-->

• Web Based Remote Desktop Client
• Windows Remote Desktop Web Client
• Remote Desktop Web Client Microsoft Teams

Applies to: Windows 10, Windows 10 IoT Enterprise, and Windows 7

You can use the Remote Desktop client for Windows Desktop to access Windows apps and desktops remotely from a different Windows device.

1. Microsoft Remote Desktop. This client isn’t officially supported on your browser or device. You can use it, but the client might not work the way it’s designed to.×.
2. Hi, Article “Set up the Remote Desktop web client for your users” mentioned below about certificate for webclient: 1. The RD Web Access role is configured with a publicly trusted certificate. Your URL uses the FQDN of the server hosting the RD Web role.
3. Despite Microsoft has been porting its RDP client to different platforms (iOS, macOS, Android, there is also a separate UWP remote desktop app for Windows 10) in the recent years, many users would like to have the remote access to RDS servers and published RemoteApps from a browser.
4. SUBSCRIBE to the channel to follow future Videos 👆CONNECT in LinkedIn 🚀 https://www.linkedin.co.

Note

• This documentation is not for the Remote Desktop Connection (MSTSC) client that ships with Windows. It's for the new Remote Desktop (MSRDC) client.
• This client currently only supports accessing remote apps and desktops from Windows Virtual Desktop.
• Curious about the new releases for the Windows Desktop client? Check out What's new in the Windows Desktop client

How to update the Remote Desktop web client. When a new version of the Remote Desktop web client is available, follow these steps to update the deployment with the new client: Open an elevated PowerShell prompt on the RD Web Access server and run the following cmdlet to download the latest available version of the web client.

Install the client

Choose the client that matches the version of Windows. The new Remote Desktop client (MSRDC) supports Windows 10, Windows 10 IoT Enterprise, and Windows 7 client devices.

You can install the client for the current user, which doesn't require admin rights, or your admin can install and configure the client so that all users on the device can access it.

Once you've installed the client, you can launch it from the Start menu by searching for Remote Desktop.

Update the client

You'll be notified whenever a new version of the client is available as long as your admin hasn't disabled notifications. The notification will appear in either the Connection Center or the Windows Action Center. To update your client, just select the notification.

You can also manually search for new updates for the client:

1. From the Connection Center, tap the overflow menu (...) on the command bar at the top of the client.
2. Select About from the drop-down menu.
3. The client automatically searches for updates.
4. If there's an update available, tap Install update to update the client.

Workspaces

Get the list of managed resources you can access, such as apps and desktops, by subscribing to the Workspace your admin provided you. When you subscribe, the resources become available on your local PC. The Windows Desktop client currently supports resources published from Windows Virtual Desktop.

Subscribe to a Workspace

There are two ways you can subscribe to a Workspace. The client can try to discover the resources available to you from your work or school account or you can directly specify the URL where your resources are for cases where the client is unable to find them. Once you've subscribed to a Workspace, you can launch resources with one of the following methods:

• Go to the Connection Center and double-click a resource to launch it.
• You can also go to the Start menu and look for a folder with the Workspace name or enter the resource name in the search bar.

Subscribe with a user account

1. From the main page of the client, tap Subscribe.
2. Sign in with your user account when prompted.
3. The resources will appear in the Connection Center grouped by Workspace.

Subscribe with URL

1. From the main page of the client, tap Subscribe with URL.
2. Enter the Workspace URL or your email address:
   • If you use the Workspace URL, use the one your admin gave you. If accessing resources from Windows Virtual Desktop, you can use one of the following URLs:
     • Windows Virtual Desktop (classic): https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspx
     • Windows Virtual Desktop: https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery
   • To use email, enter your email address. This tells the client to search for a URL associated with your email address if your admin has setup email discovery.
3. Tap Next.
4. Sign in with your user account when prompted.
5. The resources will appear in the Connection Center grouped by Workspace.

