Motadata RDP Server Installation Guide
The RDP server communicates with the RDP Agent and ServiceOps to establish the RDP sesson. To do so, first install the RDP Server, configure the RDP Settings, and lastly install the RDP Agent from the RDP Agents or Discovery + RDP Agents tabs of the Agent Installation page.
Prerequisites
- ServiceOps Server should be up and running
- ServiceOps Server's IP Address is required
- Internet access is required before RDP server installation to verify Wildcard certificate
- Wildcard certificate is required
- If Database is configured on a different server, the ServiceOps Database port 5432 should be acccessible from the Meshcentral server
- For remote desktop functionality, local connection type 8443 port must be accessible
- For remote connection type, 443 port must be accessible
- If the ServiceOps server is not publicly accessible, host entry of the IP Address and Domain name must be done in the server and local machine.
This document is applicable for Ubuntu 22 and RedHat OS.
RDP Server Installation Setup
The RDP server can be installed in local machine and at remote location.
To install the RDP server in remote machine, follow the below steps. Here
- Download and run the Motadata RDP Server Installer on a Linux machine.
Assign executable permission and run the setup using the below command:
chmod 777 MotadataServiceOpsMeshCentralU22
Add host entry for domain name and IP Address in your system using the below command.
Command Syntax:
echo “IPADDRESS DOMAINNAME” >> /etc/hosts
Example:
echo “172.16.12.83 mydomain.example.com” >> /etc/hosts
- Ensure you have the Domain name.
Run the file using the below command:
./MotadataServiceOpsMeshCentralU22
noteUse root user to run the command.
- Enter the IP Address of the ServiceOps Server as shown below. The IP Address is required when the RDP Server and the ServiceOps Server are installed on different machines.
- The IP Address is not asked, if the RDP Server and ServiceOps Server are installed on the same machine.
- Avoid installing the Nginx server on the remote machine that hosts the RDP server.
- Enter the DB Password of the ServiceOp Server as shown below.
It is an encrypted password. To get the password follow the below steps:
Go to the path cd /opt/flotomate/main-server/lib.
Run the below command to get the password.
cat boot-hosted-exec.conf | grep DB_PASSWORD
The installer might take approx 5 minutes to install.
The RDP server is now successfully installed. You can verify the service status using the below command.
systemctl status meshcentral.service
- Once installed, configure the RDP settings from the Technician Portal, and then the RDP Server Agent.
If the RDP server is installed at a remote location, ensure the chown permission is applied to the meshcentral folder by going to the path cd /opt/, and using the following command:
Syntax: chown -R {user}:{usergroup} meshcentral
For example: chown -R flotomate:flotomate meshcentral
Ensure that the users in both the locations (local and remote) have the root access.
Additional Settings
Once the RDP Server is installed, you can perform the additional configurations like changing the domain name, port, and SSL Certificate of the RDP server.
Change Domain Name
To change the domain name,
Change the domain name in the following 3 files:
- nginx.conf
- hosts
- config.json
Nginx Config File
- Open the Terminal server and go to the path /etc/nginx/conf.d/.
- Check the list of files in it using the
ll
command.
Open and edit the nginx.conf file using the command:
vim mesh_nginx.conf
The below screen appears.
- Replace the server_name with the desired domain name. For example: rdp.example.com. By default the server domain name is rdp.motadataserviceops.com.
- Once done, save the file using the
:wq!
command.
To replicate the changes, restart the nginx service whenever any changes are made in the nginx.conf file.
Host File
To edit the host file,
Go to the path /etc/hosts.
Edit the file using the below command:
vim hosts
- Edit the domain host name and also add the server IP Address before it, as shown below.
- Once done, save the file using the
:wq!
command.
Config File
To edit the RDP config file,
- Navigate to the path /opt/meshcentral/meshcentral-data and view the files in it using the
ll
command as shown below.
Next, edit the config.json file using the below command.
vim config.json
- Change the Domain name in the config file as shown below.
- Next, in the same file change the Email address and Domain name in the "letsencrypt" section as shown below.
Once done, save the file using the
:wq!
command.Navigate to the path "/opt/meshcentral/meshcentral-data" and ensure that SSL key and SSL certificate are present in the following files on the RDP server:
SSL key
- agentserver-cert-private.key
- webserver-cert-private.key
SSL CRT
- agentserver-cert-public.crt
- webserver-cert-public.crt
The user should have administrator rights.
Apply chown permission to the user and user group using the below command:
chown -R fmtuser:fmtusergroup meshcentral-data
For example:
chown -R flotomate:flotomate meshcentral-data
Restart the Nginx and RDP server services using the below commands and wait for 30 seconds approx:
systemctl restart meshcentral.service
systemctl restart nginxNow, access the ServiceOps URL, and click on "Reload Certificate" in Admin > Asset Management > RDP Configurations.
Restart the RDP agent service (RDPWrapper.exe) to immediately reflect the changes made with the new signed agent in the asset. If not restarted manually, these changes will automatically be applied after the configured refresh cycle.
To ensure the self-signed certificate works correctly, the domain associated with the certificate should be resolvable from any PC where the RDP agent is installed.
The simplest way to achieve this is by adding the IP address and domain name to the hosts file located at the path "C:\Windows\System32\drivers\etc\hosts".
You can verify this by pinging the domain name (rdp.example.com.) associated with the certificate from the PC where the RDP agent is installed.
12.Once the certificate is changed, verify it by accessing both the ServiceOps URL and the RDP Server URL, and checking the certificate names displayed.
Change SSL Certificate
To change the SSL Certificate file for RDP,
- Navigate to the path /etc/nginx/conf.d/.
- Open the mesh_nginx.conf file.
- Edit the ssl_certificate as shown below.
Once done, save the file.
Restart the Nginx server service and wait for 30 seconds approx.
Change Port Number
ServiceOps uses the default 8443 and 4330 port numbers. In case, these are not free you can change the port to the desired one by following the below procedure.
- To change the port numbers, edit the following 3 files:
- nginx.conf
- fmt_nginx.conf
- config.json
- Before editing, kindly take the backup of config files.
- Ensure that the port is not used by any services or the ServiceOps Server.
RDP Nginx Config File
To edit the file,
- Navigate to the path /etc/nginx/conf.d/.
- Open the mesh_nginx.conf file. It contains the default port number 8443.
- Next, edit the file and change the port number from 8443 to 8089 as shown below. Here, port number 8089 is used as an example.
- Once done, save the file.
- Restart the Nginx Server service.
Fmt Nginx Config File
To edit the fmt_nginx.conf file,
- Navigate to the path /etc/nginx/conf.d/.
- Open the fmt_nginx.conf file. It contains the default port number 8443.
- Next, edit the file, and change the port number from 8443 to 8089 as shown below. Here, port number 8089 is used as an example.
- Once done, save the file.
- Restart the Nginx server service.
Ensure the same port numbers are updated in the fmt_nginx.conf and mesh_nginx.conf files.
Config.json
To edit the RDP config file,
- Navigate to the path /opt/meshcentral/meshcentral-data and view the files in it using the
ll
command as shown below.
Next, edit the config.json file using the below command.
vim config.json
- Change the aliasPort in the config file as shown below. Here, port number 8443 is replaced with 8089.
- Once done, save the file using the
:wq!
command.
Once the port number is changed in all the 3 files, allow it from Firewall using the below commands.
ufw status
ufw allow 8089Restart the Nginx and RDP server services using the below commands:
systemctl restart meshcentral
systemctl restart nginxSimilarly, using the above steps, you can change the port number 4430 in all the 3 files.
config.json
mesh_nginx.conf
fmt_nginx.conf