RD Gateway/Web Access Outside the Firewall

Categories: Tips, Windows Server

WebAccessAndGateway

I recently had the opportunity to work with one of Microsoft Windows Server 2008 R2‘s neatest features:  Remote Desktop Gateway (RD Gateway) and Remote Desktop Web Access (RD Web Access).  If you aren’t familiar with these features, check out a brief summary here.

The setup is fairly straightforward, as outlined here and here.  However, I did run into an issue that slowed me down a bit.  The solution to this was not documented in the step-by-step guides or on the Microsoft Technet website.  If anyone knows otherwise and I’ve overlooked this, as always, please provide the appropriate links in the comments.

Problem:  Not able to connect to a Remote Desktop or Remote App program from outside the firewall.  Inside the firewall, everything worked like a charm.  The network firewall (Cisco router) was configured to allow the appropriate traffic (port 443).  Disabling the Windows Server 2008 R2 firewall did not make a difference.

Auth Error

Solution part 1:

Add computer account to domain “IAS and RAS Servers” group

IASRAS Group Membership

Solution part 2:

You should also be sure to configure the default Remote Desktop Gateway server for RD Web Access.  Otherwise you could run into issues with the RD Web Access not knowing which RD Gateway to use (even if both roles are installed on the same server!).

  1. Open up “IIS Admin” console from the “Administrative Tools” menu.
  2. Navigate to the default web site and configure the “Application Settings” for “Default Web Site\RDWeb\Pages“.
  3. Change the following setting:

DefaultTSGateway” = [fqdn of Internet accessible TS Gateway]

Note:  make sure this is also the server name listed on your SSL certificate.

DefaultTSGateway_AppSettings

«
»
  • Thanks Brandon, the “DefaultTSGateway” setting is indeed documented. I should have been a little more clear about the undocumented part, which applied to the “Solution Part 1” section, involving adding the server to the “IAS and RAS Servers” group. I’ve only run into this issue once, so I’m not sure what exactly happened in that scenario. Thanks for the link!

  • Hii,
    I had used the links to solve this problem when i had it 6 months ago. But my scenario was a bit different. My error message did not say that “Your user account is authorized to access the RD Gateway”. It just showed the 2nd error message. When i cross-checked my server names, i found that the server name in the ssl certificate (GeoTrust EV) was different my original server name. I had to reinstall my certificate.

  • I spent 3 hours trying to get remote desktop to work through my rdweb website, and this did the trick! Thanks!!!!!

  • […] RD Gateway/Web Access Outside the Firewall « XiquestJan 5, 2010 … You should also be sure to configure the default Remote Desktop Gateway server for RD Web Access. Otherwise you could run into issues with … […]