Publish Remote Desktop RemoteApp

Do you have an RDGateway set up?

Those would be the best options either RDGateway or VPN.

I can use our Sonicwall VPN but then would I just use the remote desktop or can they run the VPN then open the app directly from their laptop?

1. Setup your RD session host server.
2. Create a rdp file for the remote app and provide to the user
   
3. User should have no issue launching the rdp from within your organization, or can connect the SonicWALL VPN and then launch if off-site.
   

I think step 2 is where I'm lost. How would I create an rdp file for the app only? I'm sure it's easy but haven't done it this way before.

paul6004 wrote:

can they run the VPN then open the app directly from their laptop?

They should be able to yes.

paul6004 wrote:

I think step 2 is where I'm lost. How would I create an rdp file for the app only? I'm sure it's easy but haven't done it this way before.

RDP files are just notepad files with a .rdp extension.

For example here is one of my Apps

Text

The OMS app is already published, I'm just not sure how to make the RDP for the app only. That's where I'm stuck

The other option is RDWeb. If you publish your Apps to RDWeb it should generate your RDP files for you on the web portal.

You can download the .rdp files from RDWeb with Chrome.

This one might help a bit more than the previous one I posted.  Sorry about that.

Distribution of Remote Apps and desktops in Windows Server 2012

So I tried to browser on the RDS server "//127.0.0.1/RDWeb/Feed/webfeed.aspx" and when I login, it downloads a webfeedlogin.aspx file but I don't see any published apps.

paul6004 wrote:

So I tried to browser on the RDS server "//127.0.0.1/RDWeb/Feed/webfeed.aspx" and when I login, it downloads a webfeedlogin.aspx file but I don't see any published apps.

Try //localhost/rdweb

You should have to log in and you should see the apps available to you.

Bingo that was it! Thanks Justin. Once I logged into //localhost/rdweb I could see the app that's published and it downloaded the RDP file. Not sure how I would have found that.

Spice [1] flagReport

Where did you read that these options are mutually exclusive? That is not correct.

Yes you can run WebApps and session based desktops from one deployment. You can also control the permissions for each separately.

Justin1250 wrote:

Where did you read that these options are mutually exclusive? That is not correct.

Yes you can run WebApps and session based desktops from one deployment. You can also control the permissions for each separately.

Can you advise how to do that on Windows Server 2019?
When I setup rds last time I needed to apply a hack to get them both working. By default, you can only publish one collection and choose one of the two modes. Publishing a remote app removes the full desktop mode.

Trick I used was to setup a remote app collection. Copy the registry settings. Unpublish the remote app and setup collection as desktops, then add the registry keys to add the remote app into the collection.

Spice [2] flagReport

Justin1250 wrote:

Where did you read that these options are mutually exclusive? That is not correct.

Yes you can run WebApps and session based desktops from one deployment. You can also control the permissions for each separately.

I'd like to see some references.

I was never able to deploy both, RemoteApps and Full Desktop within a single Collection.

Spice [1] flagReport

Justin1250 wrote:

Where did you read that these options are mutually exclusive? That is not correct.

Unless something recently changed, yes it is correct.

I must be mistaken about what we are talking about here.

I have an RDS deployment that the same collection hosts both session-based desktops as well as remote-apps.

Connections to the remote app on the left and the session-based desktop connection is on the right. 

Also attached as it appears to have been super scaled down.

The only main difference is that the remote app configuration has the alternative shell configuration which removes the standard desktop experience and giving it the remote app feel. 

While the session based desktop connects directly to the RDCB giving the user the full session based experience. 

attach_file Attachment rdsdep1.jpg 469 KB

Justin1250 wrote:

I must be mistaken about what we are talking about here.

I have an RDS deployment that the same collection hosts both session-based desktops as well as remote-apps.

Connections to the remote app on the left and the session-based desktop connection is on the right. 

Also attached as it appears to have been super scaled down.

The only main difference is that the remote app configuration has the alternative shell configuration which removes the standard desktop experience and giving it the remote app feel. 

While the session based desktop connects directly to the RDCB giving the user the full session based experience. 

Interesting. When you create a collection, it is automatically created in Remote Desktop [full desktop experience] mode. As soon as you publish a program, the Collection mode is automatically switched to RemoteApp and you can't use both at the same time on the same collection. See screenshot attached [same on Server 2016 and 2019 and AFAIR on 2012R2 as well].

Looking at your screenshot, it appears that the RDP file on the left is for a published app, while the right one is for full RDP. It's really hard to spot the differences without the data that you masked off for valid reasons, obviously. Can you please share the details on how you generated the RDP file on the right [full desktop]?

