Remote Desktop Gateway is an any computer that connects two different networks with different protocols. Gateway server changes the data format from one network to another Network. Remote Desktop Gateway allows remote users to connect to their corporate network using SSL (Secure Socket Layer) tunnel along with the HTTPS protocol without having a dedicated VPN connection. 
There is no effect if you have blocked port 3389 from your firewall if you are using Windows Desktop Services. It does not rely on Remote Desktop Port 3389 as it uses this SSL and HTTPS services. 
In my previous posts I showed you “Quick Deployment and Standard Deployment methods and now I’m going to show you how we can deploy a Remote Desktop Gateway Server to establish a secure connection to your corporate network over HTTPS protocol.

In my case I’m using a Self Signed Certificate to encrypt the connection and it need to be added to your client computer “Trusted Root Certificate Authorities” , you don’t need to worry about this step if your certificate is issued by  one of the trusted public CAs that participate in the Microsoft Root Certificate Program Members program.

Now let’s start the Deployment :

  • Click on the “Add Gateway” icon on your Server Manager Deployment Overview window

  • This will open you a “Add RD Gateway Servers” window and you can see available servers that you can install this role if you are added these servers to your server manager, in my case I did not add any servers to the server manager console and I’m going to install this role on the Server which I used to deploy Quick Deployment. Select the server and add to the deployment, once you select the server click “Next” to continue. 

  • Add your external server name for this SSL certificate name, this is a MUST. Once you done that click on “Next” to continue. 

  • You can see your FQDN name and the configuration summery at the “Confirmation” step, click “Add” to continue

  • At the next window you can see the progress of the deployment 
  • Once we completed the deployment click on the “Configure certificate” option.

  • What happens if you accidentally closed this window, don’t worry still you can find this window under “Edit Deployment Properties”
  • This will bring you up the “Deployment Properties” window and click on the “Create new certificate…” option to start the certificate generation 
  
  • Type the certificate name same as your external server name, save it in your server to use it for other role services and select the check box to add these certificate to your “Trusted Root Certification Authorities” certification store. Click on “OK” to continue. 
  • At the Step Select the service roles and click on “Select existing certificate” option to browse and select the certificate and put the password that you used to generate the certificate, add this certificate to the “Trusted Root Authority Certification Store” by selecting the small check box. Click “OK” to continue. 
  • Click on “Apply” to continue 

  • Follow the same steps for all the other service roles and click on “OK” to continue
  • Now , jump in to your IIS manager and Open the application Settings 
  • Add your external Gateway Server name to “Default TS Gateway” option 
Now we are all set, Access your Corporate gateway server from a non corporate web browser after adding the Certificate. 

Leave a Reply

Your email address will not be published. Required fields are marked *