Windows Server 2012 R2 Remote Desktop Services

Posted on 02-05-2021 by admin

In this video demonstration we will see how to enable remote desktop feature (RDP) in Windows Server 2012 R2, as well as we will see how to connect Windows S. For months I was unable to Remote into one Server 2012r2, and followed your advice to look at Windows Firewall, Advanced Settings, and then enable the Remote Desktop rules for User Mode (TCP-in), User Mode (UDP-in) and Shadow (TCP-in).

Windows Server
Windows Server 2012 R2 Download Iso
Windows Server 2012 Remote Desktop Services
Windows Server Remote Desktop Licensing

Working in a Windows Domain environment, whether it is in the larger campus size enterprise environments or the small medium business markets, it is likely you will come across Remote Desktop Services. Remote Desktop Services rely on having a valid certificate being used by all the services on all servers, or to have a self-signed certificate that is pushed to all workstations that will be used so the connection is trusted. If the Remote Desktop Services are only utilized with internal infrastructure, then using a Windows Certificate Authority may be the best option, but as more and more employees start to work remotely to connect in a signed certificate from a globally trusted platform like Entrust, Thawte, DigiCert or GoDaddy will need to be purchased. This hammer is not geared towards code or automation, so do not expect script blocks or code to follow.

Many monitoring services available are not designed to monitor the certificate being used on many Windows services, and unfortunately many certificates are only purchased or signed for a year so every year there is a half day or more where Remove Desktop Services become unavailable until a new certificate is put in place. Whether you let the certificate lapse or you are the proactive Server or Systems Administrator you are, the same process applies. There are currently no pictures, if that is what you were hoping for. With enough requests we will update this post with some imagery generated by the fine Techs with their Hammers. This hammer is geared more to a server admin with at least some experience maintaining a Windows environment as a tier 1 help desk analyst should not be

Here at Tech With a Hammer we are geared to the small and medium business size markets, and as such many business either will not have the resources available or no need to have an on-premises Windows Certificate Authority so we will be covering the signing SSL signing process at online Certificate Authorities with a generated Certificate Signing Request, and how to utilize this certificate in Microsoft Remote Desktop Services. The To re-iterate, the process is the same for a new or renewed certificate.

High availability for the RD Connection Broker is also improved in Windows Server 2012 Remote Desktop Services. Part one: Breaking down RDS roles. What's remote access? Simplifying VDI deployment with RDS. What a VMware pro thinks of RDS and RemoteFX. Quiz: How much do you know about Windows Server 2012 RDS? 2: Domain Controller, Print server, WSUS server. 3: Remote Desktop Services. Users do not have admin rights. We run IE, Chrome, Firefox for browsers, plus Office 2016. At any one time, I'll see 4-6 users logged in during business hours. Server specs: Dell Poweredge 2950. Dual Quad Core Xeons at 3.16 GHz. 64 GB ram on the host.

For a Globally Trusted Certificate Authority
For this example, GoDaddy will be used as much of our work is aimed at the small-medium business markets so they will not be willing to buy spend 4x the money or more at Thawte or Entrust. The process is similar, though where they need you to verify ownership of the domain the process will be slightly different though each certificate authority has clearly defined processes in place and how to documentation which we would highly recommend following as that process can and will change after this post is published to the Internet.

In GoDaddy, when you purchase an SSL certificate it is not assigned to a domain or keyed at the time of purchase. This is all done after the initial purchase is created. So, purchase your new certificate, whether it is a new or renew it is the same process. Once purchased you will need to generate a Certificate Signing Request.

To generate the Certificate Signing Request multiple tools can be used, OpenSSL being open source and used almost everywhere, Certificate Management Console built into all Windows operating systems, or the easiest being Internet Information Services which is installed with the Remote Desktop Services role set on your server. This hammer will cover the process through IIS due to easy of use for single name certificates, though if requiring additional names as subjectAltNames then either OpenSSL or the Certificate Management Console will be needed.

On the Remote Desktop Service server running the Connection Broker service open up the IIS Management console, under the page for the server name select Server Certificates and then under actions click on Create Certificate Request. The common name, or subject name, is the FQDN of the domain name used to connect. Common domains are remote.domain.tld, secure.domain.tld, service.domain.tld, while you can have your user connect to hammer.domain.tld or whaleblubber.domain.tld if you want to practice security by obscurity (as everyone knows security by obscurity works). For all information be as accurate as possible, if you are renewing a cert that has been issued stick with the same information used for all other parts as the old cert unless they need to be updated.

We have used the information in the figure below for this post only, so all details pertaining can be safely ignored but enter in the information as accurately as possible.

The Country needs to be in two letter international format, you may need to look up your country code if you do not know it.