Workspace details

After subscribing, you can view additional information about a Workspace on the Details panel:

• The name of the Workspace
• The URL and username used to subscribe
• The number of apps and desktops
• The date/time of the last refresh
• The status of the last refresh

Accessing the Details panel:

1. From the Connection Center, tap the overflow menu (...) next to the Workspace.
2. Select Details from the drop-down menu.
3. The Details panel appears on the right side of the client.

After you've subscribed, the Workspace will refresh automatically on a regular basis. Resources may be added, changed, or removed based on changes made by your admin.

You can also manually look for updates to the resources when needed by selecting Refresh from the Details panel.

Refreshing a Workspace

You can manually refresh a Workspace by selecting Refresh from the overflow menu (...) next to the Workspace.

Unsubscribe from a Workspace

This section will teach you how to unsubscribe from a Workspace. You can unsubscribe to either subscribe again with a different account or remove your resources from the system.

1. From the Connection Center, tap the overflow menu (...) next to the Workspace.
2. Select Unsubscribe from the drop-down menu.
3. Review the dialog box and select Continue.

Managed desktops

Workspaces can contain multiple managed resources, including desktops. When accessing a managed desktop, you have access to all the apps installed by your admin.

Desktop settings

You can configure some of the settings for desktop resources to ensure the experience meets your needs. To access the list of available settings right-click on the desktop resource and select Settings.

The client will use the settings configured by your admin unless you turn off the Use default settings option. Doing so allows you to configure the following options:

• Display configuration selects which displays to use for the desktop session and impacts which additional settings are available.
  • All displays ensures the session always uses all your local displays even when some of them are added or removed later.
  • Single display ensures the session always uses a single display and allows you to configure its properties.
  • Select displays allows you to choose which displays to use for the session and provides an option to dynamically change the list of displays during the session.
• Select the displays to use for the session specifies which local displays to use for the session. All selected displays must be adjacent to each other. This setting is only available in Select display mode.
• Maximize to current displays determines which displays the sessions will use when going full screen. When enabled, the session goes full screen on the displays touched by the session window. This allows you to change displays during the session. When disabled, the session goes full screen on the same displays it was on the last time it was full screen. This setting is only available in Select display mode and is disabled otherwise.
• Single display when windowed determines which displays are available in the session when exiting full screen. When enabled, the session switches to a single display in windowed mode. When disabled, the session retains the same displays in windowed mode as in full screen. This setting is only available in All displays and Select display modes and is disabled otherwise.
• Start in full screen determines whether the session will launch in full-screen or windowed mode. This setting is only available in Single display mode and is enabled otherwise.
• Fit session to window determines how the session is displayed when the resolution of the remote desktop differs from the size of the local window. When enabled, the session content will be resized to fit inside the window while preserving the aspect ratio of the session. When disabled, scrollbars or black areas will be shown when the resolution and window size don't match. This setting is available in all modes.
• Update the resolution on resize makes the remote desktop resolution automatically update when you resize the session in windowed mode. When disabled, the session always remains at whichever resolution you specify in Resolution. This setting is only available in Single display mode and is enabled otherwise.
• Resolution lets you specify the resolution of the remote desktop. The session will retain this resolution for its entire duration. This setting is only available in Single display mode and when Update the resolution on resize is disabled.
• Change the size of the text and apps specifies the size of the content of the session. This setting only applies when connecting to Windows 8.1 and later or Windows Server 2012 R2 and later. This setting is only available in Single display mode and when Update the resolution on resize is disabled.

Give us feedback

Have a feature suggestion or want to report a problem? Tell us with the Feedback Hub.

You can also give us feedback by selecting the button that looks like a smiley face emoticon in the client app, as shown in the following image:

Note

To best help you, we need you to give us as detailed information about the issue as possible. For example, you can include screenshots or a recording of the actions you took leading up to the issue. For more tips about how to provide helpful feedback, see Feedback.

Access client logs

You might need the client logs when investigating a problem.

To retrieve the client logs:

1. Ensure no sessions are active and the client process isn't running in the background by right-clicking on the Remote Desktop icon in the system tray and selecting Disconnect all sessions.
2. Open File Explorer.
3. Navigate to the %temp%DiagOutputDirRdClientAutoTrace folder.

