Friday, February 15, 2013

Server 2012 Hyper-V + RDP + RemoteFX = a Delicious "Sangwich" of Cheap VDI

Oh man. Microsoft has done well on this; VDI/RDP/HyperV/RemoteFX have come together very nicely in 2012. The incremental improvements over the last 4 or so years to RDP, Hyper-V, and RemoteFX have made a great platform for cost effective VDI. This article will outline setting this entire environment up on one Server 2012 Datacenter box, but this could be scaled to as many machines as you need. (Add VMM for management in a large deployment) In this article I'll be walking through a basic setup of a Hyper-V Virtualization Host, Connection Broker, Web Access, a pool, the whole 9.

Assumptions:
  • You have at least one 2012 Hyper-V host setup.
  • You've got at least one 2012 server ready to go as the other roles. This can be a VM. 
  • You've got a sangwich. You'll need one, this is a bit of a lengthy install. 
Starting in seemingly reverse order will make this while thing easier; you'll see why.

Create an Template/Image to use For VDI

BTW, more template info here.
  1. Create a Virtual Desktop template by making a new VM with (generally) default settings. Insert the ISO and install the OS and make sure your product key is applicable to be in a your target VDI environment  (i.e. MAK with a SA or KMS as applicable) 
  2. After installing the OS, execute sysprep or something similar. On windows 8, that will be located under %SystemRoot%\system32\sysprep\sysprep.exe. Make sure you generalize and restore to OOB Experience; select shutdown when complete. 

Install Remote Desktop Services Components

  1. Prior to starting the RDS installation, you need to add all servers involved in your deployment to server manager to enable them as options during deployment. To do so, click "Add Servers To Manage" from the start screen of server manager and add any servers that will be part of the setup. (Hyper-V host, RDS Connection Broker, Session Host, etc.) 
  2. After adding the server(s) in question, start the RDS deployment by clicking "Manage->Add Roles and Features" from within server manager. 
  3. Proceed to the "Installation Type" and select "Remote Desktop Services installation" and click "Next".  
  4. On "Deployment Type" select "Standard deployment" and click "Next". Unless you've been through this before, I don't recommend Quick Start as it skips some things you should know. 
  5. On "Deployment Scenario" we'll be going through "Virtual machine-based desktop deployment". Select it and click "Next". Note that both options here have their uses, we're just covering VDI because it's a newer option. For more information on the differences, see this blog post by Yung Chou. 
  6. Based on our choices, it should notify you that RD Connection Broker, RD Web Access, and RD Virtualization Host will be installed. Review and click "Next". 
  7. You will be prompted to select a machine from your pool to host the RD Connection Broker role. Select the host(s) you would like for this role, move them to the right plane, and then click "Next". The Connection Broker distributes load across multiple hosts (if applicable) and maintains session information to ensure users are directed to the proper session or virtual desktop. For more information, see this TechNet article. This role can be hosted by a virtual machine. 
  8. Now you'll be prompted to select the RD Web Access server. In smaller deployments it is very common to place this on the same server as the RD Connection Broker. In larger environments you'll need to take external connection needs and security into account. Either click "Install the RD Web Access role service on the RD Connection Broker server" or select the server(s) you do want and click "Next". This role can also be hosted by a virtual machine. 
  9. Time to select virtualization host(s). This role cannot be hosted by a virtual machine for obvious reasons. Select the machne(s), move them over, and click "Next". 
  10. You'll be presented with the confirmation screen; review the information and click "Deploy" to create the whole setup. 
  11. The progress of each role installation will be displayed; do not be suprised if this takes some time. 

Setup a VDI Collection

  1. In server manager, click "Remote Desktop Services" and then click "3> Create Virtual Desktop Collections
  2. Click "Next" to bypass the before you begin section and then give your collection an appropriate name and click "Next" again. 
  3. Select the type of collection you want, Pooled virtual desktops or Personal virtual desktops. There is a lot that goes into this decision, but as a rule of thumb you can think of it like this: Pooled virtual desktops = many (users) to one relationship and Personal virtual desktops=one to one relationship. For my lab I'll be doing Personal virtual desktops, so please note that the options listed after this may be slightly different should you want Pooled. Unless you know you want otherwise leave "Automatically create and manage virtual desktops" checked and click "Next".
  4. When prompted with "Virtual Desktop Template" select the template we created in the first step and click "Next". 
  5. (This step unnecessary for pooled desktops) In most cases, you'll want to leave "Enable automatic user assignment" selected because that will give the requesting user access to a newly provisioned VD. If you desire, select "Add the user account to the local administrators group on the virtual desktop" and click "Next". 
  6. For "Virtual Desktop Settings" you should provide your Sysprep answer file; this will contain all the provisioning settings for your company. Since this is a lab setup in my case, I'll be selecting "Provide unattended installation settings". Click "Next".
  7. You need to know where you want to place automatically created VDI objects in Active Directory. After making that determination you'll need to paste in the path to the OU. Then, we'll need to generate a powershell script and execute it on a machine that has the Active Directory management tools installed on it. First things first, navigate to a machine with the Active Directory management tools installed and logon as an account with appropriate domain privs. On that machine:
  8. Open Active Directory Administrative Center and navigate to where you would like the VDI machines go to; create the OU if necessary and double click to go into it. Select the navigation plane (next to the arrow keys on the top) and it will give the DN. Copy and paste this DN to specify in setup. 
  9. Switch back to the RDS server. Set the time zone and then select "Specify the distinguished name of the organizational unit" and paste in our DN from the other server; DO NOT click Next yet. 
  10. After pasting the DN in, click the "Generate script" at the bottom of the window and copy all the contents of the script.
  11. Switch back to the AD server and open notepad. Copy the script into notepad and save it to a temporary location, i.e. C:\temp\Grant-RDSRights.ps1.
  12. (Still on AD server) Open Powershell as an administrator. If needed, execute "Set-ExecutionPolicy unrestricted" to allow script execution. 
  13. (Still on AD server) Execute the script you just saved. If your rights are correct you will get a success message. 
  14. Switch back to the RDS server and click "Next". If it doesn't work you may need to wait for the permissions to replicate. BUG WARNING: Ensure you do not have any "." characters in your DN. (I.E. in you OU names) If you do, this will not work. You will get the message "The RD Connection Broker server does not have access to add the virtual desktops to the Active Directory domain. Configure access by using the Active Directory page of Deployment Properties." despite the fact that permissions are in fact correct. (I wish I could bill someone for time wasted figuring that out) 
  15. Select the Active Directory Group, # of initial virtual desktops, the machine prefix, and the machine suffix. I recommend making one AD group per collection to accurately track who has access to what. As for a machine prefix/suffix, pick something that will work for your organization. I use VDI- for a prefix. Click "Next". 
  16. The "Virtual Desktop Allocation" screen will come up and allow you to distribute your VDI machines across multiple hosts if desired. Distribute accordingly and click "Next". 
  17. For "Virtual Desktop Storage" select what type of storage you would like to utilize for these VDI machines. You have all your standard options here, including Cluster Shared Volumes. For more on CSVs, check this out. Select your desired disk location and hit "Next". 
  18. The confirmation screen will come up; use this to review your settings and click "Create". 
  19. This may take awhile depending on your disk configuration and it may even report to the window that it's not responding. Don't worry, it'll complete eventually. 
That does it! You've now got your stable of virtual machines ready to dole out to deserving employees. If you're particularly astute you will be able to convince management that there is a monthly cost for each desktop payable to your bank account.

