Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by-Step Guide
Applies To: Windows 7, Windows Server 2008 R2
About this guide
RemoteApp and Desktop Connection allows administrators to provide a set of resources, such as RemoteApp programs and virtual desktops, to their users. Users can connect to RemoteApp and Desktop Connection in two ways:
From a computer running Windows® 7. When set up, resources that are part of RemoteApp and Desktop Connection appear in the Start menu under All Programs in a folder called RemoteApp and Desktop Connections.
From a Web browser by signing in to the website that is provided by RD Web Access. In this case, a computer that is running Windows 7 is not required.
This step-by-step guide walks you through the process of setting up a working RemoteApp source that is accessible by using Remote Desktop Web Access (RD Web Access). During this process, you will deploy the following components in a test environment:
A Remote Desktop Connection Broker (RD Connection Broker) server
A Remote Desktop Web Access (RD Web Access) server
This guide also explains how to configure Single Sign On so that users are only prompted once for credentials. When you deploy Single Sign On, consider the following certificate requirements:
The certificate must be trusted explicitly or from a trusted root certificate.
The certificate name or the Subject Alternative Name must match the fully-qualified domain name of the server.
The certificate must support Server Authentication or Remote Desktop Authentication Extended Key Usage.
Indirect certificate revocation lists are not supported.
Certificate revocation checks are performed by default.
When you use CredSSP, you can turn off certificate revocation checks by configuring the following registry entry to a value of 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors
When you use Transport Layer Security (TLS), you can turn off certificate revocation checks by configuring the following registry entries to a value of 0: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\ CertChainRevocationCheck and HKEY_CURRENT_USER\SOFTWARE\Microsoft\Terminal Server Client\ CertChainRevocationCheck
Is guide includes the following topics:
This guide assumes that you previously completed the steps in the Installing Remote Desktop Session Host Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=147292), and that you have already deployed the following components:
An RD Session Host server
A Remote Desktop Connection client computer
An Active Directory® domain controller
The goal of a RemoteApp source is to provide users with programs that are available by using RD Web Access.
What this guide does not provide
This guide does not provide the following information:
An overview of Remote Desktop Services.
Guidance for setting up Active Directory Domain Services or an RD Session Host server. For more information, see the Installing Remote Desktop Session Host Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=147292). For a downloadable version of this document, see the Installing Remote Desktop Session Host Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=147293) in the Microsoft Download Center.
Guidance for setting up and configuring a virtual desktop pool. For more information about setting up a virtual desktop pool in a test environment, see the Deploying Virtual Desktop Pools by Using RemoteApp and Desktop Connection Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=147906). For a downloadable version of this document, see the Deploying Virtual Desktop Pools by Using RemoteApp and Desktop Connection Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=147907) in the Microsoft Download Center.
Guidance for setting up and configuring a personal virtual desktop. For more information about setting up a personal virtual desktop in a test environment, see the Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=147909). For a downloadable version of this document, see the Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=147908) in the Microsoft Download Center.
Guidance for setting up and configuring RemoteApp and Desktop Connection in a production environment.
A complete technical reference for Remote Desktop Services.
Scenario: Deploying Remote Desktop Web Access with Remote Desktop Connection Broker in a test environment
We recommend that you first use the procedures provided in this guide in a test lab environment. Step-by-step guides are not necessarily meant to be used to deploy Windows Server® features without supporting deployment documentation, and they should be used with discretion as stand-alone documents.
Upon completion of this step-by-step guide, your RemoteApp and Desktop Connection will be available for a user account that connects by using RD Web Access. You can then test and verify this functionality by opening a RemoteApp program as a standard user.
The test environment that is described in this guide includes five computers that are connected to a private network by using the following operating systems, applications, and services.
Computer name | Operating system | Applications and services |
---|---|---|
CONTOSO-DC |
Windows Server 2008 R2 |
Active Directory Domain Services (AD DS), DNS |
RDSH-SRV |
Windows Server 2008 R2 |
RD Session Host |
CONTOSO-CLNT |
Windows 7 |
Remote Desktop Connection |
RDCB-SRV |
Windows Server 2008 R2 |
RD Connection Broker |
RDWA-SRV |
Windows Server 2008 R2 |
RD Web Access |
The computers form a private network, and they are connected through a common hub or Layer 2 switch. This step-by-step guide uses private addresses throughout the test lab configuration. The private network ID 10.0.0.0/24 is used for the network. The domain controller is named CONTOSO-DC for the domain named contoso.com. The following figure shows the configuration of the test environment.