How does external remote desktop users connect into corpnet through RDP over HTTPS?

Hello Experts,

I am just a few steps behind from completing the set up, please guide me into achieving this.

I have the following servers,
RDG - Remote Desktop Gateway
RDSH1 -  Remote Desktop Session Host
WIN7CLIENT1 - Windows 7 Ent Client

Currently, the following is already done,
Setup CAP and RAP to allow specific users to connect to specific resources.
Installed RDG Certificate to the client that will be accessing RDSH1
Tested Remote Desktop Connection by using RDG as Gateway and it was successful.

My question is, this is all working fine on the same subnet (VLAN) on a test lab, now I have to place them on Production as follows,

RDG - at DMZ - yet Domain-Joined
RDSH1 - at Internal Network
WIN7CLIENT1 - on the internet

I need to the client to use RDP over HTTPS  (port 443) to communicate with RDG to initiate a session (port 3389) at RDSH1.

Given that all above ports are configured in the firewall. How does the client initiate the session?

Does the external user use the same RDC Client on Windows 7? Will that initiate RDP over HTTPS? Or does he have to initiate a Remote Session through IE. Cause when I hear HTTPS I immediately think, a web browser.

And if RDC is required, the Gateway should be specified as hostname resolvable over the internet?!  Right, If that so there has to be a Public DNS entry for sure, but pointing to what? A Public IP address NAT'ed through the Firewall to RDG Server?

Many Thanks,
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hello TQ,

do you want RDP over the HTTPS port by using a RDP client, or you are looking for RDP access via web browser?

Both options are possible, but depending on yours, I can try to offer an answer.
tq85Author Commented:
I want RDP over the HTTPS port by using a RDP client, initially.

Thanks radugpopa.

So, if I understand correctly: you want to connect from a LAN to an external (internet) RDP host, but you would like that the traffic is proxied by the LAN firewall?

Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

tq85Author Commented:
I am afraid not.
It is a typical scenario, where a mobile user would like to remotely access corporate resources.

Suppose a Win7 Client, sitting at home connected to the internet.
He wishes to get a session from one of the RDSH servers inside the corporation.

Hope that clarifies my point. Thanks.

So he should be able to use a browser and connect via HTTPS to the RPD over web server which is running in the DMZ, or?
tq85Author Commented:
He should be able to use RDC to initiate an RDP over HTTPS over 443 to connect to the Gateway in the DMZ that will then initiate an RDP 3389 to the resources I specify internally, which in this case is one of Remote Desktop Session Hosts RDSH1.
This is set by the RDP client, or you can set it via Group Policy. In the RDP client go to Options,advanced tab, Connect from anywhere Settings, and then put the FQDN That is the only public DNS entry required. You can tell the RDP client to connect to RDSH1 or rdsh1.domain.local as normal.
tq85Author Commented:
@kevinhsieh, thanks a lot. This answers half my doubts, and the other half is, could you please confirm that "RDC Client will encapsulate RDP traffic inside an HTTPS tunnel?"
Well I can tell you that it does run over 443, but I haven't actually sniffed the traffic. You can check the TCP connection state by running "netstat -n" from win7client1 when it is connected via RDP.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tq85Author Commented:
@radugpopa, I highly appreciate your effort in answering my problem.

@kevinhsieh, many thanks. Only an expert can provide such precise answers.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.