Upon clicking next you will notice you have a few options with your algorithm and key size, we here at Tech With a Hammer would recommend choosing elliptical duffie-hillman with a keysize of at least 4096 bits, but unfortunately Microsoft services do not work with the elliptical keys yet so sticking with Microsoft RSA is sufficient. We have found that there have been compatibility issues when selecting anything higher than 4096 bit key length, some online certificate authorities are unable to accept anything larger, as well some older software or operating systems are unable to use keys larger than 4096; though we have questions as why you would be still letting Windows XP without a service pack installed connect to your network.

To finish off the CSR process you will need to save the request to a text file, save this request to a secure location on your server, the larger the keysize the longer it will take to generate the request. It is highly recommended that this folder is not on a network share, with the default NTFS ACLs adjusted so only the user account being used to maintain the certificates can access the folder. The contents of the file will be used to sign the certificate from your online Certificate Authority. If you look at the file you will notice it is just a couple of flags to denote beginning and end of the certificate, and then a blob ob base64 encoded text, should look similar to the following blob.

Windows Server</h2><p>If you are processing this certificate on a web server that is not associated with your Remote Desktop Services server make sure you choose the option to also delete the key from the store, otherwise you can leave it in place as it will be re-imported. In this case since our tech was hammering away on the RDS server he chose to not remove it from the certificate store.</p><p>To be able to export the private key, Windows assumes that your server administrator is incompetent and will require you to secure the certificate by either locking it to a security principal (user account, computer account, or security group), or by locking it with a password. Our tech with the hammer is suggesting to use a password as he has had terrible experiences locking the certificate to either a username or a group, though your mileage may vary as his last experience with this is from Windows Server 2003.</p><p>Save this PFX file to the same secure location as above, having this PFX is just as dangerous as having the CSR and CRT together, though it allows any attacker to skip a step if they want to abuse it.</p><p>On any server running any of the RDS services, open up the Server Manager console. If you have more than one RDS you will need to add all your servers to the console, otherwise when you import the certificate it will not be applied to all RDS servers.</p><p>Open up the RDS role, and under Overview click on Tasks and then Edit Deployment Properties. </p><p>Start from the service listed at the top, choose the option to select an existing cert, browse to the PFX exported in the previous step, ensure that the option to allow the certificate to be added to the trusted root store is selected, and then make sure to apply.</p><p>You can only edit the cert on a single service at a time, so this part will take some time as it can take a few minutes to push the cert to all servers.</p><p>And, this hammer has covered obtaining a new or renewing a certificate for your Microsoft Remote Desktop Services. We hope this guide has helped clear up some of the headaches you would experience when dealing with certificates on Remote Desktop Services.</p><img src='https://cdn.shopify.com/s/files/1/0855/1446/products/Microsoft-Windows-Server-Standard-2012-R2---Open-Academic_grande.gif?v=1467137208' alt='Remote' title='Remote' /><h3>How to enable Remote Desktop (RDP) on Windows server 2012</h3><h3>Intro:</h3><p>In this how-to we will walk you through on How-To Enable RDP in Windows Server 2012.</p><p>Remote Desktop Protocol (RDP) is a protocol expanded by Microsoft that allows you to connect and control another computer via an existing network making it a remote connection.</p><p>Keep in mind that you can also use consle access to your server from VPSie console in case of emergencies as needed or to modify/configure RDP or network settings.</p><h3>Prerequisites</h3><ul><li>A Server with Windows Server 2012. If you do not have a server already, you can create and spin a new server up in under 2 minutes.</li><li>RDP client from remote machine – this can be native windows RDP client on windows or MAC client such as 2X parallels client.</li></ul><h2>Enable RDP in Windows Server</h2><p>Open the <strong>Server Manager</strong> from the taskbar/ Click on <strong>Local Server </strong>/ Locate Remote Desktop under <strong>Properties</strong> which is currently Disabled and Click on <strong>Disabled</strong></p>Server managerSystem Properties window will appear. Select Allow remote connections to this computer and its recommended to check the box below.System allow screen<p>You can also add specific users in the <strong>Select Users </strong>tab. By default, the administrator is allowed. You can add other users by clicking <strong>Select Users/ </strong>Click <strong>Add/ </strong>insert a username and click OK.</p>Remote Desktop username to allow – administrators already have access.<p>You can now verify that RDP is enabled and you can see that the status went from <strong>Disabled</strong> to <strong>Enabled</strong>.</p>Confirm<h2 id='windows-server-2012-r2-download-iso'>Windows Server 2012 R2 Download Iso</h2><p>Also make sure Firewall rules has been updated to allow incoming traffic – easiest way for testing is to disable firewall completely from control panel :</p><p>Go to <strong>Control Panel</strong> -> <strong>System and Security</strong> -> <strong>Windows Firewal</strong>l</p><p>Click on the left sidebar the link:</p><p><strong>Turn Windows Firewall on or off</strong></p><p>and then select for each level to turn it on or off.</p><p>The last thing I want to to say, either you are getting dirty hands on linux or windows, do not turn off firewall. You can disable it for a while or for testing purposes, but if you want to stay secure ( as secure as you can ) do not turn it off.</p><p>Note: It’s recommended to add firewall rules to allow traffic as needed rather than disabling it however for quick test that would be easier – to accomplish this :</p><p>Enable the rule that permits access through the Windows Firewall.</p><p>1. Search for Firewall and open “Windows Firewall and Advanced Security”.</p><p>2. Find the rule “Remote Desktop – User Mode TCP-in” and <strong>ENABLE Rule</strong></p><p>Congratulations! You have just Enabled RDP in Windows Server 2012. Thank you for following along in this How-To and check back with us for any new updates.</p><p>We are constantly adding new apps as they are demanded by our users to insure a smooth and easy integration that would lead to a better overall user’s experience .</p><h2 id='windows-server-2012-remote-desktop-services'>Windows Server 2012 Remote Desktop Services</h2><img src='https://www.vkernel.ro/blog/wp-content/uploads/2016/10/Install_Certificates_in_2012_Remote_Desktop_Services-17.gif' alt='Windows Server 2012 R2 Remote Desktop Services' title='Windows Server 2012 R2 Remote Desktop Services' /><h2 id='windows-server-remote-desktop-licensing'>Windows Server Remote Desktop Licensing</h2><p>Try any of these one click Apps free for one full month today!</p><br><br><a href='https://netlify.mix-goapp.com/the-bard-tale-for-mac.html#LRM=VAJHSwFUDQYDEAdRBwNXV1kMUw1IRl1eVAkTRE9GAxZGVkMSUAJVUUoXAU9FVg9fQQFPUQFCX0RfFk9EAUcQDVNWQhVTA1VPUUlDFlhUEFFYTwlUBxoFHBxTSgVUB1dIBR8DFQdcSTYySQRUBR0MVUEIDVMdH1VAQEpIQwFNEhcVAFAcUVM3' target='_blank'><img src='https://cdn-ak.f.st-hatena.com/images/fotolife/r/ruriatunifoefec/20200910/20200910011337.png' style='cursor:pointer;display:block;margin-left:auto;margin-right:auto;'></a><br><br></p>
				