Managing Your Collection

Adding a Desktop

  1. Open Server Manager either on the RDS server or a machine with that server registered in its server manager. 
  2. Click "Remote Desktop Services"
  3. Under "Collections", click your collection name. 
  4. Under "Virtual Desktops" on the right, click "Tasks->Add Virtual Desktop"
  5. Specify how many virtual desktops you would like to add. 
  6. Specify on which server you would like to add them.
  7. Click "Create"
  8. You will be notified when the creation request is complete. 

Assigning a Desktop

  1. Open Server Manager either on the RDS server or a machine with that server registered in its server manager. 
  2. Click "Remote Desktop Services"
  3. Under "Collections", click your collection name. 
  4. Right click on the VDI machine you would to assign and select "Assign Virtual Desktop". 
  5. Specify a user to assign to and click "Assign". Note this user must be in the group you specified as the user group for this collection above. 

Configuring Licensing


This is a topic for a whole other article, but for now have a look a this Technet article and this one as well. 

Accessing Your Collection

There is enough here for another article, but to get you started: 

  1. Using IE (preferably) navigate to https://your.rdweb.server/RDWeb 
  2. You'll probably get a cert warning; you can fix that later by installing the proper web cert on your IIS server. 
  3. Log in with your assigned user and double click on the collection you created. 
  4. Enjoy your fresh install of Dos 5.0. (I'm assuming that's what you are using) 
Next up, RemoteFX. Update: RemoteFX Article here.

6 comments:

Unknown said...

dear Toby

is thera way to to create a Pooled VDI infrastructure using Win server 2012 as VM image?

I have followed the "usual" way to build a pooled VDI desktop using Win7 or Win8 with success, but it fails when I use an image of Win Server 2012 as VM instead.

Am I overlooking something? Should I need to prepare the image in a different way? (Sysprep differently?)

Thanks evalverde at mac.com

Toby Meyer said...

Hi @Eduardo!

I haven't used 2012 server as a VM myself, but I can't think of any reason it shouldn't work. Sysprep works the same on 2012/8 and on 2012r2/8.1, so no changes should be needed. If you have any snapshots of the image you may want to try merging them in; I've had issues with that in the past. Also make sure the machine image is fully shut down before trying to use. If those don't help let's get to the bottom of it...what is the error? You should be able to fine more information under Event Log->Applications and Services Logs->Microsoft->TerminalServices-SessionBroker and potentially the RemoteDesktopServices-RdpCoreTS and Application logs. If there doesn't seem to be much good info there, this thread has instructions on how to turn on debug logging.

Anonymous said...

Hello itToby,

Quote:
BUG WARNING: Ensure you do not have any "." characters in your DN. (I.E. in you OU names) If you do, this will not work. You will get the message "The RD Connection Broker server does not have access to add the virtual desktops to the Active Directory domain. Configure access by using the Active Directory page of Deployment Properties." despite the fact that permissions are in fact correct. (I wish I could bill someone for time wasted figuring that out)

=============This is work for me,and save lots of time.Specifical thanks for you.Thanks!

Toby Meyer said...

@Will z:

I'm glad it helped you out; that's one of the main reasons I write. :) Thanks for letting me know!

DaBomb said...
This comment has been removed by the author.
DaBomb said...

Hi Toby,

Thanks for this great article, I'm attempting to deploy a pool and am getting the stupid error that you pointed out in your BUG WARNING. I initially had a "_" in my OU name, I removed any characters including spaces, and still getting the same error and am stumped :/... Any advice here?

"The RD Connection Broker server does not have access to add the virtual desktops to the Active Directory domain. Configure access by using the Active Directory page of Deployment Properties."