Is it possible that you Created the collection in Remote Desktop mode, pulled the RDP from the Web portal, saved it, then started publishing RemoteApps [effectively changing the collection mode RemoteApp] and so ended up with RemoteApps and a saved RDP for full desktop? If this really works and the file signature of the Remote Desktop RDP file is still accepted, this is a super clever hack I must say. I'm very impatient to try it out right now!

Thanks.

Spice [1] flagReport

m@x wrote:

Justin1250 wrote:

I must be mistaken about what we are talking about here.

I have an RDS deployment that the same collection hosts both session-based desktops as well as remote-apps.

Connections to the remote app on the left and the session-based desktop connection is on the right. 

Also attached as it appears to have been super scaled down.

The only main difference is that the remote app configuration has the alternative shell configuration which removes the standard desktop experience and giving it the remote app feel. 

While the session based desktop connects directly to the RDCB giving the user the full session based experience. 

Interesting. When you create a collection, it is automatically created in Remote Desktop [full desktop experience] mode. As soon as you publish a program, the Collection mode is automatically switched to RemoteApp and you can't use both at the same time on the same collection. See screenshot attached [same on Server 2016 and 2019 and AFAIR on 2012R2 as well].

Looking at your screenshot, it appears that the RDP file on the left is for a published app, while the right one is for full RDP. It's really hard to spot the differences without the data that you masked off for valid reasons, obviously. Can you please share the details on how you generated the RDP file on the right [full desktop]?

Is it possible that you Created the collection in Remote Desktop mode, pulled the RDP from the Web portal, saved it, then started publishing RemoteApps [effectively changing the collection mode RemoteApp] and so ended up with RemoteApps and a saved RDP for full desktop? If this really works and the file signature of the Remote Desktop RDP file is still accepted, this is a super clever hack I must say. I'm very impatient to try it out right now!

Thanks.

So I run a 2012R2 Deployment. it looks like this:

All I have masked off is the actual server and domain name, which are pretty much just the FQDN of my RDCB. 

The Majority of the configuration here is just the RDP files. Which are text files with a .rdp extension. Which you can generate these yourself and not use RDWeb at all if you want.

These being the important entries for your RemoteApps:

Text

These designate the remote app that you have published in that box.

Another important entry:

Text

This designates the Session Collection and the load balance option of the RDCB

Other than that the files are very similar. One just points the RDP client to use the alternate shell that removes the full desktop. 

As for the signatures, anything you download off of RDWeb with a signature cannot be modified. That is the purpose of the signature. You can, however, remove the Signature and the sign scope entries and it will not prompt an error. 

You, however, may get an untrusted error/warning. 

To remedy this you would create the RDP file you want for your environment and then you can sign your RDP file with RDSign. Which will generate the signscope and the signature lines specific to the RDP file you create/modify. 

//docs.microsoft.com/en-us/windows-server/administration/windows-commands/rdpsign

WOW. THIS DOES WORK.

Unfortunately I cannot confirm if I am connecting via Connection Broker or directly to Session Host, since my deployment is all in one, so I end up remoted onto the same server. But I can use both of my RDP files that I just generated - one for full RDP and another for Calculator app!

Steps:

Create a Collection [myCollection] and add you session hosts to it.

Don't publish anything yet. While the collection is in the Remote Desktop mode, open Web Access portal, sign in and download the RDP file for full desktop experience. Last time I remember Internet Explorer wasn't displaying the RDP file for download, the "Connect" button was embedded in the page, so use Chrome.

Only then start publishing remote apps. The collection will switch to RemoteApp mode, but you'll have the full RDP fail saved!

I can't believe this hack works.

Justin1250​ please confirm that this is how you ended up with the full desktop RDP file as well?

Spice [1] flagReport

m@x wrote:

WOW. THIS DOES WORK.

Unfortunately I cannot confirm if I am connecting via Connection Broker or directly to Session Host, since my deployment is all in one, so I end up remoted onto the same server. But I can use both of my RDP files that I just generated - one for full RDP and another for Calculator app!

Steps:

Create a Collection [myCollection] and add you session hosts to it.

Don't publish anything yet. While the collection is in the Remote Desktop mode, open Web Access portal, sign in and download the RDP file for full desktop experience. Last time I remember Internet Explorer wasn't displaying the RDP file for download, the "Connect" button was embedded in the page, so use Chrome.

Only then start publishing remote apps. The collection will switch to RemoteApp mode, but you'll have the full RDP fail saved!

I can't believe this hack works.

Justin1250​ please confirm that this is how you ended up with the full desktop RDP file as well?

It is really not a hack just RDP file settings :] I wrote my own RDP files and signed them.

