Deploying Remote Desktop Web Access with

Remote Desktop Connection Broker Step-by-

Step Guide
Microsoft Corporation
Published: October 2010
Updated: February 2011

Abstract
RemoteApp and Desktop Connection provides administrators with the ability to group RemoteApp
programs and make them available to end users on the Start menu of a computer that is running
Windows 7 or by using a Web browser. This guide explains how to configure a RemoteApp
program so that a user can access it by using a Web browser.
Copyright Information
This document is provided “as-is”. Information and views expressed in this document, including
URL and other Internet Web site references, may change without notice. You bear the risk of
using it.
This document does not provide you with any legal rights to any intellectual property in any
Microsoft product. You may copy and use this document for your internal, reference purposes.
© 2011 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, RemoteApp, Windows, and Windows Server are trademarks of the
Microsoft group of companies.
All other trademarks are property of their respective owners.
Contents
Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by-Step
Guide ............................................................................................................................................ 4
About this guide............................................................................................................................ 4
What this guide does not provide ............................................................................................. 5
Scenario: Deploying Remote Desktop Web Access with Remote Desktop Connection Broker in
a test environment .................................................................................................................... 6

Step 1: Setting Up the CONTOSO Domain ..................................................................................... 7

Configure the RD Session Host server (RDSH-SRV) .............................................................. 8
Configure the client computer (CONTOSO-CLNT) .................................................................. 9
Configure the RD Connection Broker server (RDCB-SRV) .................................................... 10
Configure the RD Web Access server (RDWA-SRV) ............................................................. 13

Step 2: Installing and Configuring RemoteApp ............................................................................. 15

Step 3: Verifying RemoteApp Functionality ................................................................................... 17

Related topics............................................................................................................................. 18
Deploying Remote Desktop Web Access with
Remote Desktop Connection Broker Step-by-
Step Guide

About this guide

RemoteApp and Desktop Connection allows administrators to provide a set of resources, such as
RemoteApp programs and virtual desktops, to their users. Users can connect to RemoteApp and
Desktop Connection in two ways:
 From a computer running Windows® 7. When set up, resources that are part of RemoteApp
and Desktop Connection appear in the Start menu under All Programs in a folder called
RemoteApp and Desktop Connections.
 From a Web browser by signing in to the website that is provided by RD Web Access. In this
case, a computer that is running Windows 7 is not required.
This step-by-step guide walks you through the process of setting up a working RemoteApp
source that is accessible by using Remote Desktop Web Access (RD Web Access). During this
process, you will deploy the following components in a test environment:
 A Remote Desktop Connection Broker (RD Connection Broker) server
 A Remote Desktop Web Access (RD Web Access) server
This guide also explains how to configure Single Sign On so that users are only prompted once
for credentials. When you deploy Single Sign On, consider the following certificate requirements:
 The certificate must be trusted explicitly or from a trusted root certificate.
 The certificate name or the Subject Alternative Name must match the fully-qualified domain
name of the server.
 The certificate must support Server Authentication or Remote Desktop Authentication
Extended Key Usage.
 Indirect certificate revocation lists are not supported.
 Certificate revocation checks are performed by default.
 When you use CredSSP, you can turn off certificate revocation checks by configuring the
following registry entry to a value of 1:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\UseCachedCRL
OnlyAndIgnoreRevocationUnknownErrors
 When you use Transport Layer Security (TLS), you can turn off certificate revocation checks
by configuring the following registry entries to a value of 0:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\
CertChainRevocationCheck and HKEY_CURRENT_USER\SOFTWARE\Microsoft\Terminal
Server Client\ CertChainRevocationCheck
Is guide includes the following topics:
 Step 1: Setting Up the CONTOSO Domain
 Step 2: Installing and Configuring RemoteApp
 Step 3: Verifying RemoteApp Functionality
This guide assumes that you previously completed the steps in the Installing Remote Desktop
Session Host Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=147292), and that you
have already deployed the following components:
 An RD Session Host server
 A Remote Desktop Connection client computer
 An Active Directory® domain controller
The goal of a RemoteApp source is to provide users with programs that are available by using
RD Web Access.

