Remote Web Access feature.
Gone is the Essentials Connector.
Gone is Client PC Backup.
Gone is Office 365 Integration.
Gone, is the Dashboard.
Gone, indeed, is the Essentials Role.
All that remains of Essentials, is the name Essentials and the licensing limits of the Essentials SKU, of 25 client access licenses.
What we are presented with, is now more in line with Windows foundation server from several years ago.

One developer has figured out how to run the Essentials role from 2016 (which is basically a big .NET application) on Server 2019 Standard. Of course, that will never be supported by Microsoft. If you want a supported Essentials role, Server 2016 is the last option.

Essentials has been a great solution for small businesses that want an “all in one” on-premises server. Server 2016 with the Essentials role is still a viable option, as it is in mainstream support through 2022, and extended support through 2027. But if you want the latest-greatest Server 2019, you’ll need to find alternatives for the Essentials features.

Essentials Feature Alternatives

Remote Web Access is a web interface for remote file access and remote access to on-premises desktops. The latter is provided by an underlying server role called Remote Desktop Gateway. According to the Office Maven article, “Microsoft has removed all of the Remote Desktop Services roles from the [2019 Essentials] SKU,” but they are still available in 2019 Standard. So with 2019 Standard, you can still allow users remote access to their desktops; they just won’t have the convenient web dashboard showing accessible machines. (You could pre-create Remote Desktop links for them.) Also note that with 2019 Standard, you’ll need an RDS Client Access License (CAL) for each user or device. Not cheap.

Remote file access is not so easy. Yes, you should still be able to provide VPN access with native tools. Probably there are third-party tools that would provide a web interface for remote file access.

Client PC Backup Even if all of your critical data is stored on the server, you still need client PC images to restore in the case of a hard drive failure, upgrade failure, or virus infection. You could theoretically set up native Windows Backup or Veeam Free on each client to back up to a network share on the server, but that gets to be a lot to manage if there are very many machines. Veeam offers central management options, but they are not free. Some Network-Attached Storage (NAS) devices include client backup tools.

The Future of Small Business Computing

“The cloud” has some valuable benefits for small business, particularly for hosting services that must be available 24x7x365 (email, web sites, critical file backup). However, many small companies still rely on line-of-business applications that require fast access to data that is best provided by a local server. The companies still have desktop computers that they use while in the office and to which they need remote access when out of the office.

Essentials was a nice suite to meet several of these requirements, but there are alternatives. It’s up to I.T. providers to learn about the options and continue to advise customers on the best combination of solutions for their needs.

Preface:

Remote Desktop Services is a robust role in the windows role group. RDS is used to remote into the central RDS server or any member server or the user’s desktop computer through the RDS server using the Remote Desktop web services either on the internal network or through the internet.

This article discusses the access of the servers and desktops accessed over the internet using RD Gateway using the https port. The Servers and desktops on the on-premises can be accessed without the need RDP port 3389 opened on the firewall. Where the RDP port 3389 is the hacking target for hackers over the internet. As the https port used for the access of remote desktop, the port is usually used for most of the businesses to access the webserver hosted internally.

The Remote Desktop Services will be cost-effective when the number of users or devices accessing applications with an excessive amount of licenses needed. Also, this role is most useful where the client computers installed on the company network or home is not the latest, and the application demands such as hardware or operating systems.

We are going to delve deep into this installation and configuration on an active directory domain network with network policy server (NPS) security. We are using a public CA certificate in this demonstration and hostname assigned on the public DNS.

The following points discussed in this article. Following this article, one can install and configure Remote Desktop Services on a Windows Server 2019 and publish the RDP app to access a server or a desktop as per need on the remote desktop web app portal.

  • Add Remote Desktop Services Role
  • Add Server to RD Licenses and RD gateway
  • Install public CA certificate to each role of RDS
  • Configure RD Licenses
  • Configure Remote App Collection
  • Publish and Configure Remote App
  • Access RD Web and Remote App

To begin with, the demonstration, let’s add the Remote desktop Roles group on the server manager and going forward to configure each component.