Here are a couple of good resources for all the settings that can go in an RDP file.

//docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/rdp-files

//www.donkz.nl/overview-rdp-file-settings/

If you have the loadbalance line in the RDP file it will connect to the RDCB and not to the session host. Without that line, in a multi-server environment you will get a redirection error usually. 

Justin1250 wrote:

It is really not a hack just RDP file settings :]

Here are a couple of good resources for all the settings that can go in an RDP file.

//docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/rdp-files

//www.donkz.nl/overview-rdp-file-settings/

If you have the loadbalance line in the RDP file it will connect to the RDCB and not to the session host. Without that line, in a multi-server environment you will get a redirection error usually. 

Yes but as per my knowledge you can't just alter the entries in the RDP file, otherwise the signature of the file will no longer match...no?

Ah, somehow I missed the part with signing the file by yourself. Interesting!

m@x wrote:

Ah, somehow I missed the part with signing the file by yourself. Interesting!

Downloading the from RDWeb works just as well.

Also, RDWeb is basically just IIS. You can customize it pretty heavily if you want. 

//msfreaks.wordpress.com/2013/12/29/step-by-step-customizing-rd-web-access-2012-r2/

Also whilst looking through my bookmarks I found another way to show the full desktop in remote app mode. 

//ryanmangansitblog.com/2014/01/04/publish-remote-desktop-session-in-a-remote-app-session-coll...

Justin1250 wrote:

I wrote my own RDP files and signed them.

Now I am just curious, if one can write and sign their own RDP files, what benefit does that Collection Mode/Resource window carry, if it's limiting us to one mode or the other via GUI, while letting us use both modes "under the hood" using some manual tweaking? :-/

Spice [1] flagReport

m@x wrote:

Justin1250 wrote:

I wrote my own RDP files and signed them.

Now I am just curious, if one can write and sign their own RDP files, what benefit does that Collection Mode/Resource window carry, if it's limiting us to one mode or the other via GUI, while letting us use both modes "under the hood" using some manual tweaking? :-/

I can understand that though. 

Users may not even know any better that their app runs on a different server or computer.  Hiding the full desktop experience by default when in Remote App mode would keep people from just clicking on stuff I would think. 

Spice [1] flagReport

Justin1250 wrote:

 Hiding the full desktop experience by default when in Remote App mode would keep people from just clicking on stuff I would think. 

It also keeps them on their Desktop with all their other apps / icons visible, instead of on 'another' machine with a different set of icons.  For the less technically inclined, it's a lot less confusing.

Justin1250 wrote:

It is really not a hack just RDP file settings :] I wrote my own RDP files and signed them.

But it's not using things as intended.  By default, if you don't alter things, you can't combine the two. MS even has documentation about this limitation. You did alter things to get around this.  Thus you are a hacker!  :]

Spice [2] flagReport

Justin1250 wrote:

Users may not even know any better that their app runs on a different server or computer.  Hiding the full desktop experience by default when in Remote App mode would keep people from just clicking on stuff I would think. 

That's right. I was more confused why Microsoft would hide the "both" mode from a system administrator. So that the collection supported 3 modes: RemoteApp, Remote Desktop and Both. The Deployment GUI is hiding this functionality and as DragonsRule pointed out, even MS documentation is stating that you choose either one or the other per each collection.

Spice [1] flagReport

m@x wrote:

Justin1250 wrote:

Users may not even know any better that their app runs on a different server or computer.  Hiding the full desktop experience by default when in Remote App mode would keep people from just clicking on stuff I would think. 

That's right. I was more confused why Microsoft would hide the "both" mode from a system administrator. So that the collection supported 3 modes: RemoteApp, Remote Desktop and Both. The Deployment GUI is hiding this functionality and as DragonsRule pointed out, even MS documentation is stating that you choose either one or the other per each collection.

To be honest, I've never read that in any documentation or glanced over it when I did read it. I have been using both for years. Which is what surprised be. I guess I didn't realize what I was doing was uncommon. 

Spice [1] flagReport

Justin1250 wrote:

m@x wrote:

Justin1250 wrote:

Users may not even know any better that their app runs on a different server or computer.  Hiding the full desktop experience by default when in Remote App mode would keep people from just clicking on stuff I would think. 

That's right. I was more confused why Microsoft would hide the "both" mode from a system administrator. So that the collection supported 3 modes: RemoteApp, Remote Desktop and Both. The Deployment GUI is hiding this functionality and as DragonsRule pointed out, even MS documentation is stating that you choose either one or the other per each collection.

To be honest, I've never read that in any documentation or glanced over it when I did read it. I have been using both for years. Which is what surprised be. I guess I didn't realize what I was doing was uncommon. 

