Configuring Kryon Terminal Server Robot

The Nintex Terminal Server Robot Tool supports a session scheduler feature. When enabled, the tool automatically maintains configured RDP sessions active. If a session is canceled – the tool brings it back.

Nintex RDP Installation

  1. Download and install .NET Core 3.1 Runtime (v3.1.16) - Windows x64 Installer

  2. Download and install ASP.NET Core 3.1 Runtime (v3.1.16) - Windows x64 Installer

  3. Confirm that the KryonRDP works properly by running:

    dotnet Kryon.RDPService.API.dll --console

    Open your internet browser and navigate to http://localhost:5000 - you should get the Swagger UI page.

    EXAMPLE

  4. In the same CMD window, run:

    sc create KryonRDP binPath="C:\Kryon\KryonRDP\Kryon.RDPService.API.exe" type=own start=auto displayName="Kryon RDP service"

  5. Open the Services console window and confirm that Nintex RDP service is installed.

  6. Run the service.

    See Managing the Tool.

Service Configuration

To get Nintex RDP SERVICE integrated with the Console credential vault for the Terminal Server

  1. Go to C:\Kryon\KryonRDP and open:

    1. appsettings.json file

      Add the DB connection string as shown below:

      Update the screen resolution if required

    2. scheduled_rdp_session.json file

      Update the fields:

      • MachineAddress: This is the host name or FQDN of the terminal server

      • CredentialId and TenantId: Query the database

        SELECT * FROM LeoCredentialsVault WHERE CredentialType = 4

        Credential type = 4 (it is for robot machine OS credential)

  2. Restart Nintex RDP Service

  3. Observe:

    1. Logs started populating under C:\Kryon\KryonRDP\Logs folder and it will look like below:

    2. Check under Task Manager > Users tab

      Robot1 & robot2 user sessions started

    3. Go to the Kryon Console > Robots Menu

    4. Make sure the below settings are ON:

    5. Enable the Nintex robot in STARTUP APP list and check below boxes to start the robots automatically

Terminal Robot Application Configuration

To change the Terminal Robot application configuration, you only need to edit the AppSettings.json file and restart the application, i.e., rerun the console or restart the windows service.

If a relevant windows service is running you need to stop it before changing the application configuration.

Web API Configuration

If needed, you can edit the parameters of the AppSettings.json file as following:

Container/Block

Parameter

Description and Usage

 

LogFilePath

Set the path where the text log files should be stored.

  • Set the relative path: ./logs (default)

  • You can also change it to an absolute path, i.e.,c:\\kryon_rdp

Read more here.

AppSettings

RdpScreenWidth

Screen width of the RDP session window

AppSettings

RdpScreenHeight

Screen height of the RDP session window

AppSettings

DefaultRdpPort

  • Default TCP/IP port to be used for an RDP connection.

  • This parameter is ignored if the port is provided on n the session start parameters.

AppSettings

DefaultRdpWindowTitlePrefix

Optional. If provided, will be used as an RDP window prefix.

AppSettings

StartupAppPath

  • Set a remote application program. The application should be added to allow remote apps list on the server. Alternatively, you can configure the server to allow all remote apps.

  • Keep empty if irrelevant

  • Default value: C:\\program files\\Kryon\\Kryon.exe

AppSettings

StartupAppCmdParams

  • Remote application command-line parameters

  • Relevant only if the StartAppPath parameter is set

  • Default value: empty

See Extended RDP tool configuration with ‘StartupAppCmdParams’ settings

AppSettings

MstscRdpFilesPath

  • A path to store Mstsc *.rdp files

  • Rdp files are used to store mstsc arguments

  • Relevantl only for mstsc RDP tool

AppSettings

APITitle

API title to be used on swagger UI

AppSettings

APIDescription

API description to be used on swagger UI

Kestrel.EndPoints

Http.Url

  • Listening http endpoint for the API web server

  • Default: http://localhost:5000

Kestrel.EndPoints

Https.Url

  • Listening https endpoint for the API web server

  • Default: http://localhost:5001

 Session Scheduler Settings:

AppSettings

RdpSessionSchedulerEnabled

RdpSessionSchedulerSettings

IntervalSec

  • Interval in seconds between session scheduler runs.

  • This parameter is Ignored if the SessionScheduler parameter is disabled.