What this guide does not provide

This guide does not provide the following information:
 An overview of Remote Desktop Services.
 Guidance for setting up Active Directory Domain Services or an RD Session Host server. For
more information, see the Installing Remote Desktop Session Host Step-by-Step Guide
(http://go.microsoft.com/fwlink/?LinkId=147292). For a downloadable version of this
document, see the Installing Remote Desktop Session Host Step-by-Step Guide
(http://go.microsoft.com/fwlink/?LinkId=147293) in the Microsoft Download Center.
 Guidance for setting up and configuring a virtual desktop pool. For more information about
setting up a virtual desktop pool in a test environment, see the Deploying Virtual Desktop
Pools by Using RemoteApp and Desktop Connection Step-by-Step Guide
(http://go.microsoft.com/fwlink/?LinkId=147906). For a downloadable version of this
document, see the Deploying Virtual Desktop Pools by Using RemoteApp and Desktop
Connection Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=147907) in the
Microsoft Download Center.
 Guidance for setting up and configuring a personal virtual desktop. For more information
about setting up a personal virtual desktop in a test environment, see the Deploying Personal
Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide
(http://go.microsoft.com/fwlink/?LinkId=147909). For a downloadable version of this
document, see the Deploying Personal Virtual Desktops by Using RemoteApp and Desktop
Connection Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=147908) in the
Microsoft Download Center.
 Guidance for setting up and configuring RemoteApp and Desktop Connection in a production
environment.
 A complete technical reference for Remote Desktop Services.
Scenario: Deploying Remote Desktop Web Access
with Remote Desktop Connection Broker in a test
environment
We recommend that you first use the procedures provided in this guide in a test lab environment.
Step-by-step guides are not necessarily meant to be used to deploy Windows Server® features
without supporting deployment documentation, and they should be used with discretion as stand-
alone documents.
Upon completion of this step-by-step guide, your RemoteApp and Desktop Connection will be
available for a user account that connects by using RD Web Access. You can then test and verify
this functionality by opening a RemoteApp program as a standard user.
The test environment that is described in this guide includes five computers that are connected to
a private network by using the following operating systems, applications, and services.

Computer name Operating system Applications and services

CONTOSO-DC Windows Server 2008 R2 Active Directory Domain

Services (AD DS), DNS

RDSH-SRV Windows Server 2008 R2 RD Session Host

CONTOSO-CLNT Windows 7 Remote Desktop Connection

RDCB-SRV Windows Server 2008 R2 RD Connection Broker

RDWA-SRV Windows Server 2008 R2 RD Web Access

The computers form a private network, and they are connected through a common hub or Layer 2
switch. This step-by-step guide uses private addresses throughout the test lab configuration. The
private network ID 10.0.0.0/24 is used for the network. The domain controller is named
CONTOSO-DC for the domain named contoso.com. The following figure shows the configuration
of the test environment.
Step 1: Setting Up the CONTOSO Domain
To prepare your RemoteApp and Desktop Connection test environment in the CONTOSO
domain, you must complete the following tasks:
 Configure the RD Session Host server (RDSH-SRV).
 Configure the client computer (CONTOSO-CLNT)
 Configure the Remote Desktop Connection Broker (RD Connection Broker) server (RDCB-
SRV).
 Configure the Remote Desktop Web Access (RD Web Access) server (RDWA-SRV).
Use the following table as a reference when setting up the appropriate computer names,
operating systems, and network settings that are required to complete the steps in this guide.

Important
Before you configure your computers with static Internet Protocol (IP) addresses, we
recommend that you first complete Windows product activation while each of your
computers still has Internet connectivity. You should also install any available critical
security updates from Windows Update (http://go.microsoft.com/fwlink/?LinkID=47370).