Spice [1] flagReport

Justin1250​

Justin, are you using User Profile Disks in your RDS deployment? I haven't tried it myself, but saw an article stating that using both RemoteApp and Full RDP at the same time will error out if UPD is used. Reason being the fact that the system will attempt to load UPD 2 times, one per each session, so the second session will fail since UPD will be locked by the first session.

Are you using UPD and have you encountered anything similar? Thanks!

m@x wrote:

Justin1250​

Justin, are you using User Profile Disks in your RDS deployment? I haven't tried it myself, but saw an article stating that using both RemoteApp and Full RDP at the same time will error out if UPD is used. Reason being the fact that the system will attempt to load UPD 2 times, one per each session, so the second session will fail since UPD will be locked by the first session.

Are you using UPD and have you encountered anything similar? Thanks!

I am not using UPDs. I believe it will let the user launch both the app and the session based desktop. UPDs are 1:1.

I had a hell of a time with UPDs when they first came out. They work much better now but I just use redirected folders.

Although on a single.server deployment, I'm not sure there's much advantage. Except migration down the road. If you do use redirected folders but them behind a namespace.

Mostly what I've seen people doing is redirected folders for the profile folders and UPDs for just profile and registry settings. As once you set a max size for a UPD they are a huge pain to expand.

Justin1250 wrote:

m@x wrote:

Justin1250​

Justin, are you using User Profile Disks in your RDS deployment? I haven't tried it myself, but saw an article stating that using both RemoteApp and Full RDP at the same time will error out if UPD is used. Reason being the fact that the system will attempt to load UPD 2 times, one per each session, so the second session will fail since UPD will be locked by the first session.

Are you using UPD and have you encountered anything similar? Thanks!

I am not using UPDs. I believe it will let the user launch both the app and the session based desktop. UPDs are 1:1.

I had a hell of a time with UPDs when they first came out. They work much better now but I just use redirected folders.

Although on a single.server deployment, I'm not sure there's much advantage. Except migration down the road. If you do use redirected folders but them behind a namespace.

Mostly what I've seen people doing is redirected folders for the profile folders and UPDs for just profile and registry settings. As once you set a max size for a UPD they are a huge pain to expand.

I've been using UPD for distributed RDS deployments with multiple session hosts. And yes, using them mostly for user profile. The rest of the data is redirected.

As I understood the article, RemoteApps and Session Based Desktop are both trying to load the same UPD. Launching multiple published apps within a collection can share the UPD that is loaded. But running a concurrent Session Based Desktop is treated as a separate connection, I assume, which tries to read the VHDX again.

//ryanmangansitblog.com/2014/04/09/rds-2012-r2-apps-and-sessions-using-upd-issue/ 

=== On a different note ===

Can you please elaborate regarding putting Redirection behind a namespace? Are you referring to namespaces in DFS or just a CNAME for a file server? Or else?

m@x wrote:

Justin1250 wrote:

m@x wrote:

Justin1250​

Justin, are you using User Profile Disks in your RDS deployment? I haven't tried it myself, but saw an article stating that using both RemoteApp and Full RDP at the same time will error out if UPD is used. Reason being the fact that the system will attempt to load UPD 2 times, one per each session, so the second session will fail since UPD will be locked by the first session.

Are you using UPD and have you encountered anything similar? Thanks!

I am not using UPDs. I believe it will let the user launch both the app and the session based desktop. UPDs are 1:1.

I had a hell of a time with UPDs when they first came out. They work much better now but I just use redirected folders.

Although on a single.server deployment, I'm not sure there's much advantage. Except migration down the road. If you do use redirected folders but them behind a namespace.

Mostly what I've seen people doing is redirected folders for the profile folders and UPDs for just profile and registry settings. As once you set a max size for a UPD they are a huge pain to expand.

I've been using UPD for distributed RDS deployments with multiple session hosts. And yes, using them mostly for user profile. The rest of the data is redirected.

As I understood the article, RemoteApps and Session Based Desktop are both trying to load the same UPD. Launching multiple published apps within a collection can share the UPD that is loaded. But running a concurrent Session Based Desktop is treated as a separate connection, I assume, which tries to read the VHDX again.

//ryanmangansitblog.com/2014/04/09/rds-2012-r2-apps-and-sessions-using-upd-issue/ 

=== On a different note ===

Can you please elaborate regarding putting Redirection behind a namespace? Are you referring to namespaces in DFS or just a CNAME for a file server? Or else?

You can use DFS or a cname. I use DFS but you can use a cname like files. However with a cname you'll have to register the spn of the cname or Kerberos will fail.

Spice [1] flagReport