(Post courtesy Partner Solution Consultant Michael Biver)
I recently saw the posting “Remote Desktop Services are now allowed on Windows Azure” discussing our licensing changes allowing RDS scenarios on Azure and wanted to stand up a POC to see how easy it was to configure. I’ve already got my MSDN subscription set up on Azure and just needed a good reason like this to do some configuring. To get started, I figured I better lay down the infrastructure first, so I found a nice little article on how to on create my first virtual network.
Create a Virtual Network in Windows Azure following the steps from http://www.windowsazure.com/en-us/manage/services/networking/create-a-virtual-network/
After following the instructions in the article, I entered in the name and region, then created an affinity group for my resources.
On the next page I left the DNS settings blank since I didn’t really have a DC yet. I didn’t need that many addresses for just a POC so I carved out 11 and 14 using the CIDR dropdown and hit the check mark to create it.
Now that I had my network all up and running I needed to lay down my Domain controller, since the RDS deployment won’t be able to use the Azure Directory services all by itself. The RDS deployment is pretty much the same in Azure as it is on premise and that means the machines will need to be domain joined. At the bottom of the creating a network walkthrough article I noticed a handy little link to install Active Directory so I went ahead and took a look.
Install a new Active Directory forest in Windows Azure
The first steps I’d already done so I went ahead and started in on creating my first VM. I created my storage account and assigned it to the affinity group I’d created earlier.
I then downloaded Windows Azure PowerShell from here http://go.microsoft.com/fwlink/p/?LinkID=320376
After installing it, I opened an Elevated Azure PowerShell session and executed the command to allow Remote Signed scripts.
I then imported the azure module per the instructions and executed the command to get my Publishing File. An IE window popped up and since I was already signed into my Azure Portal it prompted me right away to save the file. I saved it directly to the c:\ drive for ease of typing.
I noticed that their scenario included creating a VM based on 2008 R2 but I wanted Server 2012 so I ran the following commands in order to find the correct file name for the 2012 build.
First, I synced my subscription:
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"
Import-AzurePublishSettingsFile ‘C:\Windows Azure MSDN - Visual Studio Ultimate-9-20-2013-credentials.publishsettings’
Set-AzureSubscription -SubscriptionName "Windows Azure MSDN - Visual Studio Ultimate" -CurrentStorageAccount bivazurestore
Select-AzureSubscription -SubscriptionName "Windows Azure MSDN - Visual Studio Ultimate"
Then I ran the Get-Azurevmimage command and piped it to a file for easy searching
I was able to find the 2012 build with ctrl-F. The image name was “a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-Datacenter-201307.01-en.us-127GB.vhd” (this may change so double check by running the commands) and I simply brought that into the script they provided along with my other specific resources and ran the following:
#Deploy the Domain Controller in a virtual network
#Specify my DC's DNS IP (127.0.0.1) The Name parameter is a friendly name, not necessarily a DNS resolvable name, and the IPAddress parameter is the IP address of the DNS server
$myDNS = New-AzureDNS -Name 'myDNS' -IPAddress '127.0.0.1'
$vmname = 'BIV-RDSDC'
# OS Image to Use
$image = 'a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-Datacenter-201307.01-en.us-127GB.vhd'
$service = 'bivdcservice'
$AG = 'rdsazurelab'
$vnet = 'rdsazurenet'
$MyDC = New-AzureVMConfig -name $vmname -InstanceSize 'Small' -ImageName $image |
Add-AzureProvisioningConfig –adminusername ‘Michael’ -Windows -Password 'Pass@w0rd1' |
Set-AzureSubnet -SubnetNames 'Subnet-1'
New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyDC -DnsSettings $myDNS -VNetName $vnet
After the commands above executed, I refreshed the page out on my Azure portal and found everything in the process of being provisioned. Once the machine was started I connected to it and pretty much followed the rest of the article on setting up the DC with the exception, of course, that mine was a 2012 machine.
In order to create additional machines, I then ran the following script 3 more times. I created one VM that would host the infrastructure roles of RD Gateway, RD Web Access, RD Licensing, and the RD Connection Broker.
The other 2 machines I created to host the Session Host Role, one for a full session and one for RemoteApp only.
