Saturday, September 10, 2011

Deploying Remote Desktop Gateway in workgroup environment

Installing and Configuring Remote Desktop Gateway or Terminal Services Gateway
Prerequisites
1. Operating Systems: Windows Server 2008 or Windows Server 2008 R2
2. The server could be accessed from Internet
3. A domain name registered domain service provider

To deploy Remote Desktop Gateway in Windows Server 2012 or Windows Server 2012 R2, please read the following post.
Deploying Remote Desktop Gateway in Windows Server 2012 or Windows Server 2012 R2 workgroup environment

Renaming the server for Remote Desktop Gateway
I will install remote desktop gateway on Windows Server 2008 R2. Assuming I registered a domain name, contoso.com, on Internet.
1. At a server, log in as Administrator.
2. Click "Start", enter "sysdm.cpl".
3. Select "Computer Name" tab, click "Change".
4. Under "Computer name", type "rdg".
5. Click "More".
6. Under "Primary DNS suffix of this computer", type "contoso.com".
7. Click "OK" three times.


You have to provide the FQDN for generating the certificate.
8. Click "Close".
9. Restart the computer.


Installing the Remote Desktop Gateway server role
1. At "rdg.contoso.com", log in as Administrator.
2. Click "Server Manager".
3. Right-click "Roles", select "Add Roles".
4. At "Before You Begin", click "Next".
5. Check "Remote Desktop Services".


6. Click "Next" twice.
7. Check "Remote Desktop Gateway", click "Add Required Role Services".


8. Click "Next".
9. Select "Choose a certificate for SSL encryption later".


10. Click "Next".
11. At "Authorization Policies", select "New".
12. Click "Next".
13. At "RD Gateway User Groups", you can add users or groups to use this Remote Desktop Gateway.


14. I would like to let Administrators group use this Remote Desktop Gateway, click "Next".
15. At "RD CAP", you can change the name select the authentication method for Remote Desktop Gateway.


16. Click "Next".
17. At "RD RAP", you can control which computers can be remote control through this Remote Desktop Gateway.
18. Select "Allow users to connect to any computer on the network".


Remark: You can change the settings of "RD CAP" and "RD RAP" after installing Remote Desktop Gateway.

19. Click "Next" twice.
20. Still check "Network Policy Server", click "Next" twice.
21. Leave the default IIS settings, click "Next".
22. Click "Install".
23. When installation finished, click "Close".


Create a self-signed certificate for Remote Desktop Gateway
1. At "rdg.contoso.com", log in as Administrator.
2. Launch "Remote Desktop Gateway Manager".
3. Right-click "RDG", select "Properties".
4. Select "SSL Certificate" tab.


5. Click "Create and Import Certificate".
6. Next to "Certificate name", make sure the name is same as your Internet domain name.
7. Check "Store the root certificate".


Remark: You can use the third-party certificate which is signed by Trust Root CA.

Remark: Remote Desktop Gateway supports wildcard certificate.

8. Click "OK" twice.


The certificate was installed in the server.

9. Click "OK".


Configuring the remote desktop connection
To connect Remote Desktop Gateway, the Remote Desktop Gateway version must be 6.0 or later.

Prerequisites
You have to install the certificate which was generated by "rdg.contoso.com".

1. Copy the RDG certificate to a workstation you want to use.
2. Right-click the certificate,"RDG", click "Install Certificate".
3. At welcome screen, click "Next".
4. Select "Place all certificate in the following store", click "Browse".
5. Select "Trusted Root Certification Authorities", click "OK".


6. Click "Next".
7. Click "Finish".


8. Click "Yes" to accept install the certificate.

Configure Remote Desktop Connection
1. At a workstation, launch "Remote Desktop Connection".
2. At "Remote Desktop Connection", click "Options".
3. Select "Advanced" tab.
4. Next to "Connect from anywhere", click "Settings".
5. Select "Use these RD Gateway server settings".
6. Next to "Server name", type "rdg.contoso.com".
7. Next to "Logon settongs", un-check "Use my RD Gateway credentials for the remote computer".


8. Click "OK".
9. Select "General" tab.

Now, you can remote the other computers through the Remote Desktop Gateway.

Remark: A computer installed Windows Vista or later need to be entered "Computer Name\User Name" for RD Gateway Server Credentials.


Remark: For Windows XP, you have to modify the registry to support Network Level Authentication.

1. Launch "Registry Editor".
2. Navigate to "HKLM\SYSTEM\CurrentControlSet\Control\Lsa".
3. In the detail pane, double-click "Security Packages".
4. Add "tspkg" in the bottom.


5. Click "OK".
6. Navigate to "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders".
7. In the detail pane, double-click "SecurityProviders".
8. Type "credssp.dll" at the end of value.


9. Click "OK".
10. Close "Registry Editor".
11. Restart the computer.

References:
Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3

Building a Remote Desktop Gateway (RDG) / RD Gateway Server
http://www.rayheffer.com/953/building-a-remote-desktop-gateway-rdg-rd-gateway-server/

Additional info:
Deploying RD Gateway R2 server with NAP
http://blogs.msdn.com/b/rds/archive/2009/08/17/deploying-rd-gateway-r2-server-with-nap.aspx

Improving TS Gateway availability using NLB
http://blogs.msdn.com/b/rds/archive/2009/03/24/improving-ts-gateway-availability-using-nlb.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!

No comments:

Post a Comment