Why the Need to Use a Proxy Server ?
Small to medium companies often allow all outbound traffic. However, an increasing number of medium to large companies are filtering outbound traffic, including RDP traffic, and often have the need for such a connection to go through a proxy server. In such situations clients can no longer Remote Desktop directly across to the Terminal Servers using the Microsoft Remote Desktop Client or other variations.
In such organisations, a type of proxy server needs to be installed. Most web browsers and some applications have settings for a proxy server to be entered so that users can access the Internet services provided by the web browsers and applications.
The standard Microsoft Remote Desktop Client software does not have this option.
The infrastructure must contain the following servers:
1. A Server with the Remote Desktop Services Role installed and the Remote Desktop Session Host and Remote Desktop Web Access Role Services installed. This is the actual Remote Desktop Server which clients will run remote desktop to and run the published apps from.
2. A Server with the Remote Desktop Services Role installed and the Remote Desktop Gateway and Remote Desktop Web Access Role Services installed. This will be the landing page where the users will connect to via Internet Explorer. It will connect to the server's Remote Desktop Web Access portal, and once logged in, users will see the published apps they have permissions to. One of the applications that can be enabled for users to use is the Remote Desk Client Active X version.
3. A Server with the Remote Desktop Services Role installed and the Remote Desktop Connection Broker Role Services installed. This is used to configure the Source.
Configurations Required on the Remote Desktop Session Host and Web Access Server
1. Install the necessary application on the server i.e. the application you want to publish.
2. Run Remote App Manager to publish the application.
3. Make sure the RD Gateway Settings are configured. This is the key to making it possible to Remote Desktop through a proxy server.
4. Repeat above steps on all RD Session Host servers.
RemoteApp Manager Deployment Settings
Configurations Required on the Remote Desktop Gateway
RD Gateway Manager is used to configure the following:
1. A valid SSL Certificate needs to be purchased (or a self-signed one created) and installed on the Remote Desktop Gateway.
2. Connection Authorization Policies - this determines which users or groups have access to use the Remote Desktop Gateway. It's better to use groups.
3. Resource Authorization Policies - this determines which resources on the network can be access by which users or groups.
4. Run Remote Desktop Web Access Configuration to configure the Source of the Remote App Programs. They can be the name of the individual Remote Desktop Session Host Servers or the name of the Remote Desktop Session Host Farm, or alternatively if you have setup a Remote Desktop Session Broker (i.e. you are using session broker for load balancing), specify the name of the server with the Session Broker role.
RD Gateway Manager - Connection Authorization Policies
RD Gateway Manager - Resource Authorization Policies
RD Web Configuration
Configurations Required on the Remote Desktop Connection Broker (in using Session Broker)
1. Run Remote Desktop Connection Manager. In the Remote App Sources section, Add the Remote App Source, which is the name of the Remote Desktop Session Host Farm.
Remote Desktop Connection Manager
You should now have an idea for how to setup Remote Desktop through a Proxy Server. The key in all of this is the Remote Desktop Gateway. While Remote Desktop Web Access allows accessing the application via a web portal, it is only the Remote Desktop Gateway which allows a user to connect to it via a proxy server, and then can connect to the Remote Desktop Session Host on the client's behalf without the client needed to be able to access it directly.
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.
sengstar2005 (author) from Sydney on June 22, 2018:
You just need a browser that can run ActiveX such as IE or Chrome.
Reji on June 21, 2018:
Does this requires a special configuration in the client machine ?
the client is using proxy in the browser settings and it just use HTTPs traffic , right !
sengstar2005 (author) from Sydney on December 05, 2016:
The article was meant for a situation where a company is hosting an application which runs under Remote Desktop services for their clients. Some companies do not mind their employees remote desktop directly to the internet to connect to services. Some companies restrict outgoing traffic altogether and allow only http/https traffic via a proxy server to the internet. Therefore, the company hosting the application need to come up with a solution so that they can offer their application to the client who is only allowed to use http/https traffic. This article shows how to setup the Microsoft Remote Desktop services environment so that it can be accessed by a web browser (Internet Explorer) via a proxy server from a client's premise. By a web browser, I don't mean one person accessing it. I mean many users all connecting simultaneously into their own Remote Desktop sessions but done via their own web browser.
Prasun Bose on December 05, 2016:
The above steps seems to be too technical. Instead, I would recommend use of remote support tools like logmein, R-HUB remote support servers, teamviewer etc. They are easy to use and work well.