2008 R2 RDS and Windows 2003 R2 Terminal Servers

Yes I can confirm that you can use a RDS Gateway on Windows 2008 R2 SP1 to connect to a terminal server running Windows 2003 R2.

If you plan on using Remote Desktop Web Access, that also needs to run on 443. It sounds ike you need to be able to use more than 1 IP on your router instead of just port forwarding to different devices inside the network.

As for not running it over 443, that seems to be up for some debate.

This seems to indicate something, but I really think that it is for running on a different web site bound to a different IP, but still using 443.
http://blogs.msdn.com/b/saurabh_singh/archive/2008/08/30/troubleshooting-ts-gateway-connectivity-on-windows-2008-iis-7-0.aspx

Threads saying it won't work
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/1e58960f-2dc0-4307-b0eb-656438e97d67/

https://www.experts-exchange.com/questions/25044511/Terminal-Services-Gateway-on-Port-other-than-443.html

Yeah the port seems to be the big debate, because i know that you can change the port in IIS and I have done that and with the web access i can get it to work, sort of. I could see if there is another way to add a second IP address to my ASA specifically for this. But i am just wanting to test it for remote access.

If you have an ASA it should be really easy as long as more than 1 IP is routed to you. Just create a static NAT from the IP on on the Inside interface to the public IP on the outside interface, and then an Access rule on the Outside interface to allow from any to the public IP address tcp/443.

Ok so I have the RDWeb Access working fine from outside going through port 443 on another one of our public IP addresses. The issue that I run into now is that I cannot connect to any of my terminal servers on the inside. But if I bring up the RDWeb Access site on the inside network I am able to hit my servers and any other machines with RD enabled. I have configured RDS Gateway but I cannot get that to work on the inside either. Something with NPS and not finding a domain controller for my domain. We are a 2003 Domain. Also is there a way to create an icon for my users to click on instead of having to enter the server name to create a RD session. I know about the remoteapp portion but I am actually wanting them to use a Terminal session like they do now.

You need to have RD Gateway working, that's for sure unless you want to open 3389 to your RD server and put it in public DNS. Once you have RD Gateway working, we can worry about an icon for the desktop. I remember seeing it somewhere.

Ok, so I finally have RD Gateway working on the inside of my network. I had to add the computer to the RAS and IAS group in Active Directory. Now I can go through the gateway to access remote desktop sessions. Now the next issue comes in when I am connected remotely. I can get to the RDWeb Access site and login successfully, but when I go to the Remote Desktop tab and put in any machine name it will not connect, saying it is not powered on or remote is not enabled. Any suggestions for that issue?

I am using the Remote Desktop Connection Manager role to specify a RD Gateway server. I think that the opther option is to use group policy to specify the gateway server which would only work for domain machines.

Under RD RemoteApp Manager you can specify the RD gateway Settings.

Yeah I went through that document and got that all setup. It appears to be working from the outside world but I think I have a cert problem. I generated a cert using and internal CA and when I go to the RDWeb site and try to connect, it appears that it connects to the gateway but when I try to launch a desktop I get a message about the certificate could not be verified. I have not purchased a cert from a public vendor yet because I wanted to test this before I invest money in a cert. Everything works fine on the internal network through the web access.