Computer name Operating system IP settings DNS settings

requirement

CONTOSO-DC Windows IP address: Configured by DNS

Server 2008 R2 10.0.0.1 server role

Subnet mask:
Computer name Operating system IP settings DNS settings
requirement
255.255.255.0
Default gateway:
10.0.0.1

RDSH-SRV Windows IP address: Preferred:

Server 2008 R2 10.0.0.2 10.0.0.1
Subnet mask:
255.255.255.0
Default gateway:
10.0.0.1

CONTOSO-CLNT Windows 7 IP address: Preferred:

10.0.0.3 10.0.0.1
Subnet mask:
255.255.255.0
Default gateway:
10.0.0.1

RDCB-SRV Windows IP address: Preferred:

Server 2008 R2 10.0.0.5 10.0.0.1
Subnet mask:
255.255.255.0
Default gateway:
10.0.0.1

RDWA-SRV Windows IP address: Preferred:

Server 2008 R2 10.0.0.6 10.0.0.1
Subnet mask:
255.255.255.0
Default gateway:
10.0.0.1

Configure the RD Session Host server (RDSH-SRV)

To configure the server RDSH-SRV, you must:
 Configure a certificate used to digitally sign the RDP file.
 Add the thumbprint of the certificate used to digitally sign the RDP file to the Default Domain
Group Policy setting by using the Group Policy Management Console (GPMC).
First, configure a certificate used to digitally sign the RDP file by using RemoteApp Manager. This
procedure assumes that you have already imported a certificate into the Personal certificate store
of the computer account.

To configure a certificate used to digitally sign the RDP file

1. Log on to RDSH-SRV as CONTOSO\Administrator.
2. Click Start, point to Administrative Tools, point to Remote Desktop Services, and then
click RemoteApp Manager.
3. Under the Overview section, click Change next to Digital Signature Settings.
4. Select the Sign with a digital certificate check box.
5. Click Change.
6. On the Confirm Certificate page, select the appropriate certificate, and then click OK.
7. Click OK to close the RemoteApp Deployment Settings dialog box.
Finally, you must add the thumbprint of the certificate used to digitally sign the RDP file to the
Default Domain Group Policy setting. This is required so that the trusted publisher warning dialog
box is not shown to the user each time the RemoteApp program is started.

To add the certificate thumbprint to the Default Domain Group Policy setting
1. Log on to CONTOSO-DC as CONTOSO\Administrator.
2. Open the GPMC. To open the GPMC, click Start, point to Administrative Tools, and
then click Group Policy Management.
3. Expand Forest: contoso.com, expand Domains, and then expand contoso.com.
4. Right-click Default Domain Policy, and then click Edit.
5. Navigate to Computer Configuration\Policies\Administrative Templates\Windows
Components\Remote Desktop Services\Remote Desktop Connection Client.
6. Double-click Specify SHA1 thumbprints of certificates representing trusted .rdp
publishers.
7. Select the Enabled option.
8. In the Comma-separated list of SHA1 trusted certificate thumbprints box, type the
certificate thumbprint used to digitally sign the RDP file, and then click OK.

Configure the client computer (CONTOSO-CLNT)

To configure the client computer CONTOSO-CLNT, you must:
 Import the digital certificate used by RDSH-SRV to the Trusted Root Certification Authorities
certificate store of the computer account.
Import the digital certificate used by RDSH-SRV to the Trusted Root Certification Authorities
certificate store of the computer account on CONTOSO-CLNT.

To import a digital certificate to the Trusted Root Certification Authorities certificate

store
1. Log on to CONTOSO-CLNT as CONTOSO\Administrator.
2. Click Start, and then click Run.
3. Type mmc and then click OK.
4. Click File, and then click Add/Remove Snap-in.
5. In the Available snap-ins box, click Certificates, and then click Add.
6. Select the Computer account option, click Next, and then click Finish.
7. Click OK.
8. Expand Certificates (Local Computer).
9. Right-click Trusted Root Certification Authorities, point to All Tasks, and then click
Import.
10. On the Welcome to the Certificate Import Wizard page, click Next.
11. Click Browse.
12. Click Personal Information Exchange (*.pfx, *.p12) to filter the file results to show only
PFX and P12 files.

