How to run RDP sessions with NoMachine
RDP sessions are supported only on Linux by NoMachine Terminal Server and Enterprise Terminal Server.
RDP sessions, running in a NoMachine virtual desktop, are not enabled by default. To enable RDP virtual desktops, perform steps 1-4 below on the NoMachine server host.
Let's call:
host A, the NoMachine Linux host.
host B, the Windows Terminal Server host to be connected via RDP.
For multinode environments
In case of multi-node environments (NoMachine Enterprise Terminal Server + NoMachine Terminal Server Node), perform the same operations on each of the nodes where you want to run NoMachine RDP virtual desktops.
Step 1: Be sure you have an RDP client
Ensure that the RDP client is installed on host A.
NoMachine supports 'rdesktop' : http://www.rdesktop.org/
and starting from v. 6.9.2 it supports also the new format of the command line interface introduced by xfreerdp client v. 2.0.0.
Step 2: Instruct NoMachine to launch the RDP client
On host A edit the /usr/NX/etc/node.cfg configuration file.
Specify path and name of the command to launch the RDP client: ensure that the CommandStartRDP key is not commented and set a proper value. For example:
CommandStartRDP "rdesktop -f"
If rdekstop is not in the path, specify full path to this command. For example:
CommandStartRDP "/usr/bin/rdesktop -f"
Note for the "Show the Windows login screen" option
To display the native Windows logon screen, the Network Level Authentication (NLA) used by default on modern Windows systems, must be bypassed. NoMachine automatically handles this by passing the parameter to disable NLA when this option is chosen. This is available since NoMachine v.9.7.3.
To disable this behaviour and customize further how NoMachine handles the RDP connection, add the following key to the end of the /usr/NX/etc/node.cfg file:
UseDirectRDPCommand 1
This instructs NoMachine to use the exact command specified in the CommandStartRDP key, without dynamically appending extra security or optimization parameters (it will still use the host, username, and domain provided in the client).
Step 3: Add RDP to the list of available session types in the node configuration file
On host A edit the /usr/NX/etc/node.cfg configuration file.
Uncomment and edit the AvailableSessionTypes key. Add value: windows if it is not present yet.
For example:
AvailableSessionTypes physical-desktop,shadow,unix-xsession-default,unix-gnome,windows
what's important is that the 'windows' keyword is present or RDP virtual desktop sessions will be not available.
Step 4: Add RDP to the list of available session types in the server configuration file
On Linux server A edit the /usr/NX/etc/server.cfg configuration file.
Uncomment and edit the AvailableSessionTypes key. Add value: windows if it is not present yet.
For example:
AvailableSessionTypes physical-desktop,shadow,unix-xsession-default,unix-gnome,windows
what's important is that the 'windows' keyword is present or RDP virtual desktop sessions will be not available.
Step 5: Launch the NoMachine RDP virtual desktop
How to connect by the client
On the user's machine, launch NoMachine (client) and create a new connection.
In the 'Host' field specify hostname or IP address of host A.
Launch the connection, in the login form provide username and password of a user account enabled to log-in to host A.
Once connected to the NoMachine server on host A, click on 'Create a new desktop or custom session'.
Then choose 'Create a new RDP virtual desktop'.
In the 'RDP remote desktop panel' provide data to connect to the Windows server on host B.
In the 'Server' field specify hostname or IP of the Windows server and eventually specify its Domain.
In the 'Authentication' menu choose how to authenticate to the Windows server. You have these options:
a) Use the NoMachine user's credentials -> i.e. use the same credentials used to log-in to host A
b) Show the Windows login screen -> i.e. connect to the Windows logon screen
c) Ask for login credentials -> i.e. provide credentials for an account enabled to log-in to Windows server
If version of rdesktop supports single applications, it's also possible to define the 'Session type': the full remote Windows desktop ('Desktop') or a single application ('Application') specified in the 'Application name' field.
Tip:
by clicking on 'Save this setting in the connection file', all data will be re-used next time.
How to connect by the web
Open a browser and point it to:
where serverName is hostname or IP of host A.
In the login form provide username and password of a user account enabled to log-in to host A.
Once connected to the NoMachine server on host A, click on 'Create a new desktop or custom session'.
Then choose 'Create a new RDP virtual desktop'.
In the 'RDP remote desktop panel' provide data to connect to the Windows server.
In the 'Server' field specify hostname or IP of the Windows server and eventually specify its Domain.
In the 'Authentication' menu choose how to authenticate to the Windows server. You have these options:
a) Use the NoMachine user's credentials -> i.e. use the same credentials used to log-in to host A.
b) Show the Windows login screen -> i.e. connect to the Windows logon screen
c) Ask for login credentials -> i.e. provide credentials for an account enabled to log-in to Windows server
If version of rdesktop supports single applications, it's also possible to define the 'Session type': the full remote Windows desktop ('Desktop') or a single application ('Application') specified in the 'Application name' field.
It's also possible to pre-configure web sessions, see the 'How to preconfigure web sessions' in the Configuration section at https://www.nomachine.com/support/documents
Important note for "Show the Windows login screen" or custom security protocol options
This applies since NoMachine v9.7.3.
Adjusting these security protocols is strictly required if you want to use the "Show the Windows login screen" option, particularly on modern Windows versions.
By default, modern Windows systems enforce Network Level Authentication (NLA). NLA requires user credentials before establishing the graphical session, which completely prevents the native Windows logon screen from being displayed over RDP.
Depending on your setup and chosen security options, you might need to adjust the settings on the remote Windows server.
How to allow connections with NLA disabled (mandatory for the "Show Windows login screen" option):
1. Open 'Advanced system settings'.
2. Go to the 'Remote' tab.
3. Uncheck option: 'Allow connections only from computers running Remote Desktop with Network Level Authentication '.
How to allow legacy RDP connections (--sec rdp):
1. Uncheck the Network Level Authentication option (as described above).
2. Open the Registry Editor (regedit).
3. Navigate to: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp
How to allow users to log in with empty passwords:
1. Open 'Local Security Policy'.
2. Navigate to 'Local Policies' -> 'Security Options'.
3. Find the policy 'Accounts: Limit local account use of blank passwords to console logon only' and set it to 'Disabled'.