How does external remote desktop users connect into corpnet through RDP over HTTPS?

Hello Experts,

I am just a few steps behind from completing the set up, please guide me into achieving this.

I have the following servers,
RDG - Remote Desktop Gateway
RDSH1 -  Remote Desktop Session Host
WIN7CLIENT1 - Windows 7 Ent Client

Currently, the following is already done,
Setup CAP and RAP to allow specific users to connect to specific resources.
Installed RDG Certificate to the client that will be accessing RDSH1
Tested Remote Desktop Connection by using RDG as Gateway and it was successful.

My question is, this is all working fine on the same subnet (VLAN) on a test lab, now I have to place them on Production as follows,

RDG - at DMZ - yet Domain-Joined
RDSH1 - at Internal Network
WIN7CLIENT1 - on the internet

I need to the client to use RDP over HTTPS  (port 443) to communicate with RDG to initiate a session (port 3389) at RDSH1.

Given that all above ports are configured in the firewall. How does the client initiate the session?

Does the external user use the same RDC Client on Windows 7? Will that initiate RDP over HTTPS? Or does he have to initiate a Remote Session through IE. Cause when I hear HTTPS I immediately think, a web browser.

And if RDC is required, the Gateway should be specified as hostname resolvable over the internet?!  Right, If that so there has to be a Public DNS entry for sure, but pointing to what? A Public IP address NAT'ed through the Firewall to RDG Server?

Many Thanks,
Who is Participating?
kevinhsiehConnect With a Mentor Commented:
Well I can tell you that it does run over 443, but I haven't actually sniffed the traffic. You can check the TCP connection state by running "netstat -n" from win7client1 when it is connected via RDP.
Hello TQ,

do you want RDP over the HTTPS port by using a RDP client, or you are looking for RDP access via web browser?

Both options are possible, but depending on yours, I can try to offer an answer.
tq85Author Commented:
I want RDP over the HTTPS port by using a RDP client, initially.

Thanks radugpopa.

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

So, if I understand correctly: you want to connect from a LAN to an external (internet) RDP host, but you would like that the traffic is proxied by the LAN firewall?

tq85Author Commented:
I am afraid not.
It is a typical scenario, where a mobile user would like to remotely access corporate resources.

Suppose a Win7 Client, sitting at home connected to the internet.
He wishes to get a session from one of the RDSH servers inside the corporation.

Hope that clarifies my point. Thanks.

So he should be able to use a browser and connect via HTTPS to the RPD over web server which is running in the DMZ, or?
tq85Author Commented:
He should be able to use RDC to initiate an RDP over HTTPS over 443 to connect to the Gateway in the DMZ that will then initiate an RDP 3389 to the resources I specify internally, which in this case is one of Remote Desktop Session Hosts RDSH1.
kevinhsiehConnect With a Mentor Commented:
This is set by the RDP client, or you can set it via Group Policy. In the RDP client go to Options,advanced tab, Connect from anywhere Settings, and then put the FQDN That is the only public DNS entry required. You can tell the RDP client to connect to RDSH1 or rdsh1.domain.local as normal.
tq85Author Commented:
@kevinhsieh, thanks a lot. This answers half my doubts, and the other half is, could you please confirm that "RDC Client will encapsulate RDP traffic inside an HTTPS tunnel?"
tq85Author Commented:
@radugpopa, I highly appreciate your effort in answering my problem.

@kevinhsieh, many thanks. Only an expert can provide such precise answers.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.