Important
You must import a PFX certificate file that includes the private key.
13. Navigate to the folder where the certificate is located, click the certificate, and the click
Open.
14. Click Next.
15. In the Password box, type the password for the PFX file, and then click Next.
16. Click Next, and then click Finish.

Configure the RD Connection Broker server (RDCB-SRV)

To configure the server RDCB-SRV, you must:
 Install Windows Server 2008 R2.
 Configure TCP/IP properties.
 Join RDCB-SRV to the contoso.com domain.
 Install the RD Connection Broker role service.
 Import the digital certificate used by RDSH-SRV to the Personal certificate store of the
computer account.
 Configure a certificate used to digitally sign the RDP file.
First, install Windows Server 2008 R2 as a stand-alone server.
 To install Windows Server 2008 R2
1. Start your computer by using the Windows Server 2008 R2 product CD.
2. When prompted for a computer name, type RDCB-SRV.
3. Follow the rest of the instructions that appear on your screen to finish the installation.
Next, configure TCP/IP properties so that RDCB-SRV has a static IP address of 10.0.0.5. In
addition, configure the DNS server by using the IP address of CONTOSO-DC (10.0.0.1).

To configure TCP/IP properties

1. Log on to RDCB-SRV with the RDCB-SRV\Administrator account or another user
account in the local Administrators group.
2. Click Start, click Control Panel, click Network and Internet, click Network and Sharing
Center, click Change adapter settings, right-click Local Area Connection, and then
click Properties.
3. On the Networking tab, click Internet Protocol Version 4 (TCP/IPv4), and then click
Properties.
4. Click Use the following IP address. In the IP address box, type 10.0.0.5. In the Subnet
mask box, type 255.255.255.0. In the Default gateway box, type 10.0.0.1.
5. Click Use the following DNS server addresses. In the Preferred DNS server box, type
10.0.0.1.
6. Click OK, and then close the Local Area Connection Properties dialog box.
Next, join RDCB-SRV to the contoso.com domain.

To join RDCB-SRV to the contoso.com domain

1. Click Start, right-click Computer, and then click Properties.
2. Under Computer name, domain, and workgroup settings, click Change settings.
3. On the Computer Name tab, click Change.
4. In the Computer Name/Domain Changes dialog box, under Member of, click Domain,
and then type contoso.com.
5. Click More, and in the Primary DNS suffix of this computer box, type contoso.com.
6. Click OK, and then click OK again.
7. When a Computer Name/Domain Changes dialog box appears prompting you for
administrative credentials, provide the credentials for CONTOSO\Administrator, and then
click OK.
8. When a Computer Name/Domain Changes dialog box appears welcoming you to the
contoso.com domain, click OK.
9. When a Computer Name/Domain Changes dialog box appears telling you that the
computer must be restarted, click OK, and then click Close.
 10. Click Restart Now.
Next, install the RD Connection Broker role service by using Server Manager.

To install the RD Connection Broker role service

1. Log on to RDCB-SRV as CONTOSO\Administrator.
2. Click Start, point to Administrative Tools, and then click Server Manager.
3. Under the Roles Summary heading, click Add Roles.
4. On the Before You Begin page, click Next.
5. On the Select Server Roles page, select the Remote Desktop Services check box, and
then click Next.
6. On the Remote Desktop Services page, click Next.
7. On the Select Role Services page, select the Remote Desktop Connection Broker
check box, and then click Next.
8. On the Confirm Installation Selections page, click Install.
9. After the installation is complete, click Close.
Next, import the digital certificate used by RDSH-SRV to the Personal certificate store of the
computer account on RDCB-SRV.

