Why is it installing XenApp on a Domain Controller not supported?

On Citrix XenApp documentation it mentions that XenApp install on a Domain Control (that is Windows Server running Active Directory Role), here is a brief explanation for folks curious to know why is it not supported.

 

Citrix XenApp integrates with Windows Remote Desktop Services (Terminals Services) for it’s application session delivery. When you install XenApp,  Remote Desktop Services Server (Remote Desktop Session Host) is installed by default.

 

However, installation of Remote Desktop Services Server (Remote Desktop Session Host) on Windows Domain Controller is not supported and you’ll see below Windows warning if you attempt to do so.

  image

 

As the warning says, because allowing users to run programs on a domain controller can increase security risks and degrades server performance.

 

If the RD Session Host role service is installed on a domain controller, the security settings of the domain controller will need to be adjusted to allow users to have remote access to the server. This remote access is controlled by the Allow logon through Remote Desktop Services user rights assignment, which can be configured by using the Group Policy Management Console (GPMC).

On a domain controller, by default, only the Administrators group is granted the Allow logon through Remote Desktop Services user right. To allow remote access to the RD Session Host server for users who are not members of the Administrators group, you should grant the Remote Desktop Users group the Allow logon through Remote Desktop Services user right.

 

Thus, Microsoft doesn’t recommend installing RDS server on domain controller in turn Citrix doesn’t support XenApp install on Domain Controller.

Leave a Reply

Your email address will not be published. Required fields are marked *