Server Core Edition is very lightweight, needs less Windows Updates, less disk space, and should be used whenever possible. Basic features like AD DS, DNS, DHCP, or IIS are supported on Server Core. Administering is also very easy once it is a member of the domain because it can be added to Server Manager on a server with GUI. We are installing AD DS in this article.

You can relatively easily change system settings on Server Core with the sconfig cmd tool.

sconfig

First change the server's name (Option 2).

Afterwards set the IP address to a static one along with DNS servers (option 8).

Return to the main menu and perform the Domain Join (option 1).

We don't need to change the computer name. The server will be then rebooted.

From now on, the fastest and simplest approach of administering your Windows Server Core is through Server Manager on a Server with GUI.

Add Roles and Features and promote the server to a Domain Controller. These steps are very straightforward. Some screenshots might be missing. If you want the step by step instructions, check out this post https://www.ajni.it/2019/10/server-2019-installing-your-first-domain-controller-in-a-new-domain/.

You can double check in Active Directory Users and Computers and Active Directory Sites and Services.

NTDS settings might not be created right away. Don't panic, this might take some time. You shouldn't create the entries manually.

What do we need for a Citrix Virtual Apps and Desktops (XenApp and XenDesktop) deployment?

• Active Directory
• Citrix Delivery Controller
• Citrix Storefront
• One Citrix Virtual Delivery Agent (VDA)
• Citrix License Server
• A Database Server (SQL Server)

I will be consolidating Citrix Delivery Controller, Storefront, and License Server into one VM since this is a lab environment. In a production environment, you would use 2 VMs for Citrix Delivery Controller (for High Availability – HA), two for Citrix Storefront, and one for the License Server. The VDA count depends on user size.

Using the same two VMs for Delivery Controller and Storefront is also viable.

In my lab, all the servers are housing Windows Server 2019 Datacenter.

First, download the ISO on citrix.com. You will need an account and if you don’t have any partnership with Citrix, it is very difficult to get those files. There is a form you can fill and all you can do afterward is hope that they give you the files. Otherwise, there is no way of getting them publicly.

After mounting the ISO Autoselect.exe can be run.

Select Virtual Apps and Desktops. Virtuals Apps would just publish single programs as apps.

Start by installing Delivery Controller and other components.

Just in case you are wondering: Some obvious steps will not be shown.

We are installing all the features on the same server. Like I said, Delivery Controller and Director should be on one server, License Server on another, and Storefront on another. Storefront and Delivery Controller should have 2 VMs each for High Availability.

I am also using SQL Express on the same server. Normally you would use a dedicated instance on a separate database server.

The server will be restarted. You will need to mount the ISO again and select the target folder:

And after some time…

Our main tool is going to be Citrix Studio.

Make sure you a logged in with a domain user. Local users are not supported.

Configuring a new site.

These parameters will be automatically populated if SQL Express is being used. If using a separate database server a script can be generated to create the databases and tables.

My license server is hosted on the same server.

A connection to VMware or Hyper-V can be made. I am using Azure.

I will select “Other Tools” this time, I’ll make a post about Citrix MCS another time.

Enter your Azure Subscription ID and any name and then select “Create New”.

You will log in to Azure AD. This process creates a new Service Principal in Azure AD that allows Citrix to start, stop, create, and delete VMs in Azure.

In your Subscription under Access control (IAM) you will see a new App Principal as a Contributor.

App-V and AppDNA is not our focus right now.

Here is the summary of my settings.

To deliver a desktop we need at least one server to connect to.

Create a new VM, join it to the domain, and install the Virtual Delivery Agent (VDA).

Run autoselect.exe inside the ISO again.

We are not creating a Master Image for MCS. The Delivery Group will have a catalog of one machine.

Citrix Workspace App is not needed. You can de-select it.

I did not select any additional components.

Add the Delivery Controller.

Enable both features

Leave Firewall Rules to automatic.

Prerequisites will be installed.

Server will restart twice.

Create a Machine Catalog containing the Remote Desktop Session Host.

This is a server with multiple users connecting to it.

Select the VM and the computer account.

Give it a name.

Create a Delivery Group.

Select the Machine Catalog we just created

You should probably create a custom group to limit the users.

Add a new desktop and give it a name. I use “TreatAsApp” to show both Desktops and Apps in one tab.

Under Search, we can see if the server has successfully registered with the Delivery Controller.

Now the Desktop can be started through http://ctx01.company.lab/Citrix/StoreWeb/

Configure Storefront to use SSL

Open Internet Information Services (IIS)

Create a self-signed certificate (I do not have Active Directory Certificate Services on my lab environment). I might do a post about that in the future.

Run through the wizard (easy).

Make sure you select the personal certificate store.

Add a new Binding on port 443.

Select the certificate you just signed.

Now both 80 and 443 are active:

Change the Base URL to HTTPS

Now HTTPS is being shown:

Configure Passthrough authentication

The storefront URL should be added to the Trusted Sites for pass-through authentication to function properly. Make sure to change "User Authentication" to "Automatic logon with current username and password". The default setting is "Automatic logon only in Intranet Zone"

Also, configure pass-through authentication for Receiver for Web Sites.

