Configuring Remote Desktop IP Virtualization: Part 1

Configuring Remote Desktop IP Virtualization: Part 1

Rate This
  • Comments 14

Part I: Using RD Session Host Configuration MMC snap-in

What is Remote Desktop IP Virtualization?

In Windows Server 2008, Terminal Server has a single IP address, which is shared among all TS users. This makes the TS experience different from that of regular desktops and introduces some application compatibility problems. In Windows Server 2008 R2, Remote Desktop Session Host server, formerly known as Terminal Server, supports per-session and per-program Remote Desktop IP Virtualization for Winsock applications. This essentially means assigning individual IP addresses to user sessions to avoid application incompatibility issues by simulating a single user desktop.

What are the different modes of Remote Desktop IP Virtualization?

Per-Session mode: In per-session mode, Remote Desktop IP Virtualization assigns an IP address per user session.

Per-program mode: In per-program mode, Remote Desktop IP Virtualization facilitates shared-session IP, but only uses it for specified applications instead of the whole session. That is, a “per session” IP will still be used, but it will only be scoped for a specified set of applications. The remaining applications in the session will continue using the overall server IP.

Why do we need Remote Desktop IP Virtualization?

Compatibility problems with applications: Some legacy applications run in user mode and listen for requests on a specific port.  If there is only one IP address for the entire Remote Desktop Session Host (RD Session Host) server, the application will not work if multiple RDS users use it at the same time. In addition, Business Planning and Control System (BPCS) applications use the client’s IP address as a workstation ID, causing a variety of consistency problems. Enabling per-program Remote Desktop IP Virtualization will resolve this issue.

Support tracking and logging solutions for ISP regulatory requirements: Regulatory requirements call for the ISP to track user traffic originating from an IP address. Today, monitoring devices mostly look at DHCP logs and identify users based on the MAC address of their network adapters, which is a good approach for desktops but not for users logged onto RD Session Host servers. Enabling per-session Remote Desktop IP Virtualization will log per-session IP addresses to DHCP.

Compatibility problems with ISP metrics collection devices: ISPs need the ability to monitor network traffic per-user. A user is charged based on traffic generated on behalf of the user, and the measuring tools use the IP address. For RDS, enabling per-session Remote Desktop IP Virtualization and creating monitoring services can facilitate measurement of traffic generated by each user.

Compatibility problems with network filtering security devices and resource access control based on IP: For devices in the network that filter URLs and audit by IP address, the corporation or ISP may want to allow or disallow access to certain resources based on IP addresses. Enabling per-session IP virtualization and creating some rules on the RD Session Host Server that will control access to resources for different users helps address this.

Prerequisites for configuring a server in RD IP Virtualization mode:
  1. Ensure that there are no active sessions on the RD Session Host server before enabling this feature.
  2. Ensure that the DHCP server is set on the same subnet as the RD Session Host server and that the DHCP scope contains enough IP addresses for the load.
How to configure Remote Desktop IP Virtualization using RD Session Host Configuration MMC snap-in?

In Windows 2008 R2 server, after successfully installing the RD Session Host server role, open the RD Session Host Configuration MMC snap-in. On the RD Session Host Configuration console, in the “Edit Settings” table, you can see a new entry: “RD IP Virtualization

image

  1. Double-click the “IP Virtualization” link to access the “RD IP Virtualization” Property sheet. Because RD IP Virtualization is disabled by default, all the other fields and buttons will be grayed out except the “Enable IP virtualization” check box.
  2. To enable Remote Desktop IP Virtualization, select the “Enable IP virtualization” check box. The “Select the network adapter to be used for IP Virtualization” dropdown lists all the enabled network adapters that can be used for RD IP Virtualization. Select the appropriate network adapter to be used for RD IP Virtualization.
    Note:
    · Only single network adapter scenarios are currently supported. If the server has multiple enabled network adapters, only the adapter specified in the settings will be used for IP Virtualization.
  3. Click “Apply” to confirm the selection.