  • Default: 60 (sec)

RdpSessionSchedulerSettings

StartDelaySec

  • Delay time in sec before the first scheduler run

  • This parameter is Ignored if the SessionScheduler parameter is disabled.

  • Default: 5 (sec)

RdpSessionSchedulerSettings

RdpSessionsFile

  • Path to Excel/JSON file with scheduled sessions settings. See the repository ‘Docs’ folder for file examples.

  • EXAMPLE: RdpSessionSchedulerSettings.RdpSessionsFile=”.\\scheduled_rdp_sessions.json

  • Default: ./scheduled_rdp_sessions.json

  • You can also change it to an absolute path, i.e., c:\\kryon_rdp\\scheduled_rdp_sessions.json

How to verify the session scheduler works

Session Scheduler Configuration

The Session Scheduler is an application support feature. When enabled, the application automatically maintains the configured RDP sessions active. If a session is canceled – the application brings it back.

You can configure Scheduled RDP Session in the dedicated JSON file. See JSON file example in NintexRDP service folder - scheduled_rdp_sessions.json.

The JSON file contains a collection of RDP sessions to be maintained active. Each session is represented by a JSON object with properties as described in the table below:

Property

Description

MachineAddress

Address of the machine to start RDP session on

  • Required

  • Type: string

  • Min length: 2;

  • Max length: 256

UserName

User name for an RDP session

  • Required

  • Type: string

  • Min length: 2

  • Max length: 256

  • Format: [{domain}\\]{user} or {user}[@{domain}]

UserPassword

User password for an RDP session

  • Required

  • Type: string.

  • Min length: 2

  • Max length: 256

RdpPort

TCP/IP port to be used for an RDP connection

  • Optional

  • Type: integer

  • Range: 1-65535

  • Default: 3389

  • configurable in appsettings.json

RdpProtocol

RDP protocol to use

  • Optional

  • Type: integer

  • Setting options:

    • FreeRdp (default)

    • Mstsc

ScreenWidth

Screen width to use for an RDP session window

  • Optional

  • Type: integer

  • Range: 1-5000

  • Default: 500

  • configurable in appsettings.json

ScreenHeight

Screen height to use for an RDP session window

  • Optional

  • Type: integer

  • Range: 1-5000

  • Default: 400

  • configurable in appsettings.json

WindowTitle

Title to use for an RDP session window

  • Optional

  • Type: string

  • Min length: 2

  • Max length: 256

WaitBeforeStartSessionInSeconds

The timespan in seconds to wait before the RDP session start

  • Optional

  • Type: integer

  • Range: 0-3600

  • Default: 0

  • configurable in appsettings.json

SessionStartupRegistryValues

The collection of Registry keys and values to modify for Current User hive (HKEY_CURRENT_USER).

  • Optional

  • Type: list

To enable Session Scheduler, make sure to set the relevant parameters in the AppSetting file, see Session Scheduler Settings.

 

Additional Technical Details

Logging

To configure log file location, change the following appsettings.json parameter:

  • Absolute path: LogFilePath: "C:\\Kryon\\KryonRDP\\logs"

  • Relative path: (relative to exe file location) LogFilePath: "./logs"

Log file entries format can be configured in NLog configuration files: nlog.Production.config.

In particular log entries format can be changed be editing ‘Layout’ variable in nlog.Production.config

The following is an example of the log file:

How to verify that the session-scheduler works

To verify that the session scheduler is working after setting it up, check the log file to verify there is an entry per each scheduler run:

EXAMPLE:

Extended RDP tool configuration with ‘StartupAppCmdParams’ settings

An example of RDP tool scheduled configuration:

Copy
"AppSettings": {
 "RdpScreenWidth": "1920",
 "RdpScreenHeight": "1080",
 "DefaultRdpPort": "3389",
 "DefaultRdpWindowTitlePrefix": "Kryon",
 "StartupAppPath": "C:\\Windows\\System32\\notepad.exe",
 "StartupAppCmdParams": "ttt.txt",
 "MstscRdpFilesPath": "", 
 "APITitle": "Kryon RDP Service API",
 "APIDescription": "Kryon RDP Service Web API interface", 
 "RdpSessionSchedulerEnabled": "true"
 }
Remote Apps

FreeRdp has the following for the remote application:

/app:||<alias> or <executable path>

Remote application program

/app-name:<app name>

Remote application name for user interface

/app-icon:<icon path>

Remote application icon for user interface

/app-cmd:<parameters>

Remote application command-line parameters

/app-file:<file name>

File to open with remote application

/app-guid:<app guid>

Remote application GUID

Also, the same list of settings can be found here:

xfreerdp man page - freerdp - General Commands | ManKier

FreeRdp docs mention remote application programs -  What is a Remote Application Program?