To import a digital certificate to the Personal certificate store

1. Log on to RDCB-SRV as CONTOSO\Administrator.
2. Click Start, and then click Run.
3. Type mmc and then click OK.
4. Click File, and then click Add/Remove Snap-in.
5. In the Available snap-ins box, click Certificates, and then click Add.
6. Select the Computer account option, click Next, and then click Finish.
7. Click OK.
8. Expand Certificates (Local Computer).
9. Right-click Personal, point to All Tasks, and then click Import.
10. On the Welcome to the Certificate Import Wizard page, click Next.
11. Click Browse.
12. Click Personal Information Exchange (*.pfx, *.p12) to filter the file results to show only
PFX and P12 files.

Important
You must import a PFX certificate file that includes the private key.
13. Navigate to the folder where the certificate is located, click the certificate, and the click
Open.
14. Click Next.
 15. In the Password box, type the password for the PFX file, and then click Next.
16. Click Next, and then click Finish.
Finally, configure a digital certificate used to digitally sign the RDP file.

To configure a certificate used to digitally sign the RDP file

1. Open Remote Desktop Connection Manager. To open Remote Desktop Connection
Manager, click Start, point to Administrative Tools, point to Remote Desktop
Services, and then click Remote Desktop Connection Manager.
2. Under the Virtual Desktops: Resources and Configuration heading, click Specify next
to Digital Certificate.
3. On the Digital Signature tab, select the Sign with a Digital Certificate check box.
4. Click Select.
5. In the Confirm Certificate dialog box, click the certificate that you want to use for signing
the RDP files, and then click OK.

Configure the RD Web Access server (RDWA-SRV)

To configure the RD Web Access server by using Windows Server 2008 R2, you must:
 Install Windows Server 2008 R2.
 Configure TCP/IP properties.
 Join RDWA-SRV to the contoso.com domain.
 Install the RD Web Access role service.
 Add the thumbprint of the certificate used for the RD Web Access server to the Default
Domain Group Policy setting by using the GPMC.
First, install Windows Server 2008 R2 on a stand-alone server.

To install Windows Server 2008 R2

1. Start your computer by using the Windows Server 2008 R2 product CD.
2. When prompted for a computer name, type RDWA-SRV.
3. Follow the rest of the instructions that appear on your screen to finish the installation.
Next, configure TCP/IP properties so that RDWA-SRV has an IPv4 static IP address of 10.0.0.6.

To configure TCP/IP properties

1. Log on to RDWA-SRV with the RDWA-SRV\Administrator account.
2. Click Start, click Control Panel, click Network and Internet, click Network and Sharing
Center, click Change adapter settings, right-click Local Area Connection, and then
click Properties.
3. On the Networking tab, click Internet Protocol Version 4 (TCP/IPv4), and then click
 Properties.
4. Click Use the following IP address. In the IP address box, type 10.0.0.6. In the Subnet
mask box, type 255.255.255.0. In the Default gateway box, type 10.0.0.1.
5. Click Use the following DNS server addresses. In the Preferred DNS server box, type
10.0.0.1.
6. Click OK, and then close the Local Area Connection Properties dialog box.
Next, join RDWA-SRV to the contoso.com domain.

To join RDWA-SRV to the contoso.com domain

1. Click Start, right-click Computer, and then click Properties.
2. Under Computer name, domain, and workgroup settings, click Change settings.
3. On the Computer Name tab, click Change.
4. In the Computer Name/Domain Changes dialog box, under Member of, click Domain,
and then type contoso.com.
5. Click More, and in the Primary DNS suffix of this computer box, type contoso.com.
6. Click OK, and then click OK again.
7. When a Computer Name/Domain Changes dialog box appears prompting you for
administrative credentials, provide the credentials for CONTOSO\Administrator, and then
click OK.
8. When a Computer Name/Domain Changes dialog box appears welcoming you to the
contoso.com domain, click OK.
9. When a Computer Name/Domain Changes dialog box appears telling you that the
computer must be restarted, click OK, and then click Close.
10. Click Restart Now.
Next, install the RD Web Access role service by using Server Manager.

