Step 1: Setting Up the Contoso Domain

  • Article

Applies To: Windows 7, Windows Server 2008 R2

To prepare your personal virtual desktop test environment in the CONTOSO domain, you must complete the following tasks:

  • Configure the Remote Desktop Virtualization Host (RD Virtualization Host) server (RDVH-SRV)

  • Configure the Remote Desktop Connection Broker (RD Connection Broker) server (RDCB-SRV)

  • Configure the Remote Desktop Web Access (RD Web Access) server (RDWA-SRV)

Use the following table as a reference when setting up the appropriate computer names, operating systems, and network settings that are required to complete the steps in this guide.

Important

Before you configure your computers with static Internet Protocol (IP) addresses, we recommend that you first complete Windows product activation while each of your computers still has Internet connectivity. You should also install any available critical security updates from Windows Update (https://go.microsoft.com/fwlink/?LinkID=47370).

Computer name Operating system requirement IP settings DNS settings

CONTOSO-DC

Windows Server 2008 R2

IP address:

10.0.0.1

Subnet mask:

255.255.255.0

Default gateway:

10.0.0.1

Configured by DNS server role

RDSH-SRV

Windows Server 2008 R2

IP address:

10.0.0.2

Subnet mask:

255.255.255.0

Default gateway:

10.0.0.1

Preferred:

10.0.0.1

CONTOSO-CLNT

Windows 7

IP address:

10.0.0.3

Subnet mask:

255.255.255.0

Default gateway:

10.0.0.1

Preferred:

10.0.0.1

RDVH-SRV

Windows Server 2008 R2

IP address:

10.0.0.4

Subnet mask:

255.255.255.0

Default gateway:

10.0.0.1

Preferred:

10.0.0.1

RDCB-SRV

Windows Server 2008 R2

IP address:

10.0.0.5

Subnet mask:

255.255.255.0

Default gateway:

10.0.0.1

Preferred:

10.0.0.1

RDWA-SRV

Windows Server 2008 R2

IP address:

10.0.0.6

Subnet mask:

255.255.255.0

Default gateway:

10.0.0.1

Preferred:

10.0.0.1

Configure the RD Virtualization Host server (RDVH-SRV)

To configure the RD Virtualization Host server, you must:

  • Install Windows Server 2008 R2.

  • Configure TCP/IP properties.

  • Join RDVH-SRV to the contoso.com domain.

  • Install the RD Virtualization Host role service.

Note

This will also install the Hyper-V role service.

First, install Windows Server 2008 R2 on a stand-alone server.

To install Windows Server 2008 R2

  1. Start your computer by using the Windows Server 2008 R2 product CD.

  2. When prompted for a computer name, type RDVH-SRV.

  3. Follow the rest of the instructions that appear on your screen to finish the installation.

Next, configure TCP/IP properties so that RDVH-SRV has an IPv4 static IP address of 10.0.0.4.

To configure TCP/IP properties

  1. Log on to RDVH-SRV with the RDVH-SRV\Administrator account.

  2. Click Start, click Control Panel, click Network and Internet, click Network and Sharing Center, click Change adapter settings, right-click Local Area Connection, and then click Properties.

  3. On the Networking tab, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

  4. Click Use the following IP address. In the IP address box, type 10.0.0.4. In the Subnet mask box, type 255.255.255.0. In the Default gateway box, type 10.0.0.1.

  5. Click Use the following DNS server addresses. In the Preferred DNS server box, type 10.0.0.1.

  6. Click OK, and then close the Local Area Connection Properties dialog box.

Next, join RDVH-SRV to the contoso.com domain.

To join RDVH-SRV to the contoso.com domain

  1. Click Start, right-click Computer, and then click Properties.

  2. Under Computer name, domain, and workgroup settings, click Change settings.

  3. On the Computer Name tab, click Change.

  4. In the Computer Name/Domain Changes dialog box, under Member of, click Domain, and then type contoso.com.

  5. Click More, and in the Primary DNS suffix of this computer box, type contoso.com.

  6. Click OK, and then click OK again.

  7. When a Computer Name/Domain Changes dialog box appears prompting you for administrative credentials, provide the credentials for CONTOSO\Administrator, and then click OK.

  8. When a Computer Name/Domain Changes dialog box appears welcoming you to the contoso.com domain, click OK.

  9. When a Computer Name/Domain Changes dialog box appears telling you that the computer must be restarted, click OK, and then click Close.

  10. Click Restart Now.

Finally, install the RD Virtualization Host role service by using Server Manager.

To install the RD Virtualization Host role service

  1. Log on to RDVH-SRV as CONTOSO\Administrator.

  2. Click Start, point to Administrative Tools, and then click Server Manager.

  3. Under the Roles Summary heading, click Add Roles.

  4. On the Before You Begin page, click Next.

  5. On the Select Server Roles page, select the Remote Desktop Services check box, and then click Next.

  6. On the Remote Desktop Services page, click Next.

  7. On the Select Role Services page, select the Remote Desktop Virtualization Host check box.

  8. Review the information about adding Hyper-V, click Add Required Role Services, and then click Next.

  9. On the Introduction to Hyper-V page, click Next.

  10. On the Confirm Installation Selections page, ensure that you are installing both the Remote Desktop Session Host (RD Session Host) role service and the Hyper-V server role, and then click Install.