Change loopback communication to OnUsingHttp:

Change “Enable loopback communication” to OnUsingHttp

Set this Site as default in IIS:

Configure Delivery Controller to use SSL

Storefront does not accept self-signed certificates, so an internal Certificate Authority is needed for SSL communication between Storefront and Delivery Controller.

That's it! It was a long but very interesting post.

I got tasked with installing a brand new Windows Server 2019 with the Remote Desktop Services (RDS) role. It was a pretty straightforward installation, but minor things might work differently compared to previous versions of Windows Server (I was migrating off Windows Server 2012 R2).

Start by adding the RDS role through Server Manager.

Select the RDS installation:

I went for the Quick Start because my deployment is fairly basic.

Session-based deployment enables multi-session support on the server.

The server should be automatically selected.

The three roles (RD Connection Broker, RD Web Access and RD Session Host) will be installed.

After the installation a license warning will be shown in the Notification Center.

Two things are needed in order for licensing to work properly: The license server and licensing mode.
In a production environment, usually there is a separate server hosting the RDS Licensing service.

Server Manager > Remote Desktop Services > Overview > Tasks > Edit Deployment properties

I had problems with the licensing mode not being applied properly. This registry key worked wonderfully though:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core
DWORD LicensingMode
4 = Per user
2 = Per Device

The license server can be also set through the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters\LicenseServers
REG_MULTI_SZ SpecifiedLicenseServers = license.ajni.lab

With RD Licensing Diagnoser you can check for potential errors (can be opened through Server Manager > Tools > Remote Desktop Services).

Now on to the last step: Create a custom device collection.

Server Manager > Remote Desktop Services > Collections > Tasks > Create Session Collection

This is also pretty straight forward stuff.

Make sure you select the server by moving it to the right with the arrow.

In a production environment a custom group should be used to control the number of permitted users.

User profile disks were not needed in my environment.

After the creation, there are some things that should be changed in the Collection properties (Server Manager > Remote Desktop Services > Collections > Collection Name):

These are my specific settings, you should change the parameters based on your experience or leave them at their default values.

Older clients might have problems with these security settings (like Network Level Authentication - NLA)

Do not forget to apply the changes.

Bonus:

If you have specific AD user attributes, like the home folder or program auto-start, they will not work because of changes made to RDS 2016/2019. You can read this article from Microsoft's website: https://support.microsoft.com/en-us/help/3200967/changes-to-remote-connection-manager-in-windows-server

Following registry entries will tell the Remote Desktop Session Host (RDSH) to query AD DS for RDP profile settings:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Name: fQueryUserConfigFromDC
Type: Reg_DWORD
Value: 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-tcp
Name: fQueryUserConfigFromDC
Type: Reg_DWORD

So last time we created a Master-VHDX on Hyper-V with Windows Server 2019 in order to save space. Today we are installing the first Domain Controller with a fresh domain. Very straight forward stuff.

Before installing Active Directory Directory Services, the computer should have a decent name.

• 

Give it a fixed IP address. Since this is going to be a lab, I am not going to plan the IP design. The Default Gateway does not exist yet. Also, the secondary DNS server will be installed later on a Server Core version.

From Server Manager Add Roles and Features, Select Role-based or feature-based installation

Select the Active Directory Directory Services Role

Everything else can be left on default.

Once the installation is completed, the server can be promoted to a Domain Controller.

Since there is no existing forest, the root domain name must be defined:

Define a new password for the Directory Services Restore Mode (DSRM). DSRM allows you to perform an authoritative restore of single or multiple AD objects through ntdsutil (from cmd).

This warning can be safely ignored.

The NetBIOS domain name can be used when logging into a domain computer, for example AJNI\Domainuser. The UserPrincipalName can be also used – domainuser@ajni.it.

The rest can be left to default.

The server will restart, after that the domain will be up and running!

The next blog post will be covering the installation of an additional Domain Controller (the second DNS server 10.10.10.11) with Windows Server 2019 Core Edition.

Stay tuned !

Hyper-V has a very interesting feature that allows to save a lot of space: By creating a golden VHDX Disk with the base operating system, you can then use so called “Differencing” disks, which reference the Master VHDX and only save the changes on their disk.

So, first things first: Just create a normal VM to prepare the golden image for later use.

Specify Generation 2

Give the Golden disk a self-explanatory name

Before starting the VM, disable automatic checkpoints (in VMware known as Snapshots) and give it more juice. Do not forget to apply changes:

Install the OS (standard procedure)

Once the OS installed and custom settings are made, the machine is ready to be Sysprep’ed.

Delete the VM once stopped, the disk will not be deleted. Then locate the VHDX and set it into Read-Only mode.

Now a new VM can be created in Hyper-V with a Differencing disk. Note: In the VM creation wizard specify “Attach a virtual disk later”:

Now in the VM settings under SCSI Controller add a new Hard Drive:

Select the last option for Differencing:

This will be the new disk name:

And finally, the base disk we created previously:

Before powering on the machine make sure the new disk is first in the boot order.

The VM is up and running!

Notice the size of the new VHDX. Only 1.4 GB!

In the VM settings you can once again inspect the disk and see the relationship with the golden disk.