Add Remote Desktop Services Role

There are two Windows Server 2019 servers used on this demonstration where the first server is installed as a domain controller, and the RDS server has been joined to the domain of the domain controller, which we have added in the first place.

On the planned RDS installation server called remote, we are going to install the RDS role by launching the server manager dashboard and by clicking the “Add roles and features” link.

The instruction of wizard will show up on the screen, and if you don’t want to see this page on adding roles and features anymore, just check the skip this page checkbox and continue by clicking next.

The RDS Installation can be installed through Role-based or feature-based installation. Still, it requires a lot of effort as there are a number of components to be selected and configured after installation. To make life easier, Microsoft has consolidated all the component installation in one group. That installation method can be used by clicking the Remote Desktop Services installation option at the select installation type.

On the deployment type, select Quick Start so that all components will be installed by itself, and the Quick App Collection will be added to the Remote Desktop Services deployment. Select Quick Start and click Next.

In this article, we are going to look into Session-based desktop deployment, so select session-based desktop deployment and click Next.

On the Server Selection page, select the local server where we have planned for RDS deployment and click next.

Windows Server 2019 Essentials Remote Desktop Free

On the confirmation page, check the checkbox “Restart the destination server automatically if required” and click deploy to start the RDS deployment.

When the Deploy tab is clicked, the RDS Role installation will start installing roles, and the progress can be monitored on the popup.

The server will be restarted in the middle of the installation. When the server restarted and logged in as the same administrator account, the installation will continue, and the progress will show succeeded on the RDS roles deployment completion.

Once the Remote Desktop Services role has been added, the very next step is to configure it. On the server manager, you would find a Remote Desktop Service deployment setup on the left side navigator. Click on that, and additional configuration of this service will be available.

Add Server to RD Licenses and RD gateway

The icons in green or not configured with a deployment server, here the RD licensing and RD Gateway, are in green, and we are going to configure them in the coming up steps. Click RD Licensing, and the configuration window will show up.

Windows server 2019 essentials remote desktop software

On the RD Licensing deployment windows select the server which in our case the local server and selects the server and click on the arrow next to it to deploy RD Licensing server and click Next.

Once the RD licensing server added, the result indicates succeeded next to the progress bar. Click close to close out the RD License server deployment wizard.

As we have already planned, this RDS server is accessed through the internet also, so our very next move is the deploy RD Gateway. Click the RD Gateway icon on the deployment overview area, which is in green, which means it has not been deployed yet. The RD Gateway deployment wizard will open, and we can deploy it with adding the server.

We are adding the local server as an RD Gateway server to the Remote Desktop Services by clicking the arrow in the middle of the selection, and once the server added, click next to configure SSL certificate name.

In this demonstration, I have already created a hostname under my public domain mrigotechno.club called remote, but you need to give a name that is relevant to your RDS gateway hostname and certificate pertinent to be purchased and installed on the internet information Server (IIS). Once the Certificate Name typed, click Next.

On the confirmation, click add to add RD Gateway server to the deployment. Click Add.

On the Results page, the progress indicator will show succeeded and click Configure Certificate to install the certificate.

Install public CA certificate to each role of RDS

On each role services on the Manage Certificate, we need to configure the certificate, there are four roles, and we need to configure the certificate for them. I have installed the third-party CA certificate on Internet information server and export it as a pfx file format while exporting I have secured the certificate with a password. Please have your third party certificate in pfx format file and the password of the pfx file handy as we are going to apply the certificate from the topmost role and apply one by one till the fourth role.

Select the first role and select an existing certificate to apply the certificate dialogue window.

On the Choose a different Certificate, click browse and select the pfx certificate file and type the password of the certificate and check “Allow the certificate to be added to the trusted root certification authorities certificate store on the destination computer.” Click OK to go back to manage the certificate window.

