2008 R2 RDS and Windows 2003 R2 Terminal Servers

I would like to know if it is possible to configure a 2008 R2 RDS Gateway to connect to 2003 R2 Terminal Servers. The domain is 2003 Active Directory. Also port 443 is not available for use because it is being used by something else. I need access for both internal and external connections, so my clients need to go to a website and be able to access the terminal servers as well.
FNBCTAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevinhsiehCommented:
Yes I can confirm that you can use a RDS Gateway on Windows 2008 R2 SP1 to connect to a terminal server running Windows 2003 R2.

If you plan on using Remote Desktop Web Access, that also needs to run on 443. It sounds ike you need to be able to use more than 1 IP on your router instead of just port forwarding to different devices inside the network.

As for not running it over 443, that seems to be up for some debate.

This seems to indicate something, but I really think that it is for running on a different web site bound to a different IP, but still using 443.
http://blogs.msdn.com/b/saurabh_singh/archive/2008/08/30/troubleshooting-ts-gateway-connectivity-on-windows-2008-iis-7-0.aspx

Threads saying it won't work
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/1e58960f-2dc0-4307-b0eb-656438e97d67/

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Remote_Desktop-Terminal_Services/Q_25044511.html
0
FNBCTAuthor Commented:
Yeah the port seems to be the big debate, because i know that you can change the port in IIS and I have done that and with the web access i can get it to work, sort of. I could see if there is another way to add a second IP address to my ASA specifically for this. But i am just wanting to test it for remote access.
0
kevinhsiehCommented:
If you have an ASA it should be really easy as long as more than 1 IP is routed to you. Just create a static NAT from the IP on on the Inside interface to the public IP on the outside interface, and then an Access rule on the Outside interface to allow from any to the public IP address tcp/443.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

FNBCTAuthor Commented:
Ok so I have the RDWeb Access working fine from outside going through port 443 on another one of our public IP addresses. The issue that I run into now is that I cannot connect to any of my terminal servers on the inside. But if I bring up the RDWeb Access site on the inside network I am able to hit my servers and any other machines with RD enabled. I have configured RDS Gateway but I cannot get that to work on the inside either. Something with NPS and not finding a domain controller for my domain. We are a 2003 Domain. Also is there a way to create an icon for my users to click on instead of having to enter the server name to create a RD session. I know about the remoteapp portion but I am actually wanting them to use a Terminal session like they do now.
0
kevinhsiehCommented:
You need to have RD Gateway working, that's for sure unless you want to open 3389 to your RD server and put it in public DNS. Once you have RD Gateway working, we can worry about an icon for the desktop. I remember seeing it somewhere.
0
FNBCTAuthor Commented:
Ok, so I finally have RD Gateway working on the inside of my network. I had to add the computer to the RAS and IAS group in Active Directory. Now I can go through the gateway to access remote desktop sessions. Now the next issue comes in when I am connected remotely. I can get to the RDWeb Access site and login successfully, but when I go to the Remote Desktop tab and put in any machine name it will not connect, saying it is not powered on or remote is not enabled. Any suggestions for that issue?
0
kevinhsiehCommented:
I am using the Remote Desktop Connection Manager role to specify a RD Gateway server. I think that the opther option is to use group policy to specify the gateway server which would only work for domain machines.
0
kevinhsiehCommented:
Under RD RemoteApp Manager you can specify the RD gateway Settings.
0
kevinhsiehCommented:
I found how to configure the gateway from the Remote Desktop Web Access Server.

http://technet.microsoft.com/en-us/library/cc731465.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FNBCTAuthor Commented:
Yeah I went through that document and got that all setup. It appears to be working from the outside world but I think I have a cert problem. I generated a cert using and internal CA and when I go to the RDWeb site and try to connect, it appears that it connects to the gateway but when I try to launch a desktop I get a message about the certificate could not be verified. I have not purchased a cert from a public vendor yet because I wanted to test this before I invest money in a cert. Everything works fine on the internal network through the web access.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.