Configuring IP Virtualization for Per-Program Mode

  1. The “Per program” IP virtualization mode (radio button) is selected by default. If you want to configure the server in per-program mode, retain the “Per program” selection. Click “Apply” to confirm the network adapter selection and to set the server to “Per program” IP virtualization mode.
    Note:
    · This mode is of no practical significance if no programs are selected that use virtual IP addresses.
  2. To add programs that should get a virtual IP address, click “Add Program.” This opens a browser view to select applications installed on the server. Browse to the path where the application exists, select it, and then click “Open.” The selected applications appear in a list view in the “Assign virtual IP addresses to these programs” list box. Click “Apply” to confirm the selection.

     

Note:

· To remove a program from the list, select the entry in the list box, and then click “Remove Program.” Click “Apply.”

3. The final step is to reboot the RDSH server so that new user sessions logging on will get virtual IP addresses for their virtualized applications.

Configuring IP Virtualization for Per-Session Mode

1. Select the “Per session” radio button. This automatically grays out the list box view under “Assign virtual IP Addresses to these programs” and the “Add Program” and “Remove Program” buttons which are applicable only to the per-program” mode. Click “Apply.”
image

2. Reboot the RDSH server so that new user sessions logging on will get virtual IP addresses for their virtualized applications.

To disable RD IP Virtualization, clear the “Enable IP virtualization” check box, and then click “Apply.”

Related Posts:

In addition to RD Session Host Configuration MMC snap-in, Remote Desktop IP Virtualization can also be configured by using GPO, RDS Provider for Windows PowerShell and also through WMI.

Part II of this blog post series has information on configuring RD IP Virtualization automatically on managed computers by using Group Policy objects.

Part III (coming soon) of this blog post series has information on configuring RD IP virtualization through RDS Provider for Windows PowerShell.

Leave a Comment
  • Please add 3 and 1 and type the answer here:
  • Post
  • I like the content. Before I go down this route I would like to know does the RDTR2008 Server solve the vulnerability to Man in the Middle attacks inherent in R2003

  • Yes WS08 Server does address MITM - see blog post here for more info: http://blogs.msdn.com/rds/archive/2008/07/21/configuring-terminal-servers-for-server-authentication-to-prevent-man-in-the-middle-attacks.aspx

  • We are trying to monitor internet usage/traffic from our RDS users.  Should I set IP virtualiztion "Per program" and specify ieexplorer.exe or do something different?

  • I am facing problem while accessing multiple user sessions of IE if I enable IP virtualization on "Per Session" basis.

    IE opens without any problem without IP virtualization configured on two different remote sessions. Is there any solution for this?

  • The above mentioned problem is that when I have done IP Virtualization and launched IE in two different instances then Internet worked in only one instance and not in another instance but when I removed IP Virtualization then it worked fine in both the instances.

    Is there any solution for this issue.

  • Does this feature even work? My testing is fantastically inconsistent.

  • I have the same issue as Rahul.

    Since I have activated IP virtualization I can't use HTTP traffic with my web browser, but I can use HTTPS.

    does anyone has found a solution?

  • Please answer the above question anyone from microsoft. It has been a over a year.

  • Bump. Same here exactly as Rajesh, Rahul, and beck7 have stated

  • Is there a Group Policy method of applying this? I'e i want a policy to apply to all servers not going onto each one and run up the RDSH mmc to configure?

  • Thanks Team , but I desperately need help on how to do it with  Windows 2012, tried:

    GUI Method: it does not exist

    PShell: does not work

    GPO: partially work but unstable when I have to two servers, one wokr on the second one not, secondly if you do an IPconfig in the case it works you see the TWO ipaddreses ( the server and the assigned), so this does not help at all

    Thanks much !

  • Same problem as beck7.

    I found out that Antivirus program caused the problem.

    If i disable Trend Micro Security Agent (WFBS 7.0) then http and https browsing works fine.

    If i enable Trend Micro Security Agent again, then only https traffic works but no http.

  • Thanks a lot to mausserwoeger!

    The same solution is Ok for me :-)))

  • What about MAC Addresses?  My software looks at MAC Addresses to track users on-line time, etc.  Does virtual IP addressing also give a unique MAC address?  Or is that still one-for-all?

Page 1 of 1 (14 items)