RD Web Access Migration: Migrating the RD Web Access Role Service

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2

This topic presents the procedures for migrating the RD Web Access role service.

Membership in the local Administrators group, or equivalent, on both the source and destination RD Web Access servers that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Migrating the RD Web Access or TS Web Access role service

To migrate the RD Web Access role service, refer to the data that you added to the RD Web Access Migration: Appendix A: Migration Data Collection Worksheets and perform the following procedures:

  1. Remove the source server from the domain.

  2. Join the destination server to the domain.

Important

After you remove a source server from the domain, you will not have access to any role services on that computer.

  1. Add the RD Web Access server to the TS Web Access Computers security group. For detailed steps, see Populate the TS Web Access Computers Security Group.

  2. Import the certificate that you plan to use for HTTPS to the RD Web Access server. For detailed steps, see Import a Certificate (https://go.microsoft.com/fwlink/?LinkID=188055).

  3. Migrate the RD Web Access server and client settings.

  4. Install the RD Web Access server root certificate on the Remote Desktop Services client.

Migrate the RD Web Access server and client settings

To migrate the Web Server (IIS) settings and SSL certificate to the RD Web Access server, perform the following procedures:

  • Configure authentication on the RD Web Access server.

  • Import the SSL certificate into Web Server (IIS).

  • Configure the SSL settings in Web Server (IIS).

  • Assign the RemoteApp sources.

First, configure authentication on the RD Web Access server.

Important

If you are migrating from a TS Web Access server, you should consider whether you want to migrate the settings from your source server or use the default settings for the RD Web Access role service. For more information, see Restore the RD Web Access or TS Web Access server in RD Web Access Migration: Post-Migration Tasks.

To configure authentication on the RD Web Access server

  1. On the RD Web Access server, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In the left pane of Internet Information Services (IIS) Manager, expand the server name, expand Sites, expand Default Web Site, expand RDWeb, and then click Pages.

  3. In the middle pane, under IIS, double-click Authentication.

  4. Ensure that Windows Authentication or Forms Authentication is set to Enabled based on the entry for the destination server on the data worksheet. If it is not, right-click the correct authentication method, and then select Enable.

Next, import the SSL certificate into Web Server (IIS).

Import the SSL Certificate into Web Server (IIS) by using the Internet Information Services (IIS) Manager to associate the certificate with the RD Web Access website. For more information, see Import a Server Certificate (IIS 7) (https://go.microsoft.com/fwlink/?LinkId=195061). The SSL certificate for RD Web Access is stored in Internet Information Services (IIS) Manager, under the Default Web Site on the Sites node.

Next, configure the SSL settings in Web Server (IIS).

To configure the SSL settings in Web Server (IIS)

  1. In the left pane of Internet Information Services (IIS) Manager, expand the server name, expand Sites, expand Default Web Site, expand RDWeb, and then click Pages.

  2. In /RD Web/Pages Home, under IIS, double-click SSL Settings.

  3. Configure the SSL settings based on the data recorded on the data worksheet.

Finally, assign the RemoteApp sources.

To assign the RemoteApp sources

  1. Log on with an account in the local Administrators group.

  2. Click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Web Access Configuration. RD Web Access opens in Internet Explorer.

    If you see a warning that there is a problem with the certificate for this website, and a link that says Continue to this website (not recommended), it indicates that there is a problem with the SSL certificate. If your client and server are behind a firewall, you might choose to click the link to verify the connection; however, you should use a trusted certificate when deploying RD Web Access in a production environment. For more information, see Remote Desktop Services Migration Overview: Migrating Certificates.

    If your SSL certificate was generated by an enterprise certification authority (CA) in your organization, and it has not been signed by a CA that is trusted by Microsoft, it might also indicate that your client has not been configured correctly. For more information, see Install the RD Web Access server root certificate on the Remote Desktop Services client later in this topic.

  3. In the Domain\user name box, type the name of a valid user on the domain who is also a local administrator.

  4. In the Password box, type the password, and then click Sign in.

  5. On the Configuration tab, click An RD Connection Broker server.

  6. In the Source name box, type the name of the RD Connection Broker server that you entered on the data worksheet, and then click OK.

Install the RD Web Access server root certificate on the Remote Desktop Services client

Install the certificate on the Remote Desktop Services client that you are planning to use for testing the deployment.

Note

This step is not necessary if you are using a certificate that has been signed by a public signing authority.

To install the RD Web Access server root certificate on the Remote Desktop Services client

  1. In the Certificates snap-in console, in the console tree, expand Certificates (Local Computer), expand Trusted Root Certification Authorities, right-click Certificates, point to All Tasks, and then click Import.

  2. In the Certificate Import Wizard, on the Welcome to the Certificate Import Wizard page, click Next.

  3. On the File to Import page, in the File name box, specify the name of the RD Web Access server root certificate, and then click Next.

  4. On the Certificate Store page, accept the default option Place all certificates in the following store (in the certificate store Trusted Root Certification Authorities), and then click Next.

  5. On the Completing the Certificate Import Wizard page, confirm that the following certificate settings appear:

    • Certificate Store Selected by User: Trusted Root Certification Authorities

    • Content: Certificate

    • File Name: FilePath\<Root_Certificate_Name.cer>, where <Root_Certificate_Name> is the name of the RD Web Access root certificate.

  6. In the Certificate Import Wizard dialog box, click Finish, and then click OK.

See also