The Remote Desktop web client lets users access your organization's Remote Desktop infrastructure through a compatible web browser. They'll be able to interact with remote apps or desktops like they would with a local PC no matter where they are. Once you set up your Remote Desktop web client, all your users need to get started is the URL where they can access the client, their credentials, and a supported web browser.

Important

The web client does support using Azure AD Application Proxy but does not support Web Application Proxy at all. See Using RDS with application proxy services for details.

What you'll need to set up the web client

Before getting started, keep the following things in mind:

• Make sure your Remote Desktop deployment has an RD Gateway, an RD Connection Broker, and RD Web Access running on Windows Server 2016 or 2019.
• Make sure your deployment is configured for per-user client access licenses (CALs) instead of per-device, otherwise all licenses will be consumed.
• Install the Windows 10 KB4025334 update on the RD Gateway. Later cumulative updates may already contains this KB.
• Make sure public trusted certificates are configured for the RD Gateway and RD Web Access roles.
• Make sure that any computers your users will connect to are running one of the following OS versions:
  • Windows 10
  • Windows Server 2008R2 or later

Your users will see better performance connecting to Windows Server 2016 (or later) and Windows 10 (version 1611 or later).

Important

If you used the web client during the preview period and installed a version prior to 1.0.0, you must first uninstall the old client before moving to the new version. If you receive an error that says 'The web client was installed using an older version of RDWebClientManagement and must first be removed before deploying the new version,' follow these steps:

1. Open an elevated PowerShell prompt.
2. Run Uninstall-Module RDWebClientManagement to uninstall the new module.
3. Close and reopen the elevated PowerShell prompt.
4. Run Install-Module RDWebClientManagement -RequiredVersion <old version> to install the old module.
5. Run Uninstall-RDWebClient to uninstall the old web client.
6. Run Uninstall-Module RDWebClientManagement to uninstall the old module.
7. Close and reopen the elevated PowerShell prompt.
8. Proceed with the normal installation steps as follows.

How to publish the Remote Desktop web client

To install the web client for the first time, follow these steps:

1. On the RD Connection Broker server, obtain the certificate used for Remote Desktop connections and export it as a .cer file. Copy the .cer file from the RD Connection Broker to the server running the RD Web role.

2. On the RD Web Access server, open an elevated PowerShell prompt.

3. On Windows Server 2016, update the PowerShellGet module since the inbox version doesn't support installing the web client management module. To update PowerShellGet, run the following cmdlet:

   Important

   You'll need to restart PowerShell before the update can take effect, otherwise the module may not work.

4. Install the Remote Desktop web client management PowerShell module from the PowerShell gallery with this cmdlet:

5. After that, run the following cmdlet to download the latest version of the Remote Desktop web client:

6. Next, run this cmdlet with the bracketed value replaced with the path of the .cer file that you copied from the RD Broker:

7. Finally, run this cmdlet to publish the Remote Desktop web client:

   Make sure you can access the web client at the web client URL with your server name, formatted as https://server_FQDN/RDWeb/webclient/index.html. It's important to use the server name that matches the RD Web Access public certificate in the URL (typically the server FQDN).

   Note

   When running the Publish-RDWebClientPackage cmdlet, you may see a warning that says per-device CALs are not supported, even if your deployment is configured for per-user CALs. If your deployment uses per-user CALs, you can ignore this warning. We display it to make sure you're aware of the configuration limitation.

8. When you're ready for users to access the web client, just send them the web client URL you created.

Note

To see a list of all supported cmdlets for the RDWebClientManagement module, run the following cmdlet in PowerShell:

How to update the Remote Desktop web client

When a new version of the Remote Desktop web client is available, follow these steps to update the deployment with the new client:

1. Open an elevated PowerShell prompt on the RD Web Access server and run the following cmdlet to download the latest available version of the web client:

2. Optionally, you can publish the client for testing before official release by running this cmdlet:

   The client should appear on the test URL that corresponds to your web client URL (for example, https://server_FQDN/RDWeb/webclient-test/index.html).

