Creating a Remote Desktop Gateway (RD Gateway) is straight forward and can be used to securely access your Windows servers over port 443 using the Remote Desktop Connection Client.  I use this to access my home lab when I’m on the road or at work, and it saves exposing your machines to the internet directly over RDP (TCP 3389). The RD Gateway isn’t new, in fact it was available on Windows Server 2008 as TS Gateway, and the installation is the same. For this article, I will be using Windows Server 2008 R2.

I run my RD Gateway on a virtual machine located inside a DMZ that I have created using Vyatta, a free virtual appliance. I won’t go into the firewall configuration here, as this is a quick configuration guide for creating your RDS Gateway.

Step 1: Build a new virtual machine and install Windows Server 2008 R2.

Step 2: Click on Add Roles (in Server Manager). You will then be presented with the following wizard dialog boxes. Click on each image for full screen.

1                
a) Click next

2
b) Select “Remote Desktop Services” and click next

3
c) Click next

4
d) Select “Remote Desktop Gateway and click next”

5
e) Click “Add Required Role Services”

6
f) Select “Choose a certificate for SSL encryption later”

7
g) Select “Create authorization policies”  ”Now” and click next

8
h) Add the group(s) that you wish to grant access through the RD Gateway or leave the default “Administrators” and click next

9

i) Leave the default “Password” selected and click next

10
j) Click “Browse” to choose which computers RD Gateway users can connect to, or select “Allow users to connect to any computer on the network” and click next

11
k) Click next on the “Introduction to Network Policy and Access Services” screen

12
l) Leave the default “Network Policy Server” selected and click next

13
m) Click next on the “Introduction to Web Server (IIS)” screen

14
n) Leave the defaults selected and click next

15

o) Click Install to begin the installation.

When the installation is finished you should be presented with the following screen:

16

Step 3: Configuring the RD Gateway

  1. Now the RD Gateway is installed, go to Start > Administrative      Tools > Remote Desktop Services > Remote Desktop Gateway Manager.
  2. Right click on the RD Gateway server within the RD Gateway Manager      console and select Properties.
  3. Select “Create a self-signed certificate” then click “Create and      Import Certificate”. You will then be presented with the following:
  4.  17          
  5. Make sure that the certificate name is the internet DNS (domain)      name that resolves to the internet IP address of the RD Gateway      server. The firewall will need to allow communication to the server on TCP      port 443.
  6. Tick “Store the root certificate” and choose a file location to      save the certificate. For example: C:\rd-cert.cer

As this is a self-signed certificate, you will need to import the certificate to your machine that you are accessing the RD Gateway from. To do this, follow these steps:

  1. From the client machine accessing the RD Gateway, right click on      the certificate file and click “Install Certificate”
  2. Click Next then select “Place all certificates in the following      store”
  3. Browse to “Trusted Root Certification Authorities”, then click      Next.
  4. Click Finish

Note: You will need to ensure that the internet (DNS) host name can be resolved to the internet IP address of the RD Gateway server, so make sure that this is the case. This domain name must match the certificate name (E.g. rdg.mydomain.com)

Step 4: Configuring the Remote Desktop Connection Client

  1. Launch the Remote Desktop Connection client.
  2. Select the “Advanced” tab and click “Settings”.
  3. Select “Use these RD Gateway server settings” (Windows XP will be      “Use these TS Gateway settings”)
  4. Enter the server / host name (E.g. rdg.mydomain.com) of your RD      Gateway server
  5. Optional: Select “Use my RD Gateway credentials for the remote      computer”
  6. Click OK.
  7. Finally, under the “General” tab enter the local IP address or      server name of the machine you wish to connect to.

Your connection will be tunnelled over SSL, providing your firewall configuration permits TCP port 443 from the internet to your RD Gateway server and TCP port 3389 from the RD Gateway server to your internal network.

 

 

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

css.php