		<div class="clear"></div>
				
		
								
		
	</div>
	
		
<div id="comments">
		 
				
			<span class="comments-off">Coments are closed</span>
		
		
		
</div>		
	
</div>					
					<div class="navigation">
							<span class="nav-previous"><a href='/shazam-music-app'>Shazam Music App</a></span>
							<span class="nav-next"><a href='/iterm-cheat-sheet'>Iterm Cheat Sheet</a></span>
					</div>
						
			
				
			</div>
			
<div id="sidebar">
	<div id="search-3" class="widget"><form role="search" method="get" id="searchform" action="#" >
    <div>
    <input type="text" value="" name="s" id="s" />
    <input type="submit" id="searchsubmit" value="Search" />
    </div>
    </form></div>		<div id="recent-posts-5" class="widget">		<h2>MOST POPULAR ARTICLES</h2>		<ul>
					<li><a href='/microsoft-store-cisco-anyconnect'>: Microsoft Store Cisco Anyconnect</a></li>
<li><a href='/how-to-clear-memory-on-mac'>: How To Clear Memory On Mac</a></li>
<li><a href='/mail-letter-box'>: Mail Letter Box</a></li>
<li><a href='/ireador'>: IReador</a></li>
<li><a href='/winamp-visualizations-2020'>: Winamp Visualizations 2020</a></li>
<li><a href='/opendns-updater'>: OpenDNS Updater</a></li>
<li><a href='/jcb-forklift-for-sale'>: Jcb Forklift For Sale</a></li>
<li><a href='/pixa'>: Pixa</a></li>
<li><a href='/1password-6-download'>: 1password 6 Download</a></li>
				</ul>
		</div>					
	
</div>	
<div class="clear"></div>			
	
		</div>
		
		<div class="clear"></div>		
		
		<div id="footer">
		
				
		
			<div class="footer-inner">
				<span class="footcreditleft">© 2021 - Foxski76</span>
				<span class="footcreditright"> 
</span>
				<div class="clear"></div>
			</div>	
		</div>
	
	
	</div>
	
	<a href="#" class="scrollup">Scroll to top</a>			
	
	
</body>
</html>