RD Gateway/Web Access Outside the Firewall
I recently had the opportunity to work with one of Microsoft Windows Server 2008 R2‘s neatest features: Remote Desktop Gateway (RD Gateway) and Remote Desktop Web Access (RD Web Access). If you aren’t familiar with these features, check out a brief summary here.
The setup is fairly straightforward, as outlined here and here. However, I did run into an issue that slowed me down a bit. The solution to this was not documented in the step-by-step guides or on the Microsoft Technet website. If anyone knows otherwise and I’ve overlooked this, as always, please provide the appropriate links in the comments.
Problem: Not able to connect to a Remote Desktop or Remote App program from outside the firewall. Inside the firewall, everything worked like a charm. The network firewall (Cisco router) was configured to allow the appropriate traffic (port 443). Disabling the Windows Server 2008 R2 firewall did not make a difference.
Solution part 1:
Add computer account to domain “IAS and RAS Servers” group
Solution part 2:
You should also be sure to configure the default Remote Desktop Gateway server for RD Web Access. Otherwise you could run into issues with the RD Web Access not knowing which RD Gateway to use (even if both roles are installed on the same server!).
- Open up “IIS Admin” console from the “Administrative Tools” menu.
- Navigate to the default web site and configure the “Application Settings” for “Default Web Site\RDWeb\Pages“.
- Change the following setting:
“DefaultTSGateway” = [fqdn of Internet accessible TS Gateway]
Note: make sure this is also the server name listed on your SSL certificate.