report

How to Setup a Remote Desktop Gateway

What is a remote Desktop Gateway server?

A Remote Desktop Gateway server is a Windows 2008R2 server which typically is located in a corporate or private network. It acts as the gateway into which RDP connections from an external network connects through to access a Remote Desktop server (Terminal Server) located on the corporate or private network. The external network is usually the internet. (In Windows 2008, it is known as TS Gateway or Terminal Services Gateway).


Why Not Just Connect to the Remote Desktop Server or Terminal Servers directly from the Internet ?

Remote Desktop Servers typically use port 3389. To enable Remote Desktop Servers to be accessed over the internet, you must enable/forward TCP Port 3389 to the Remote Desktop Server. If you have more RD servers than you have internet IP addresses, you will have to start port forwarding other ports to the other RD Servers i.e. forward TCP Port 3390 on your firewall to Port 3389 on your second RD Server, forward TCP Port 3391 to Port 3389 on your third RD server and so on.

This can be quite confusing for clients because they have to remember what port to connect to.

With Remote Desktop Gateway installed, you can give your clients the address or DNS name of the gateway server. Give them the name or private IP address of the Remote Desktop server that you want your client to connect to. It doesn’t matter that the name of the RD Server is not resolvable on the internet or the IP address is from a private range. As long as the RD Gateway can resolve the name, and the appropriate rights are given to the user credentials which your clients are using, they can connect to the Remote Destop Server.

You can create groupings of servers and allow only certain Windows users or groups access to particular servers.

However, to use RDGateway, you will need to install a valid SSL certificate. I find buying an SSL certificate is best instead of using a self-signed one i.e. you can get an SSL certificate from Comodo, InstantSSL, Verisign, etc. . You can hook up RD Gateway and RD Web Access together and even let users use Internet Explorer to connect to your Published Remote Apps on your Remote Desktop servers via a Web Proxy.

How to install the Remote Desktop Gateway role service?

1. Install the Remote Desktop Gateway role service via Server Manager. You will need to install the Remote Desktop Services role first.
2. Once Remote Desktop Gateway Role service is installed, run Remote Desktop Gateway Manager
3. Go into the Policies section and create the Connection Authorization Policy. This is where you setup who’s allowed to log into the RDGateway.
4. Go into the Policies section and create the Resource Authorization Policy. This is where you setup what resources can be accessed via RD Gateway and by whom.

NOTE: The name and IP addresses that you enter here will be used to match with what the client will type in as the computer name in the RD Client. For example, if you put the server name in the Resource Authorization Policy as MYSERVER, and the RD client is trying to connect to MYSERVER.domain.local, the RD Client will be refused connection DESPITE the two names resolving to the same IP address. You can’t even specify a valid IP address unless it is listed as an allowed resource.

5. Right click on the RD Gateway server name and select Properties. A window will come up where you can fine tune the properties. You can use the default settings. However, you need to go into the SSL Certificate tab and install a certificate.
6. Enable/Forward TCP Port 443 (SSL port) on your firewall to the RDGateway server.

Configuring the RDP Client to talk to the Remote Desktop Gateway

Make sure you install the latest RDP Client or at the very least version 6.1.
You can go into the Advanced section, and click on Settings in the Connect from Anywhere settings. See below screen shots as an example.

More by this Author


Comments 2 comments

Justin 10 hours ago

Updated on November 8, 2016 - Yet there's no mention of Server 2016. I assume everything got lumped into RDS and we now have to install everything that is included in RDS just to get RD Gateway?


sengstar2005 profile image

sengstar2005 9 hours ago from Sydney Author

Thanks for your comment Justin. Yes, this article is about Windows 2008R2 Remote Desktop Services. The update to this article was just some minor grammar fixes. Microsoft changed a number of things with regards to Remote Desktop Services installation since Windows 2012. I haven't yet, but will need to create a different article for Windows 2012 and 2016.

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article

    Menu

    Explore