[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Connecting to TS Web Access via TS Gateway

Posted on 2013-01-30
Medium Priority
Last Modified: 2013-02-06
Hi all,

I'm trying to find an article on how to configure TS Web Access so a domain user can authenticate to a TS Web server via TS Gateway from outside. I have configured two Windows server 2008 R2 Standard servers, 1 as a TS Gateway with external access (terminal.blabla.ca) and 1 as TS Server which has a few apps installed such as MS Office, Adobe Acrobat, etc. This all works fine when using a RDP file, the user connects to the remote server easily thru the Gateway but when trying with the web access I can't get it to work from outside. It works fine inside obviously when typing the URL, I get redirected to the TS web access on the TS Server with access to the apps.  I have installed Remote Desktop Web Access Role on both machines and Remote Desktop Gateway Role on only one with a 3rd party SSL Cert. The fact that everything works fine with a RDP file makes me think that I'm not far but still not there!

Question by:Comptrib
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 23

Expert Comment

by:Ayman Bakr
ID: 38837126
First see if your configuration is aligned to the checklist here:


Moreover, if you deployed your RD Web Access and RD Gateway in DMZ, while your RD Session host was deployed internally, ensure you open WMI traffic on the firewall from the RD Web Access to the RD Session host.

Also ensure that your RD Web Access is configured to use Forms Authentication (it should by default).

Author Comment

ID: 38840502
Thanks for the reply,

Both of my servers are inside the domain. When typing "https://terminal.blabla.ca" in tnhe browser, the address gets translated at the Firewall level to the TS Gateway. After going thru the checklist you sent me, I created an RDP file within RemoteAppManager, took a copy and tried it outside my domain with a wifi connection. It worked perfectly. However, what I am looking for is the possibility for a user to type the "https://terminal.blabla.ca" in his browser and be redirected and authenticated to the TS Web server so he can select the application he wants to work on. Is this feasable?

LVL 23

Expert Comment

by:Ayman Bakr
ID: 38844724
To have SSL, and thus HTTPS, on your RD Web Access you need to setup SSL in IIS for your site and create an HTTPS binding for that site. Have you done it? Check this link on how to do it:


Moreover, have you configured the RemoteApp programs to be available through RD WebAccess? Please verify your configurations with this checklist:

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 38845038
SSL is configured on RD Web Access and programs are available through RD Web access. I can access them in the browser from inside.

The problem seems to be at the Gateway. How can I set it up to have the user redirected to my RD Web Server? Actually when I type my address in the browser, I end up to the default web page of the TS Gateway server (iisstart.htm). Like I said, the address "terminal.blabla.ca" is translated to 192.168.x.x which is my TS Gateway. It stops there.

LVL 23

Expert Comment

by:Ayman Bakr
ID: 38845381
Correct configuration should be as follows:

1. On RD Web Access the following should be configured:
    a. Source should be configured with the FQDN of your RD Session Hosts (have you configured this correctly?)

2. On Remote Desktop Session Host the following should be configured:
    a. Within the RemoteApp Manager settings you need to specify the RD Gateway settings including to 'Bypass RD Gateway Server for local addresses'
    b. Add your RDS User group to the TS Web Access Computers local group
    c. Publish the applications you want your users to run

How are your external users accessing your RD network - i.e. is terminal.blabla.ca the FQDN of your RD Gateway?

Author Comment

ID: 38852090
Yes, external users accessing the Gateway via the FQDN terminal.blabla.ca.

Here's what I tried; I enabled Directory Browsing in RDWeb on my Gateway and added RDWeb in my URL (https://terminal.blabla.ca/RDWeb) and I got a page showing the directory. I clicked on "Pages" and the Login page (RD Services Default Connection page) opened. I was able to log and run the applications on my Web Server. I changed the physical path of the RDWeb directory so it points to the default.aspx page but that generates an error.  I'm not far from what I want. Why I see the Directory and not the Login page?


Author Comment

ID: 38852300
Okay, I got it to work after reading this article on MS Forum http://social.technet.microsoft.com/Forums/en/winserverTS/thread/8d2af593-9f6f-4b5b-bf33-cfd29ad31db5. I simply redirected the default web site to "/RDWeb/Pages/default.aspx"

One more issue though, Once authentcated, I get the RD Web access page with the Apps available but to open one I have to authenticate again with Domain\username and also accept a "Unknow Publisher" warning. I need to do this for every App. Any idea how I can bypass this since I'm already authenticated as a domain user thru the Gateway.

LVL 23

Accepted Solution

Ayman Bakr earned 2000 total points
ID: 38853904
For single-sign on (SSO) you need to ensure that:
1. Certificate used to sign your RemoteApps is trusted
2. RD Session host servers are 2008 R2.
3. Client connecting should have RDC 7.0 and is either Windows 7, Vista or XP SP3.

RD Session Hosts 2008 do not support SSO with RD Web Access and you will have to do with it. However if your RD Session Hosts 2008 R2 then it should be fine provided you had the above prerequisites and your environment setup correctly for SSO. For more info see this link:


Author Closing Comment

ID: 38861246
THak you for the help. Greatly appreciated.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question