  11. After the installation is complete, click Close.

  12. Restart the RDVH-SRV computer.

Configure the RD Connection Broker server (RDCB-SRV)

To configure the RD Connection Broker server by using Windows Server 2008 R2, you must:

  • Install Windows Server 2008 R2.

  • Configure TCP/IP properties.

  • Join RDCB-SRV to the contoso.com domain.

  • Install the RD Connection Broker role service.

  • Configure a certificate used to digitally sign the RDP file.

  • Add the thumbprint of the certificate used to digitally sign the RDP file to the Default Domain Policy by using Group Policy Management.

First, install Windows Server 2008 R2 as a stand-alone server.

To install Windows Server 2008 R2

  1. Start your computer by using the Windows Server 2008 R2 product CD.

  2. When prompted for a computer name, type RDCB-SRV.

  3. Follow the rest of the instructions that appear on your screen to finish the installation.

Next, configure TCP/IP properties so that RDCB-SRV has a static IP address of 10.0.0.5. In addition, configure the DNS server by using the IP address of CONTOSO-DC (10.0.0.1).

To configure TCP/IP properties

  1. Log on to RDCB-SRV with the RDCB-SRV\Administrator account or another user account in the local Administrators group.

  2. Click Start, click Control Panel, click Network and Internet, click Network and Sharing Center, click Change adapter settings, right-click Local Area Connection, and then click Properties.

  3. On the Networking tab, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

  4. Click Use the following IP address. In the IP address box, type 10.0.0.5. In the Subnet mask box, type 255.255.255.0. In the Default gateway box, type 10.0.0.1.

  5. Click Use the following DNS server addresses. In the Preferred DNS server box, type 10.0.0.1.

  6. Click OK, and then close the Local Area Connection Properties dialog box.

Next, join RDCB-SRV to the contoso.com domain.

To join RDCB-SRV to the contoso.com domain

  1. Click Start, right-click Computer, and then click Properties.

  2. Under Computer name, domain, and workgroup settings, click Change settings.

  3. On the Computer Name tab, click Change.

  4. In the Computer Name/Domain Changes dialog box, under Member of, click Domain, and then type contoso.com.

  5. Click More, and in the Primary DNS suffix of this computer box, type contoso.com.

  6. Click OK, and then click OK again.

  7. When a Computer Name/Domain Changes dialog box appears prompting you for administrative credentials, provide the credentials for CONTOSO\Administrator, and then click OK.

  8. When a Computer Name/Domain Changes dialog box appears welcoming you to the contoso.com domain, click OK.

  9. When a Computer Name/Domain Changes dialog box appears telling you that the computer must be restarted, click OK, and then click Close.

  10. Click Restart Now.

Next, install the RD Connection Broker role service by using Server Manager.

To install the RD Connection Broker role service

  1. Log on to RDCB-SRV as CONTOSO\Administrator.

  2. Click Start, point to Administrative Tools, and then click Server Manager.

  3. Under the Roles Summary heading, click Add Roles.

  4. On the Before You Begin page, click Next.

  5. On the Select Server Roles page, click the Remote Desktop Services check box, and then click Next.

  6. On the Remote Desktop Services page, click Next.

  7. On the Select Role Services page, select the Remote Desktop Connection Broker check box, and then click Next.

  8. On the Confirm Installation Selections page, click Install.

  9. After the installation is complete, click Close.

Next, configure a digital certificate used to digitally sign the RDP file.

To configure a certificate used to digitally sign the RDP file

  1. Open Remote Desktop Connection Manager. To open Remote Desktop Connection Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Connection Manager.

  2. Under the Virtual Desktops: Resources and Configuration heading, click Specify next to Digital Certificate.

  3. On the Digital Signature tab, select the Sign with a Digital Certificate check box.

  4. Click Select.

  5. In the Confirm Certificate dialog box, click the certificate that you want to use for signing the RDP files, and then click OK.

Finally, you must add the thumbprint of the certificate used to digitally sign the RDP file to the Default Domain Group Policy setting. This is required so that the trusted publisher warning dialog box is not shown to the user each time the personal virtual desktop is started.

To add the certificate thumbprint to the Default Domain Group Policy setting

  1. Log on to CONTOSO-DC as CONTOSO\Administrator.

  2. Open Group Policy Management. To open Group Policy Management, click Start, point to Administrative Tools, and then click Group Policy Management.

  3. Expand Forest: contoso.com, expand Domains, and then expand contoso.com.

  4. Right-click Default Domain Policy, and then click Edit.

  5. Navigate to Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client.

  6. Double-click Specify SHA1 thumbprints of certificates representing trusted .rdp publishers.

  7. Select the Enabled option.

  8. In the Comma-separated list of SHA1 trusted certificate thumbprints box, type the certificate thumbprint used to digitally sign the RDP file, and then click OK.

