Remote Desktop Services Setup

Posted By admin On 01.05.21

Remote Desktop Services Configuration Administrative Tool
Windows Remote Desktop Service
Remote Desktop Setup Wizard

Requirements

Remote Desktop Services Configuration Administrative Tool

Internet connectivity and perimeter firewall address and administrator credentials
Domain administrator and Azure portal global administrator credentials
Windows Server 2019 and Remote Desktop User CAL licenses
Enterprise Mobility Suite subscription providing Azure AD Premium for MFA must be assigned to each remote user and MFA enabled for a phone call
Public SSL certificate purchased separately with FQDN like remote.domain.com
FQDN for the remote desktop gateway must resolve via NSLOOKUP in DNS on the Internet and inside the network
Install Remote Desktop Licensing Manger on a domain controller prior to setup of the Remote Desktop Gateway on the remote desktop server
Network Policy Server role and NPS extension must be installed on a domain controller and a restart will be required
Windows Server 2019 on a Domain Controller has a known flaw where a custom Radius firewall rule must be added inbound with UDP for ports 1812, 1813, 1645, 1646
All networking with firewall enabled and storage must be configured before installing the Remote Desktop Server role
For Installation Type of Remote Desktop Services, DO NOT select Role-based or feature-based installation
Installing Remote Desktop Services on the remote desktop gateway server will require a restart
Server name for remote desktop gateway CANNOT be changed after installation without uninstalling and reinstalling remote desktop services and related components
For troubleshooting, enable logging on the Advanced Settings of the Windows Defender Firewall on both the domain controller and remote desktop server
The following should be recorded in the System Plan: Windows Server and Remote Desktop User CALs keys, SSL and NPS shared secret passwords, remote desktop deployment options, Azure GUID, and NPS settings
Setup and testing of Remote Desktop Services with MFA will require a minimum of 2-4 hours

Windows Remote Desktop Service

Remote Desktop Setup Wizard

Select Remote Desktop Services, and then click Next, and then Next on the Remote Desktop Services page. Select Remote Desktop Licensing, and then click Next. Configure the domain - select Configure a discovery scope for this license server, click This domain, and then click Next. Activate the license server. Server name for remote desktop gateway CANNOT be changed after installation without uninstalling and reinstalling remote desktop services and related components For troubleshooting, enable logging on the Advanced Settings of the Windows Defender Firewall on both the domain controller and remote desktop server.