Session-based desktop deployment greyed out

Welcome to my guide on how to configure a single server Remote Desktop Services (RDS) deployment using server 2016. We’re seeing less and less RDS deployments but some situations still require some lite RDS access. Specialist software which doesn’t run over a VPN or is not cloud based is ideally suited to RDS deployments.

I’ve still seen lots of engineers struggle to properly configure a single server deployment so lets get stuck in because actually is really easy!

First install Server 2016 with GUI and get all the updates installed.

Add the server to the domain as a member server, in this lab I call mine RDS2016.

Login as a domain administrator.

Server manager should automatically launch, click on Dashboard then ‘Add roles and features’.

Session-based desktop deployment greyed out

The wizard will launch so click on Next.

Session-based desktop deployment greyed out

Click on ‘Remove Desktop Services Installation’ and click Next.

Session-based desktop deployment greyed out

Click ‘Quick Start’ then Next.

Session-based desktop deployment greyed out

Click ‘Session-based desktop deployment’ and click Next.

Session-based desktop deployment greyed out

Your server should already be in the Selected server list on the right but if not highlight your server from the Server Pool and move it into the selected panel and click on Next.

Session-based desktop deployment greyed out

Tick the box to restart the destination server and click on Deploy.

Session-based desktop deployment greyed out

Let the installation complete.

Session-based desktop deployment greyed out

The installation will start and the server may reboot, if it does then log back in and wait for the install to complete and click on Close.

Session-based desktop deployment greyed out

In the server manager you will see the new role ‘Remote Desktop Services’ installed. Click on it from the menu to see the configuration.

Session-based desktop deployment greyed out

At this point some will try and configure the RD Gateway option since its green and showing ready to configure. Just ignore this because in a single server deployment we don’t need a gateway load balancing our connections because we only have one server! We do however need to setup licensing.

Click on ‘RD Licensing’ to start setting it up.

Session-based desktop deployment greyed out

As before your server should already be selected in the right hand panel but if not select it in the left and move it into the right and click Next.

Session-based desktop deployment greyed out

Click Add to install the licensing role to the server.

Session-based desktop deployment greyed out

Let the role install and click Close.

Session-based desktop deployment greyed out

Next go back to the server manager and right click on ‘RD Licensing’ and click ‘Select RD Licensing Mode’ from the menu.

Session-based desktop deployment greyed out

Select the mode based on the RDS cals that you have purchased. Here I select Per User because i’ve got a bunch of user cals available. Click OK.

Session-based desktop deployment greyed out

Next we need to install our RDS licenses. From the server manager select Tools then ‘Remote desktop services’ then click ‘Remote Desktop Licensing Manager’.

Session-based desktop deployment greyed out

First thing we do in the licensing manager is right click the server node and click ‘Activate Server’.

Session-based desktop deployment greyed out

Click Next on the wizard.

Session-based desktop deployment greyed out

Select ‘Automatic Connection’ and press Next.

Session-based desktop deployment greyed out

Enter you company information and press Next.

Session-based desktop deployment greyed out

Continue entering in your info and click Next.

Session-based desktop deployment greyed out

Click Next.

Session-based desktop deployment greyed out

Now starts the license installation wizard, click Next.

Session-based desktop deployment greyed out

Select the license type that you have from the drop down. I’m using retail license packs here and click Next.

Session-based desktop deployment greyed out

Enter  your license key, click Add then Next.

Session-based desktop deployment greyed out

Click finish to install the licenses.

Session-based desktop deployment greyed out

Your license should appear in the list of available licenses. You can see here i’ve installed 50 2016 user cals. Next we need to right click the server and select ‘Review Configuration’.

Session-based desktop deployment greyed out

You can see here a warning message that the server is not a member of the license servers group in AD. Click ‘Add to Group’.

Session-based desktop deployment greyed out

The warning says you need to have admin privileges in AD to continue, click Continue.

Session-based desktop deployment greyed out

Click OK to confirm the server has been added to the group.

Session-based desktop deployment greyed out

Verify everything is green and click ok.

Session-based desktop deployment greyed out

Next we need to specify who can connect to the server. From the server manager click on the Remote Desktop role from the left hand menu, click ‘QuickSessionCollection’ then from the Tasks menu click ‘Edit Properties’.

Session-based desktop deployment greyed out

You can see here that Domain Users are allowed access to the server. This is no good from a security perspective! you cant allow everyone to connect remotely so its best practice to configure a specific group and add users to that group to allow access.

Session-based desktop deployment greyed out

On a domain controller fire up ‘Active directory users and computers’ and create a new group. Select your appropriate OU location right click, select New then Group.

Session-based desktop deployment greyed out

Give the group an appropriate name, here i use ‘RDS Users’. Set the type to security and click ok.

Session-based desktop deployment greyed out

Next go to the properties of the new group, click the Members tab and add users who will require remote access and click ok.

Session-based desktop deployment greyed out

Go back to the RDS server and remote the Domain users group and instead add the new ‘RDS Users’ group we just created.

Session-based desktop deployment greyed out

Congratulations you’ve just configured a single server 2016 RDS deployment!

You next steps are to configure group polices and other UI elements so that the server is locked down enough that users cant cause it any harm 😉

Also seriously consider your security options, investigate the use of two factor authentication and brute force mitigation systems to keep the system safe especially if you open it up to the internet.

Oh and what ever you do ensure your domain and local administrator passwords are super secure. There’s a lot of brute force bots out there trying to login so be careful!