3. Publish the client for users by running the following cmdlet:

   This will replace the client for all users when they relaunch the web page.

How to uninstall the Remote Desktop web client

To remove all traces of the web client, follow these steps:

1. On the RD Web Access server, open an elevated PowerShell prompt.

2. Unpublish the Test and Production clients, uninstall all local packages and remove the web client settings:

3. Uninstall the Remote Desktop web client management PowerShell module:

How to install the Remote Desktop web client without an internet connection

Follow these steps to deploy the web client to an RD Web Access server that doesn't have an internet connection.

Note

Installing without an internet connection is available in version 1.0.1 and above of the RDWebClientManagement PowerShell module.

Web Based Remote Desktop Client

Note

You still need an admin PC with internet access to download the necessary files before transferring them to the offline server.

Note

The end-user PC needs an internet connection for now. This will be addressed in a future release of the client to provide a complete offline scenario.

From a device with internet access

1. Open a PowerShell prompt.

2. Import the Remote Desktop web client management PowerShell module from the PowerShell gallery:

3. Download the latest version of the Remote Desktop web client for installation on a different device:

4. Download the latest version of the RDWebClientManagement PowerShell module:

5. Copy the content of 'C:WebClient' to the RD Web Access server.

From the RD Web Access server

Follow the instructions under How to publish the Remote Desktop web client, replacing steps 4 and 5 with the following.

4. You have two options to retrieve the latest web client management PowerShell module:

   • Import the Remote Desktop web client management PowerShell module:
   • Copy the downloaded RDWebClientManagement folder to one of the local PowerShell module folders listed under $env:psmodulePath, or add the path to the folder with the downloaded files to the $env:psmodulePath.

5. Deploy the latest version of the Remote Desktop web client from the local folder (replace with the appropriate zip file):

Connecting to RD Broker without RD Gateway in Windows Server 2019

This section describes how to enable a web client connection to an RD Broker without an RD Gateway in Windows Server 2019.

Setting up the RD Broker server

Follow these steps if there is no certificate bound to the RD Broker server

1. Open Server Manager > Remote Desktop Services.

2. In Deployment Overview section, select the Tasks dropdown menu.

3. Select Edit Deployment Properties, a new window titled Deployment Properties will open.

4. In the Deployment Properties window, select Certificates in the left menu.

5. In the list of Certificate Levels, select RD Connection Broker - Enable Single Sign On. You have two options: (1) create a new certificate or (2) an existing certificate.

Follow these steps if there is a certificate previously bound to the RD Broker server

1. Open the certificate bound to the Broker and copy the Thumbprint value.

2. To bind this certificate to the secure port 3392, open an elevated PowerShell window and run the following command, replacing '< thumbprint >' with the value copied from the previous step:

   Note

   To check if the certificate has been bound correctly, run the following command:

   In the list of SSL Certificate bindings, ensure that the correct certificate is bound to port 3392.

3. Open the Windows Registry (regedit), go to HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp and locate the key WebSocketURI. Next, set the value to https://+:3392/rdp/.

Setting up the RD Session Host

Follow these steps if the RD Session Host server is different from the RD Broker server:

1. Create a certificate for the RD Session Host machine, open it and copy the Thumbprint value.

2. To bind this certificate to the secure port 3392, open an elevated PowerShell window and run the following command, replacing '< thumbprint >' with the value copied from the previous step:

   Note

   To check if the certificate has been bound correctly, run the following command:

   In the list of SSL Certificate bindings, ensure that the correct certificate is bound to port 3392.

3. Open the Windows Registry (regedit) and navigate to HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp and locate the key WebSocketURI. The value must be set to https://+:3392/rdp/.

General Observations

• Ensure that both the RD Session Host and RD Broker server are running Windows Server 2019.

• Ensure that public trusted certificates are configured for both the RD Session Host and RD Broker server.

  Note

  If both the RD Session Host and the RD Broker server share the same machine, set the RD Broker server certificate only. If the RD Session Host and RD Broker server use different machines, both must be configured with unique certificates.