To install the RD Web Access role service

1. Log on to RDWA-SRV as CONTOSO\Administrator.
2. Click Start, point to Administrative Tools, and then click Server Manager.
3. Under the Roles Summary heading, click Add Roles.
4. On the Before You Begin page, click Next.
5. On the Select Server Roles page, select the Remote Desktop Services check box, and
then click Next.
6. On the Remote Desktop Services page, click Next.
7. On the Select Role Services page, select the Remote Desktop Web Access check
box.
8. Review the information about adding Web Server (IIS) and the Remote Server
Administration Tools, click Add Required Role Services, and then click Next.
 9. On the Web Server (IIS) page, click Next.
10. On the Select Role Services page, click Next.
11. On the Confirm Installation Selections page, click Install.
12. After installation is complete, click Close.
Finally, you must add the thumbprint of the RD Web Access server certificate to the Default
Domain Group Policy setting. This is required so that the trusted publisher warning dialog box is
not shown to the user each time the RemoteApp program is started.

To add the certificate thumbprint to the Default Domain Group Policy setting
1. Log on to CONTOSO-DC as CONTOSO\Administrator.
2. Open GPMC. To open GPMC, click Start, point to Administrative Tools, and then click
Group Policy Management.
3. Expand Forest: contoso.com, expand Domains, and then expand contoso.com.
4. Right-click Default Domain Policy, and then click Edit.
5. Navigate to Computer Configuration\Policies\Administrative Templates\Windows
Components\Remote Desktop Services\Remote Desktop Connection Client.
6. Double-click Specify SHA1 thumbprints of certificates representing trusted .rdp
publishers.
7. Select the Enabled option.
8. In the Comma-separated list of SHA1 trusted certificate thumbprints box, type the
certificate thumbprint used to digitally sign the RDP file, and then click OK.
You have set up the CONTOSO domain. Now you can proceed to Step 2: Installing and
Configuring RemoteApp.

Step 2: Installing and Configuring

RemoteApp
In this step, you will configure RemoteApp and Desktop Connection so that users in the
CONTOSO domain can access it by using Remote Desktop Web Access (RD Web Access). Use
the following steps to configure RemoteApp and Desktop Connection:
 Add the RDCB-SRV computer account object to the TS Web Access Computers security
group on RDSH-SRV.
 Add a RemoteApp program by using RemoteApp Manager.
 Add the RDWA-SRV computer account object to the TS Web Access Computers security
group on RDCB-SRV.
 Assign a RemoteApp source on the RD Web Access server (RDWA-SRV).
 Add a RemoteApp source on the RDCB-SRV computer by using Remote Desktop
Connection Manager., you must add the RDCB-SRV computer account object to the TS Web
Access Computers security group on RDSH-SRV.

To add RDCB-SRV to the TS Web Access Computers group on RDSH-SRV

1. Log on to RDSH-SRV as CONTOSO\Administrator.
2. Click Start, point to Administrative Tools, and then click Computer Management.
3. Expand Local Users and Groups, and then click Groups.
4. Right-click TS Web Access Computers, and then click Add to Group.
5. Click Add.
6. In the Select Users, Computers, Service Accounts, or Groups dialog box, click
Object Types.
7. In the Object Types dialog box, select the Computers check box, and then click OK.
8. In the Enter the object names to select box, type rdcb-srv and then click OK.
9. Click OK to close the TS Web Access Computers dialog box.
Next, you must add a RemoteApp program to RDSH-SRV by using RemoteApp Manager.

To add a RemoteApp program by using RemoteApp Manager

1. Log on to RDSH-SRV as CONTOSO\Administrator.
2. Click Start, point to Administrative Tools, point to Remote Desktop Services, and then
click RemoteApp Manager.
3. In the Action pane, click Add RemoteApp Programs.
4. On the Welcome to the RemoteApp Wizard page, click Next.
5. On the Choose programs to add to the RemoteApp Program list page, select the
Calculator check box, and then click Next.
6. On the Review Settings page, click Finish.
Next, you must add the RDWA-SRV computer account object to the TS Web Access Computers
security group on the RDCB-SRV computer.

