Friday, January 12, 2018

HTML5 client for Microsoft Remote Desktop Services 2016: Remote Desktop Web Client

Everyone will be familiar with the Remote Desktop client called MSTSC. Since a few years, Microsoft also has a Remote Desktop client for other platforms like iOS, Mac OS X and Android, available for download from the App Store, the Mac App Store, and the Google Play Store.

As a next step, Microsoft now also has a web client based on HTML5 (currently into preview), called the RD Web Client. This blog post runs through the setup, based on the early preview that I tested. The Remote Desktop Web Client is installed as an extension of the RD Web Access role.

Requirements

The requirements for the Web Client are as follows;

· RD deployment with Gateway, Broker and WebAccess roles all running Server 2016 Operating System. The endpoints (RDSH or Windows Client SKUs) can be running any Windows Operating System starting from Windows 7 SP1 / Windows Server 2008 R2. The client performance will however be better when connecting to Windows Server 2016 or Windows 10 Anniversary Edition or later.

· The RD deployment should NOT be configured to use per-device license.

· The Server 2016 machine hosting RD Gateway role must have this update installed - https://support.microsoft.com/en-us/help/4025334/windows-10-update-kb4025334

· The Gateway and WebAccess roles should be using public trusted certificates

· The client should work on most HTML5 capable browsers and has official support for Edge, IE11, Google Chrome, Firefox and Safari. Mobile devices are not supported.

Installation

By the time the client releases, new PowerShell CmdLets will be available to deploy, manage and configure the client. Based on the current beta, here’s an example of what these cmdlets might look.

We open an Administrative PowerShell console and run the following commands:

Import-Module ($Env:ProgramFiles + "\rd-html5-manage\RDWebClientManagement")
Install-RDWebClientPackage

clip_image002

Next, we copy the certificate used by the RD Web Access role. Optionally export it first, and make sure to include the private key. Then run the following commands in the PowerShell Admin console.

Import-RDWebClientBrokerCert <cer file>
Publish-RDWebClientPackage -Production -Latest

clip_image004

Easy as that! HTML5 support is now added to the RD Web Access role!

Note, in the beta release the Import-RDWebClientBrokerCert currently does not accept password protected pfx files. Make sure you export the certificate using the security principal option as shown below.

clip_image006

Testing

To test the HTML5 web client, open a browser (currently Edge, IE 11, Google Chrome browsers are all officially supported) and browse to https://<publicdomain>/RDWeb/Pages/webclient. For example, in my case I tested an Azure IaaS setup with 2 RD Web Access servers behind an Azure Load balancer. I created a public DNS record for rds.rdsgurus.com and pointed that to the public IP of the Azure Load Balancer. I then browsed to https://rds.rdsgurus.com/RDWeb/Pages/webclient.

At first you will see the regular RD Web Access login screen and you login with a test account as you normally would too.

clip_image008

After logging in you will see the following screen, this is the HTML5 web client containing the 4 sample RemoteApps I published in the RDS deployment.

clip_image010

If you click on one of the RemoteApps an RDP session will be launched. Note that currently you will get an additional prompt for the first RemoteApp as there is no full Single Sign On yet.

clip_image012

Since this was the first RemoteApp, the RDS session will now process the logon.clip_image014

And shortly after, the RemoteApp is now available within the browser.clip_image016

From this point, you can navigate to the bar on the left-hand side and switch between applications and launch new application. All RemoteApps are available within the same screen to allow to work with multiple application easily.

clip_image018

The RD Web Client also allows you to copy-paste between your local machine. It is however currently limited to text only.

clip_image020

There is also support for Remote Audio.
clip_image022

For further management, the RDWebClientManagement PowerShell module beta version also comes with a few other Cmdlets to retrieve the package information, certificate and to uninstall the package. Note that these Cmdlets might slightly change once the PowerShell module reaches general availability.

clip_image024

If you want all users to be redirected to the Web Client instead of the traditional RD Web Access page, you can run the following command on the RD Web Access Server

Set-WebConfiguration system.webServer/httpRedirect "IIS:\sites\Default Web Site" -Value @{enabled="true";destination="https://<domainname>/rdweb/pages/webclient";exactDestination="false";httpResponseStatus="Permanent";childOnly="true"};

Or change the same value using IIS Manager:

clip_image026

The RD Web Client also comes with printing support. A virtual printer called “Microsoft Print to PDF” is available in the user’s session. Don’t be confused by the postfix “redirected 3”. This is not a redirected printer, the name will most likely change so that it is clear that it’s a virtual printer. By virtual printer we mean that the printing to this printer will result in a .pdf file that is transported and opened on the local client. From that local client it can then be printed to any locally available printer.

clip_image028

I’m able to print to this redirected printer

clip_image030

Which results in the pdf being locally available

clip_image032

And in this case, I opened it in my local browser to then print to a locally available printer.

clip_image034

This concludes a first walkthrough of the RD Web Client that is coming up, based on the current preview version. I will share more details on this new client as they come in. If you are currently using RDS in a production environment and would like to test drive the RD Web Client functionality. Feel free to reach out to me so that I can help to get onboarded on the preview.