On the state of the certificate configuration for the role, you would see Ready to Apply on state column, click apply and wait to change for the level to Trusted and status to OK and the state to Success.

Do the same steps to apply the certificate to the next three roles, and you would see the State changes to Success as in the below screen capture. Click OK to complete the certificate Configure.

Configure RD Licenses

The Next step is to Edit Deployment properties, on the deployment overview click tasks, and select edit deployment propertied to start the wizard.

Windows Server 2019 Essentials Remote Desktop Cal

As we have already completed Certificate configuration, we have only edit that we need to do RD Licensing. On the RD Licensing under Configure the deployment, select the RDS Licensing mode as per your requirement in the example. I have chosen Per user, but choose the one which is relevant to your environment and click OK.

Configure Remote App Collection

On the left side navigation on the Remote Desktop Services Setup, you would see Quick Session Collection, where the App publisher available to published App, which we would access through RD Web Access. On the Properties area, click properties and select edit properties.

We are going to edit only one option in these properties that we are going to add the User groups to associate to this collection. I have already created a security group called RDS_Users and added some test users to it. I’m adding that group here to associate with the collection., click OK and back to the main window.

Publish and Configure Remote App

In this demonstration we are going to see how to access a member server or a user desktop from the RD web access from the internet, without opening RDP port 3389, the same steps will apply to add a user’s desktop. But make sure the member server or user desktop is enabled Remote Desktop on the system property of the computer. So I got a server on the network that can be configured to access from RD Web, we are going to configure Remote Desktop App by publishing the RDP app to the Quick Collection Apps.

On the Remote App Programs area, click tasks on the screen below and click “Publish RemoteApp Programs.”

You will be presented with selecting the RemoteApp programs list and choose the App you want to publish. In this case, the Remote Desktop Connection. Select “Remote Desktop connection” and click Next.


On the confirmation page, click publish.

On the completion page, you would see published status message click close to go back to the main window.

On the Remote Desktop Connection RemoteApp that we just published right-click and select edit properties to configure the properties of the App.

Server

On the General page, type a name that is appropriate for the RDP Connection Computer. In this case, it a server called server1, so I type the name server1 on the name box.

The next page is parameters, on the parameters page, click “Always use the following command paraments” radio button and type the IP address of the server or desktop to which the RDP connection to be established. In this case the private IP4 address of server1 is 192.168.24.190. The correct parameter value is /v:192.168.24.190. Replace the IP address with the one of the servers or Desktop IP address on your network.

The next item is User Assignment, add the user account to which users need to find this Remote App program that has to be visible on the RD Web Access login. Click add and choose the relevant user or group.

On the next page, leave the file type association with default setting and click OK.

Access RD Web and Remote App

We have completed all RDS configuration and moving on to the RD Web portal to login to the portal and access the apps assigned to the use. The URL for the RD Web is https://remote.mrigotechno.club/rdweb

Replace the remote.migotechno.club with the one you have configured for your environment.

Type the username and password with the domainuser format and password of the user and click Sign In.

The portal will show the web resources, the Remote desktop connection app that we have configured with the name server1 is available for us to access from the RD Web access login. Click Server1 and follow the login screen.

Click connect on the notification popup.

On the security login dialogue, type the user name and password of the user and click OK.

The RDP connection is remote into the server1 computer, as shown below.

Windows Server 2019 Essentials Remote Desktop Windows 10

The RDP access is successful to the IP address 192.168.24.190, and this concludes our demonstration.

Windows Server 2019 Essentials Remote Desktop

Conclusion

In this article, we have discussed and gone through the demonstration of deploying Remote Access Services on Windows Server 2019 elaborately. You can follow the same step and deploy Remote Desktop Services on your lab or production environment.

I have demonstrated other roles of Windows Server 2019 in Get An Admin article. You may have some questions or feedback to share with me, please click the comments below and share your thoughts. I am so happy to answer your questions.