From HTML5 RDP Client
Hello World,
In our previous post, we have discussed the RDS roles in Windows 2019 Server Preview edition and we have found out that some of the roles (the most important one actually) are not available anymore which make not possible (at the moment), to implement a full RDS 2019 Architecture. While looking and browsing the web and the Microsoft Documentations about RDS (remote Desktop services), we came across this link Set up the Remote Desktop web client for your users
Reading through the documentation page, it seems that in RDS 2016, a new RDP client is available. This new RDP client is not based on any ActiveX components but it’s a pure html 5 RDP client. This was a request or a wish submitted on this web site so time ago. It seems that this request went through…. Actually, it seems that the RemoteApp Azure html client has been integrated in the RDS 2016 solution
In this post, we will try to install it and see how it behave….We didn’t invent anything, all the necessary information can be found here. However, some information or guidance are not up to date anymore…
Let’s do this …
RDWeb Client Requirements and Installation
Overview
The Remote Desktop web client (also called RDP HTML5 Client) basically allows you to access the Remote Desktop infrastructure through a compatible web browser. Some people might say : wait a minute, in previous version, we are also accessing RDS infrastructure through a web interface via the RD Web Access role, right?. So, what’s different ? This is correct. However, the previous RDS version needed Internet explorer and an activeX to have a seamless experience. The Internet explorer is calling the RDP client installed on your Windows machine.
The RDWeb client does not need any ActiveX or any RDP client installed on the machine. A compatible browser is what you need. This means that you can connect to remote Desktop sessions through other browsers like Edge,Firefox,Chrome, and from different platform windows or linux as you do not need a dedicated rdp client…
Our Setup
We have performed a quick installation RDS scenario on a single server where the RD GW, Connection Broker and RD Web access are installed on a single computer
Notice also that we have generated self-signed certificates for the RDS server roles for testing purposes. As long as these certificates are trusted within your organization, you should be able to test the RD Web client solution
Requirements
To be able to test and install the RDWeb client, you will need to ensure that the following requirements are met
- your RDS Architecture must have the RD Gateway,RD connection broker and RD Web Roles installed on a Windows Server 2016
- Ensure that the licensing mode is set per-user and not per-device
- Clients connecting to your RDS infrastructure needs to be Windows 7 SP or later or Windows 2008 R2 or later
- Public certificates should be configured on RD Gateway and RD Web Server (Preferred). Self signed certificate can be used in a lab or internal environment.
Note:
The documentation also mention to install the Windows 10 KB4025334 update on the RD Gateway. If your system is patched on a regular base, when trying to install this patch, you might get an error stating that this update is not applicable for your system. If this is the case, simply do not install the patch and proceed with the instructions
Update the PowerShellGet module
The RDWeb Client will be installed on the RDS Server that has the RD Web Access Server role installed. To obtain and install the RDWeb Client package, perform the following actions :
-
On the RDWeb Access server, open the powershell command line (as an administrator) and type the following command
Register-PsRepository -Default Install-Module -Name PowerShellGet -Force -
You might get prompted to confirm your selection. press yes and wait for the installation to be completed.
? When done, close and open again the PowerShell console with elevated rights
Download and Install the RDWeb client package
To perform the installation, in the PowerShell windows (run as administrator), execute the following commands
Install-Module -Name RDWebClientManagement
Confirm your selection; accept the license and wait for completion.
?Then execute the following command still in powershell
Install-RDWebClientPackage
You will see a warning about licensing mode. Ignore it if you have already configured your system accordingly… This is just a reminder
Finally, you will need to import the certificates of the RD Connection broker into the RDWeb Access Server by executing the following command
Import-RDWebClientBrokerCert <%Location of the certificate file (.cer format)%>
Quick Note
To obtain the certificate, perform the following actions on the RD Connection broker server
- From an elevated command prompt, type mmc.exe
- In the mmc console, on the top menu, select file> add/remove snapins
- In the Add/Remove Snapins dialog box, select on the left side, Certificates option and click on the add> button
- In the certificates Snap-in select the Computer account option and Press Finish
- Press OK in the Add/Remove Snapins Windows
- In the mmc, navigate to Certificates > Personal > Certificates
- Select the correct certificate, right click on it and select All Tasks > export
- Follow the Wizard and be sure to save the file with the .cer extension
Finally, it’s time to publish the RD Web Client and you do this by executing the following command
Publish-RDWebClientPackage -Type Production -Latest
Your installation is completed and now it’s time to test it….
Accessing the RDWeb client Page and test it
To use the normal web interface of the RDWeb access server role (the one with the ActiveX component), you would open your browser and type the following (if no url redirection has been set)
https://FQDN of the RDWeb Server/RDweb
To use the RDWeb client page, you will need to use the following url
https://FQDN of the RDWeb Server/RDWeb/Pages/webclient
At this stage, you will reach the familar RD Web access login page
?After providing the credentials, you will see the new RD Web Client interface
?If you click on one of the published applications, you will get a first popup showing up asking you about printing and clipboard options. Select your options and press next
?then you will be asked for user name and password
?So, there is not real SSO capabilities here. You have to login to the interface and then when you start an application for the first time, you will be prompted again for a password. This will happens only when you start the first application. If you try to open another application just after the first one already running, you will not get prompted for the password
At this stage, you should access the remote desktop session within your browser and you should see which applications are available to you
If you RDS collection is configured to allow only Remote Desktop session, you can also have full Desktop access through the Web Browser…..
?For fun, we have tried to access the RD Web Access server using the new RDWeb client from a Linux machine using Firefox browser and no RDP client installed on it. The results are actually quite good and Linux users can now have access to Microsoft applications through the Remote Desktop solution… Look pretty good ….
Final Notes
Keep in mind that this RDWeb client is a preview version and not final. That means that maybe new features would be made available.
So far we have performed a really basic test about this new option in the RDS 2016 Architecture solution. We have to perform more testing in order to see if this could be a valid option to be deployed organization wide or should we be keeping a the standard approach with the ActiveX component. We think that in the near feature it will be a mix of both solutions. Web client would be great for Linux users and people using browsers other than Internet explorer.
The RDWeb client is missing some features or we might need to get used to a new way of working. For example, the web client does not provide (yet?) the drive redirection. This might be by design in order to avoid data leakage. Printing feature is also changed apparently. There is no need to redirect to a printer. The Web Client will generate a pdf file that can be printed directly from the client machine…(data leakage issue ?). The RemoteApp concept is a little bit different now. Yes, with RDWeb client, it’s possible to publish applications through a browser but the seamless feature is gone. Some organizations are really using this seamless feature as a way to make application look like installed locally.
We think that RDWeb client is a step in the good direction because there is no more dependencies on Internet Explorer and ActiveX components. On the other hand, using only the RD web client will definitly redefine the way we used to work with RDS solution
Till next time
See ya
