Solved

Need help getting Remote desktop server farm completely configured

Posted on 2014-03-25
7
323 Views
Last Modified: 2014-04-27
I am setting up a server farm.  I have three servers at present.
Server 1. Domain controller;licensing server;file server
Server 2. Backup Domain controller; licensing server;RD Gateway server; Web access server
Server 3. First RDP server in farm

I have everything setup according to all of the documentation that I have read.  There are third party certificates installed, collections are created, all the roles have been setup.

The problem I have is all of the servers are virtual and I'm using remote desktop to get to them for doing my admin work.  When I try to connect to the gateway server(2) using an rdp client (not web access) it tries to log the user onto itself rather than server 3 in the farm.

Is there some special way that I have to set this up, so that I can have it both ways?  Or do I have to turn off remote desktop for that server?
0
Comment
Question by:geekdad1
  • 5
  • 2
7 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
If you fire up and RDP client and simply try to connect to an RDGateway server and the server is configured to allow remote desktop connections (even for administration) the you will be connecting to the RDGateway server. This is because you are connecting on the port that the RD service is listening on, which is 3389.

RDGateway, on the other hand, tunnels traffic over port 443. Which means the RDGateway service *listens* on port 443. To connect to another server behind RDGateway, you must use an RDP client that is RDGateway aware, and you must fill out the gateway paramaters in the settings of the RDP client.

The RDWeb service constructs an .rdp file with both the server and RDGateway settings properly populated in a way that new versions of Microsofts RDP clients can understand. Older clients will ignore the RDGateway settings, as will many 3rd-party clients.  RDWeb is not required though. As I mentioned, it just automates the creation of the .rdp files which is simpler for many end users.

So yes, you can certainly use RDGateway to connect to other servers behind the gateway, and also connect to the gateway service itself for administration. You just have to know the appropriate settings and use a compatible RDP client for this all to work as expected.
0
 
LVL 1

Author Comment

by:geekdad1
Comment Utility
I have to get port 443 opened on the firewall.  That will take a day.  I'll get back as soon as I can test it again.
0
 
LVL 1

Author Comment

by:geekdad1
Comment Utility
Sorry, I got sent out of town for a while.  I still need help getting this figured out.  According to the documentation I've read, when you connect using the rdp client and specify the gateway protocol it's supposed to come back with the gateway host and the name of the host that it's passing the connection off to.  I only get the name of the gateway host, and that's the host it connects to.  Port 443 is open on the external firewall.  I've got all of the hosts setup as per specifications (I think, but obviously not).  So I'm not sure where to go next to troubleshoot this.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
Comment Utility
The gateway is ONLY a gateway. It doesn't make any assumptions and has no logic to guess which host you want to connect to. Not even itself. So if you are getting a RDP connection to gateway machine itself, the ONLY way that happens is if that is the machine name you are requesting a connection to. So look at your client settings. That sounds like where you are having difficulties. Not with the server.
0
 
LVL 1

Author Comment

by:geekdad1
Comment Utility
So in my example above.  The .rdp file would ask to connect to server3 (the rdp host and using the internal fqdn not the external one), but it would specify a gateway protocol that pointed to server2 (gateway server).

I tried doing it that way and I got the connection screen I was expecting, with the server name I'm connecting to and the gateway name as well.  While that gets me connected to server3, I'm not sure that I'm going through the connection broker to establish the connection to the server pool.  The reason I'm suspicious is that when I have a session established, it doesn't show up in the server manager as a connection.  How do I specify to connect to a server group?
0
 
LVL 1

Accepted Solution

by:
geekdad1 earned 0 total points
Comment Utility
Turns out that the remote desktop server host role didn't get installed on server3 like it should have.  When I logged into server3 with the admin account, under server manager remote desktop services was not showing.  So it would appear that it was using only the admin remote login and not terminal services.  Server manager on the other servers said that it was installed so I assumed that it was.  I added the role while on server3.  I had to setup the licensing and connection broker through powershell.  Now when I log in I see the connection in the connections box under the server manager and some of the other problems I was having have been resolved.
0
 
LVL 1

Author Closing Comment

by:geekdad1
Comment Utility
Cliff gave excellent advice.  It helped get me much further.  However the final problem that resolved this was quite different. I felt it was important to make sure the full story was told.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now