#Ran this script to create another vm and then add it to domain--if you need more vm's, just change the names of the VM and service
Import-AzurePublishSettingsFile 'C:\Windows Azure MSDN - Visual Studio Ultimate-9-20-2013-credentials.publishsettings'
#Deploy a new VM and join it to the domain
#Specify my DC's DNS IP (10.4.3.1) The Name parameter is a friendly name, not necessarily a DNS resolvable name, and the IPAddress parameter is the IP address of the DNS server
$myDNS = New-AzureDNS -Name 'BIV-RDSDC' -IPAddress '10.0.0.4'
$service = 'bivrdhost02'
$pwd = 'Pass@w0rd1'
$size = 'Small'
$vmname = 'biv-rdhost02'
$MyVM1 = New-AzureVMConfig -name $vmname -InstanceSize $size -ImageName $image | Add-AzureProvisioningConfig -adminusername 'Michael' -WindowsDomain -Password $pwd -Domain 'bivercloud' -DomainPassword 'Pass@w0rd1' -DomainUserName 'Michael' -JoinDomain 'bivercloud.com'|Set-AzureSubnet -SubnetNames 'Subnet-1'
New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyVM1 -DnsSettings $myDNS -VNetName $vnet
In order to access my farm securely from anywhere I added an endpoint to the RD gateway VM for public access
a. In the management portal, select the virtual machine, and click the ENDPOINT tab.
b. On the bottom of the screen, click Add Endpoint.
c. Add an endpoint for the RD Gateway port and RD Web Access port if used. (Port 443 by default.)
I use a domain name other than the provided cloudapp.net DNS name, so I created a CNAME record with my public DNS provider to map my custom domain name to the public name of my Gateway VM, which you can find in the dashboard view of the virtual machine.
I logged into all the machines and they were joined to my domain as expected. On the Server manager dashboard of my RD-Gateway server I added all the servers to the management console so I could manage them remotely.
I enabled PowerShell Remoting on them all by using the command “Enable-PSRemoting –force” from an elevated PowerShell window.
From the server manager console on my RD Gateway server I stepped through a Standard RDS Deployment making sure to designate the Connection Broker and Web Access roles on the Gateway server and the Session Host Roles only on the other 2 machines.
Step 1: Click on "Add roles and features (button)" in "Server Manager"
Step 2: Click on "Next > (button)" in "Add Roles and Features Wizard"
Step 3: Click on "Remote Desktop Services installation (radio button)" in "Add Roles and Features Wizard" Step 4: Click on "Next " in "Add Roles and Features Wizard" Step 5: Click on "Next" in "Add Roles and Features Wizard" Step 6: Click on "Session-based desktop deployment (radio button)" in "Add Roles and Features Wizard" Step 7/8: Click on "Next" in "Add Roles and Features Wizard" (twice) Step 9: Add the server you’d like as your Connection Broker
Step 10: Click on "Next " in "Add Roles and Features Wizard" Step 11: Click on "Install the RD Web Access role service on the RD Connection Broker server (check box)" in "Add Roles and Features Wizard" Step 12: Click on "Next" in "Add Roles and Features Wizard" Step 13: Select the servers you’d like to add as Session Hosts and click on "Add Selected Computers (button)" in "Add Roles and Features Wizard"
Step 14: Click on "Next" in "Add Roles and Features Wizard" Step 15: Click on "Restart the destination server automatically if required " in "Add Roles and Features Wizard" Step 16: Click on "Deploy " in "Add Roles and Features Wizard" Step 17: Click close "Add Roles and Features Wizard"
In Part 2 of this post, we will walk through adding the Gateway and License Server, configuring RDS Certificates, creating security groups, session collections, and connecting to the Remote Desktop web page.
I've confirmed there's an error that's all of a sudden popped up when creating the domain joined PC's with the PowerShell script provided. It's something like this "New-AzureVM : Missing type map configuration or unsupported mapping." The temporary workaround until it's resolved would be to use the first script to create additional machines and then rename/domain join them manually. I'll update the post if the error get's resolved. Thanks!
Looks like the error was a known issue and has been fixed with the newest PowerShell commands. You can download them here. go.microsoft.com