Configure the RD Web Access server (RDWA-SRV)

To configure the RD Web Access server by using Windows Server 2008 R2, you must:

  • Install Windows Server 2008 R2.

  • Configure TCP/IP properties.

  • Join RDWA-SRV to the contoso.com domain.

  • Install the RD Web Access role service.

  • Export the SSL certificate and copy it to the CONTOSO-CLNT computer.

First, install Windows Server 2008 R2 on a stand-alone server.

To install Windows Server 2008 R2

  1. Start your computer by using the Windows Server 2008 R2 product CD.

  2. When prompted for a computer name, type RDWA-SRV.

  3. Follow the rest of the instructions that appear on your screen to finish the installation.

Next, configure TCP/IP properties so that RDWA-SRV has an IPv4 static IP address of 10.0.0.6.

To configure TCP/IP properties

  1. Log on to RDWA-SRV with the RDWA-SRV\Administrator account.

  2. Click Start, click Control Panel, click Network and Internet, click Network and Sharing Center, click Change adapter settings, right-click Local Area Connection, and then click Properties.

  3. On the Networking tab, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

  4. Click Use the following IP address. In the IP address box, type 10.0.0.6. In the Subnet mask box, type 255.255.255.0. In the Default gateway box, type 10.0.0.1.

  5. Click Use the following DNS server addresses. In the Preferred DNS server box, type 10.0.0.1.

  6. Click OK, and then close the Local Area Connection Properties dialog box.

Next, join RDWA-SRV to the contoso.com domain.

To join RDWA-SRV to the contoso.com domain

  1. Click Start, right-click Computer, and then click Properties.

  2. Under Computer name, domain, and workgroup settings, click Change settings.

  3. On the Computer Name tab, click Change.

  4. In the Computer Name/Domain Changes dialog box, under Member of, click Domain, and then type contoso.com.

  5. Click More, and in the Primary DNS suffix of this computer box, type contoso.com.

  6. Click OK, and then click OK again.

  7. When a Computer Name/Domain Changes dialog box appears prompting you for administrative credentials, provide the credentials for CONTOSO\Administrator, and then click OK.

  8. When a Computer Name/Domain Changes dialog box appears welcoming you to the contoso.com domain, click OK.

  9. When a Computer Name/Domain Changes dialog box appears telling you that the computer must be restarted, click OK, and then click Close.

  10. Click Restart Now.

Next, install the RD Web Access role service by using Server Manager.

To install the RD Web Access role service

  1. Log on to RDWA-SRV as CONTOSO\Administrator.

  2. Click Start, point to Administrative Tools, and then click Server Manager.

  3. Under the Roles Summary heading, click Add Roles.

  4. On the Before You Begin page, click Next.

  5. On the Select Server Roles page, select the Remote Desktop Services check box, and then click Next.

  6. On the Remote Desktop Services page, click Next.

  7. On the Select Role Services page, select the Remote Desktop Web Access check box.

  8. Review the information about adding Web Server (IIS) and the Remote Server Administration Tools, click Add Required Role Services, and then click Next.

  9. On the Web Server (IIS) page, click Next.

  10. On the Select Role Services page for the Web Server (IIS) server role, click Next.

  11. On the Confirm Installation Selections page, click Install.

  12. After the installation is complete, click Close.

Finally, export the self-signed SSL certificate on RDWA-SRV and copy it to the CONTOSO-CLNT computer.

To export the SSL certificate for the RD Web Access server and copy it to the CONTOSO-CLNT computer

  1. Click Start, click Run, type mmc and then click OK.

  2. On the File menu, click Add/Remove Snap-in.

  3. In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and then click Add.

  4. In the Certificates snap-in dialog box, click the Computer account option, and then click Next.

  5. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.

  6. In the Add or Remove snap-ins dialog box, click OK.

  7. In the Certificates snap-in console, in the console tree, expand Certificates (Local Computer), expand Personal, and then click Certificates.

  8. Right-click the certificate RDWA-SRV.contoso.com, point to All Tasks, and then click Export.

  9. On the Welcome to the Certificate Export Wizard page, click Next.

  10. On the Export Private Key page, ensure that No, do not export the private key is selected, and then click Next.

  11. On the Export File Format page, ensure that DER encoded binary X.509 (.CER) is selected, and then click Next.

  12. On the File to Export page, in the File name box, click Browse.

  13. In the Save As dialog box, in the File name box, enter RDWA-SRV, and then click Save.

  14. On the File to Export page, click Next.

  15. On the Completing the Certificate Export Wizard page, click Finish.

  16. After the certificate export has successfully completed, a message appears confirming that the export was successful. Click OK.

  17. Close the Certificates snap-in.

  18. If you are prompted to save your settings, click No.

  19. Copy the certificate, located at c:\users\administrator.CONTOSO\Documents\RDWA-SRV.cer on RDWA-SRV, to the CONTOSO-CLNT computer.

You have set up the Contoso domain. Now you can proceed to Step 2: Installing and Configuring the Virtual Machine.