• The Subject Alternative Name (SAN) for each certificate must be set to the machine's Fully Qualified Domain Name (FQDN). The Common Name (CN) must match the SAN for each certificate.

How to pre-configure settings for Remote Desktop web client users

This section will tell you how to use PowerShell to configure settings for your Remote Desktop web client deployment. These PowerShell cmdlets control a user's ability to change settings based on your organization's security concerns or intended workflow. The following settings are all located in the Settings side panel of the web client.

Suppress telemetry

By default, users may choose to enable or disable collection of telemetry data that is sent to Microsoft. For information about the telemetry data Microsoft collects, please refer to our Privacy Statement via the link in the About side panel.

As an administrator, you can choose to suppress telemetry collection for your deployment using the following PowerShell cmdlet:

By default, the user may select to enable or disable telemetry. A boolean value $false will match the default client behavior. A boolean value $true disables telemetry and restricts the user from enabling telemetry.

Remote resource launch method

Note

This setting currently only works with the RDS web client, not the Windows Virtual Desktop web client.

By default, users may choose to launch remote resources (1) in the browser or (2) by downloading an .rdp file to handle with another client installed on their machine. As an administrator, you can choose to restrict the remote resource launch method for your deployment with the following PowerShell command:

Windows Remote Desktop Web Client

By default, the user may select either launch method. A boolean value $true will force the user to launch resources in the browser. A boolean value $false will force the user to launch resources by downloading an .rdp file to handle with a locally installed RDP client.

Reset RDWebClientDeploymentSetting configurations to default

To reset a deployment-level web client setting to the default configuration, run the following PowerShell cmdlet and use the -name parameter to specify the setting you want to reset:

Troubleshooting

If a user reports any of the following issues when opening the web client for the first time, the following sections will tell you what to do to fix them.

What to do if the user's browser shows a security warning when they try to access the web client

The RD Web Access role might not be using a trusted certificate. Make sure the RD Web Access role is configured with a publicly trusted certificate.

If that doesn't work, your server name in the web client URL might not match the name provided by the RD Web certificate. Make sure your URL uses the FQDN of the server hosting the RD Web role.

What to do if the user can't connect to a resource with the web client even though they can see the items under All Resources

If the user reports that they can't connect with the web client even though they can see the resources listed, check the following things:

• Is the RD Gateway role properly configured to use a trusted public certificate?
• Does the RD Gateway server have the required updates installed? Make sure that your server has the KB4025334 update installed.

If the user gets an 'unexpected server authentication certificate was received' error message when they try to connect, then the message will show the certificate's thumbprint. Search the RD Broker server's certificate manager using that thumbprint to find the right certificate. Verify that the certificate is configured to be used for the RD Broker role in the Remote Desktop deployment properties page. After making sure the certificate hasn't expired, copy the certificate in .cer file format to the RD Web Access server and run the following command on the RD Web Access server with the bracketed value replaced by the certificate's file path:

Diagnose issues with the console log

If you can't solve the issue based on the troubleshooting instructions in this article, you can try to diagnose the source of the problem yourself by watching the console log in the browser. The web client provides a method for recording the browser console log activity while using the web client to help diagnose issues.

Remote Desktop Web Client Microsoft Teams

• Select the ellipsis in the upper-right corner and navigate to the About page in the dropdown menu.
• Under Capture support information select the Start recording button.
• Perform the operation(s) in the web client that produced the issue you are trying to diagnose.
• Navigate to the About page and select Stop recording.
• Your browser will automatically download a .txt file titled RD Console Logs.txt. This file will contain the full console log activity generated while reproducing the target issue.

The console may also be accessed directly through your browser. The console is generally located under the developer tools. For example, you can access the log in Microsoft Edge by pressing the F12 key, or by selecting the ellipsis, then navigating to More tools > Developer Tools.

Get help with the web client

If you've encountered an issue that can't be solved by the information in this article, you can report it on Tech Community. You can also request or vote for new features at our suggestion box.