RemoteApps are part of the Windows Server 2008 R2 Remote Desktop Services role. Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier. RemoteApp (or TS RemoteApp) is a special mode of RDS, available in Windows Server 2008 R2 and later, where remote session configuration is integrated into the client operating system. Details here.

How to enable the remote apps on the server?

There are two options:

  1. Add particular applications to the allowed remote apps list: Applications are configured as RemoteApps using the RemoteApp Manager tool. Details on the server configuration to host RemoteApp programs here: TS RemoteApp Step-by-Step Guide

  2. Allow all remote apps: To allow unlisted remote programs to be accessible need to set the following registry key:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

    "fAllowUnlistedRemotePrograms"=dword:00000001

    Detailed information can be found in the links below:

    Error RAIL_EXEC_E_NOT_IN_ALLOWLIST When use /app · Issue #998 · FreeRDP/FreeRDP

    Can RDP clients launch remote applications and not desktops

Managing the Tool

Once windows service is installed and started you should see the status of ‘running’ in Windows Services Manager, as follows:

Windows Services Manager can be used to manage the service. Right click the service t o manage it:

You can access the API page from: http://localhost:5000.

Technical sections from existing/previous doc:

Install the tool

The following sets up the tool as a windows service:

Make sure you have custom or default system user account to create windows service. By default, a windows service will be created for next default user: ‘Local System’.

Installation parameters details:

  1. {NAME}

    Required. Service name. ‘KryonRdpService’ is used below automation scripts as service name.

  2. {EXE FILE PATH}

    Required. The app's executable path (for example, C:\installation folder\company.RDPService.API.exe). Include the executable file name with extension.

  3. {DOMAIN OR COMPUTER NAME\USER}

    Optional. Service user account (for example, MyComputerName\ServiceUser). By default windows service will be created for next default user: ‘Local System’.

  4. {DISPLAY NAME}

    Optional. Service display name (for example, Company RDP Management Service).

Using NSSM

This process is automated using ‘install-as-service.bat’ script.

In order to install the service using NSSM, run ‘install-as-service.bat’ as an administrator.

The installation package contains all the needed dependencies like nssm.exe, run-as-process.bat, etc. Once installed you’ll see the service in the Windows Services list.

The installer sets the service to start automatically.

To verify: check that http://localhost:5000 is accessible.

Using windows service control manager (sc.exe)
  1. Create a service

    Use sc.exe to create a service, passing the full path of the built executable.

    sc create {NAME} binPath= "{EXE FILE PATH}" type=own start=auto displayname="{DISPLAY_NAME}" obj={DOMAIN OR COMPUTER NAME\USER}

    Command example

    sc create “CompanyRdpService” binPath= "C:\Projects\Company\rdp-service\Company.RDPService.API\bin\Debug\netcoreapp2.2\win7-x64\publish\Company.RDPService.API.exe" type=own start=auto displayname=”CompanyRDP management Service”

  2. Start/Stop/Pause a service

    Use sc.exe to start the service (this needs to occur in a command prompt running as Administrator)

    sc start {NAME}

    sc stop {NAME}

    sc pause {NAME}

  3. Get status of the service

    sc query {NAME}

  4. Delete service

    sc delete {NAME}

Using powershell commands
  1. Create a service

    New-Service -Name {NAME} –BinaryPathName "{EXE FILE PATH}" –StartupType Automatic –Displayname "{DISPLAY_NAME}" –Credential {DOMAIN OR COMPUTER NAME\USER}

    Command example

    New-Service -Name “CompanyRdpService” –BinaryPathName "C:\Projects\Company\rdp-service\Company.RDPService.API\bin\Debug\netcoreapp2.2\win7-x64\publish\Company.RDPService.API.exe" –StartupType Automatic -Displayname=”Company RDP management Service

  2. Start/Stop a service

    Start-Service -Name {NAME}

    Stop-Service -Name {NAME}

  3. Get status of the service

    Get-Service -Name {NAME}

  4. Delete service

    Remove-Service –Name {NAME}

For more details, see here