To add RDWA-SRV to the TS Web Access Computers group on RDCB-SRV

1. Log on to RDCB-SRV as CONTOSO\Administrator.
2. Click Start, point to Administrative Tools, and then click Computer Management.
3. Expand Local Users and Groups, and then click Groups.
4. Right-click TS Web Access Computers, and then click Add to Group.
5. Click Add.
6. In the Select Users, Computers, Service Accounts, or Groups dialog box, click
Object Types.
 7. In the Object Types dialog box, select the Computers check box, and then click OK.
8. In the Enter the object names to select box, type rdwa-srv and then click OK.
9. Click OK to close the TS Web Access Computers dialog box.
Next, assign a RemoteApp source on the RD Web Access server (RDWA-SRV).

To assign a RemoteApp source on RDWA-SRV

1. Log on to RDWA-SRV as CONTOSO\Administrator.
2. Click Start, point to Administrative Tools, point to Remote Desktop Services, and then
click Remote Desktop Web Access Configuration.
3. Click Continue to this website (not recommended).

Important
This guide uses a self-signed certificate for the RD Web Access server. Self-
signed certificates are not recommended in a production environment. You
should use a certificate that is trusted from a certification provider when
deploying RD Web Access in a production environment.
4. In the Domain\user name box, type CONTOSO\Administrator.
5. In the Password box, type the password that you specified for CONTOSO\Administrator,
and then click Sign in.
6. On the Configuration page, click An RD Connection Broker server.
7. In the Source name box, type rdcb-srv and then click OK.
Finally, you must add a RemoteApp source on the RDCB-SRV computer by using Remote
Desktop Connection Manager.

To add a RemoteApp source by using Remote Desktop Connection Manager

1. Log on to RDCB-SRV as CONTOSO\Administrator.
2. Click Start, point to Administrative Tools, point to Remote Desktop Services, and then
click Remote Desktop Connection Manager.
3. Click RemoteApp Sources, and then in the Actions pane, click Add RemoteApp
Source.
4. In the RemoteApp source name box, type rdsh-srv and then click Add.
You have installed and configured RemoteApp. Now you can proceed to Step 3: Verifying
RemoteApp Functionality.

Step 3: Verifying RemoteApp Functionality

To verify the functionality of a RemoteApp program deployment, log on as Morgan Skinner and
connect to the RemoteApp program by using Remote Desktop Web Access (RD Web Access).
 To connect to the RemoteApp program
1. Log on to CONTOSO-CLNT as Morgan Skinner (CONTOSO\mskinner).
2. Click Start, point to All Programs, and then click Internet Explorer.
3. In the Address bar, type https://rdwa-srv.contoso.com/RDWeb and then press ENTER.
4. Click Continue to this website (not recommended).

Important
This guide uses a self-signed certificate for the RD Web Access server. Self-
signed certificates are not recommended in a production environment. You
should use a certificate that is trusted from a certification provider when
deploying RD Web Access in a production environment.
5. In the Domain\user name box, type CONTOSO\mskinner.
6. In the Password box, type the password that you specified for Morgan Skinner, and then
click Sign in.

Note
In you receive a prompt asking you to install the Microsoft Remote Desktop
Services Web Access Control, click Run Add-on, and then click Run.
7. Click Calculator, and then click Connect.
8. When prompted, enter the credentials for Morgan Skinner, and then click OK.
You have successfully deployed and demonstrated the functionality of a RemoteApp program by
using the simple scenario of connecting to Calculator by using RD Web Access. You can also use
this deployment to explore some of the additional capabilities of personal virtual desktops through
additional configuration and testing.

Related topics
 Step 1: Setting Up the CONTOSO Domain
 Step 2: Installing and Configuring RemoteApp