12

I have a Windows Server 2012 VM running on Windows Azure.

I want to enable the ability for 2 simultaneous administrative sessions over Remote Desktop. This is permitted under the EULA for Windows Server 2012. This is not the same thing as the fully-blown Terminal Services (Remote Desktop Services) feature.

In Windows Server 2000 and 2003, multiple concurrent sessions (up to a limit of 2, plus the root /console session) were enabled by default (such that logging-in via RDP without logging-out first would create a new session rather than reconnecting to the old session). In Server 2008 and later it uses single-sessions by default, as this simplifies administration (as most people want to connect to old sessions).

In Windows Server 2008 R2, you can add the MMC snap-ins for Remote Desktop Host Configuration which allows you to re-enable concurrent sessions.

However, in Server 2012, after adding the Remote Administration snap-ins from Server Manager it seems the Remote Desktop Host Configuration snap-in has been removed.

How can I re-enable the multiple concurrent sessions for Remote Desktop for Administration in Windows Server 2012?

Dai
  • 2,290
  • 8
  • 27
  • 43

3 Answers3

22

There is no more /console RDP switch since Windows Vista.

Yes, the Remote Desktop Services mmc snapins that you were used to in 2008 have been removed.

A Windows license grants you two "administrative" simultaneous remote desktop sessions before you need to install the Remote Desktop Services role with CALs. There is no "2 administrative connections +1 console (which would make 3 simultaneous interactive sessions)" though. It's just two. You can use the /admin switch with the Remote Desktop Client to avoid using up CALs when the RDS Session Host role is installed, but you can only have two admin connections at a time regardless.

From this Microsoft article which does a great job of explaining:

At any point in time, there can be two active remote administration sessions. To start a remote administration session, you must be a member of the Administrators group on the server to which you are connecting.

To RDP to a Windows Server 2012 VM hosted on Azure, you need to ensure that you have opened the endpoint in the Azure portal (think of it like a firewall ACL) in Azure, and also make sure RDP (port 3389-in) is allowed through the Windows Firewall as well. Then you need to make sure you're logging in with a user account who has 'Remote Desktop Users' privileges or better.

Next, disable the setting Restrict Remote Desktop Services users to a single Remote Desktop Services session by using the Group Policy Object Editor MMC-snapin to edit your Local Policy.

It's under Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.

Run gpupdate after you make changes to the policy to apply them immediately.

I have a Server 2012 VM hosted on Azure, and I just followed the above steps, and now I am logged in twice, interactively, as the same user.

Nathan Kidd
  • 255
  • 2
  • 5
Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • 1
    FWIW, MS changed the /console switch to be /admin instead. And it is still in RDC clients as of Windows 8. – MikeAWood Oct 30 '13 at 23:25
  • 1
    Wow, thanks! Once I worked out that Computer Configuration = gpedit.msc this was what I needed! (n00b here) – Ian Grainger May 23 '14 at 15:38
  • @Ryan, Note that for 2003-R2 though (as opposed to 2012 R2), we **can** have 3 simultaneous remote connections, see screenshot: http://i.stack.imgur.com/Jl583.png – Pacerier Feb 27 '15 at 11:18
  • how about **more than two** simultaneous connections? – serge May 02 '18 at 08:02
1

I might be mistaken, but if you enable remote desktop under system properties, select the users allowed to RDP in, that should be all you need to do... R-Click computer->Properties->Remote Settings->Remote Desktop->Allow remote connections to this computer.....

Or did I miss what you were asking about? FWIW, I have the Remote Admin tools feature on my 2012 servers and did the above and it works like you are asking.

MikeAWood
  • 2,566
  • 1
  • 13
  • 13
  • What you're describing merely enables Remote Desktop for the server, it doesn't let you configure how Terminal Services works. By default (as you'll discover in your case), you can only login to a single session (if you open up a second instance of `mstsc` and connect to the same computer you'll force-disconnect your existing session), but if you enable concurrent sessions then you'll have a second session working concurrently. That's what I'm wanting to re-enable. – Dai Oct 29 '13 at 01:50
  • Two different accounts can login remotely, but not using the same account as it works like you describe. We generally don't use RDP for Admin anymore since HyperV. I think what you are asking for is located in Group Policy under Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections. (https://support.powerdnn.com/KB/a1810/windows-server-2012-has-one-rdp-session-by-default.aspx) Am I getting warmer? – MikeAWood Oct 29 '13 at 01:58
  • Yes, I recently found out I can configure it via Group Policy, but it sucks that they removed the nice MMC GUI for it, because it also simplifies setting an SSL/TLS/X.509 certificate for Remote Desktop too. Grrr. – Dai Oct 29 '13 at 01:59
  • hehehe, might be their not so subtle way of trying to get you to use the remote admin tools from your local machine. Though there are plenty of cases where that simply won't work. Have you tried installing "Remote Desktop Services" under roles? It might give you the tools to change the setup like you are asking and allow you to continue to run in Admin mode? (Just a wild guess as I don't have a box to really test the theory.) – MikeAWood Oct 29 '13 at 02:05
0

Furthermore, if you do want to install Remote Desktop Management Services you cannot connect to a licensing server unless your server is a member of an active domain. You can no longer run RDS (TS) service and connect to a licensing server if your server is a standalone workgroup machine. You must run AD.

Harvey
  • 1