Need help getting Remote desktop server farm completely configured

Posted on 2014-03-25
Last Modified: 2014-04-27
I am setting up a server farm.  I have three servers at present.
Server 1. Domain controller;licensing server;file server
Server 2. Backup Domain controller; licensing server;RD Gateway server; Web access server
Server 3. First RDP server in farm

I have everything setup according to all of the documentation that I have read.  There are third party certificates installed, collections are created, all the roles have been setup.

The problem I have is all of the servers are virtual and I'm using remote desktop to get to them for doing my admin work.  When I try to connect to the gateway server(2) using an rdp client (not web access) it tries to log the user onto itself rather than server 3 in the farm.

Is there some special way that I have to set this up, so that I can have it both ways?  Or do I have to turn off remote desktop for that server?
Question by:geekdad1
  • 5
  • 2
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39954772
If you fire up and RDP client and simply try to connect to an RDGateway server and the server is configured to allow remote desktop connections (even for administration) the you will be connecting to the RDGateway server. This is because you are connecting on the port that the RD service is listening on, which is 3389.

RDGateway, on the other hand, tunnels traffic over port 443. Which means the RDGateway service *listens* on port 443. To connect to another server behind RDGateway, you must use an RDP client that is RDGateway aware, and you must fill out the gateway paramaters in the settings of the RDP client.

The RDWeb service constructs an .rdp file with both the server and RDGateway settings properly populated in a way that new versions of Microsofts RDP clients can understand. Older clients will ignore the RDGateway settings, as will many 3rd-party clients.  RDWeb is not required though. As I mentioned, it just automates the creation of the .rdp files which is simpler for many end users.

So yes, you can certainly use RDGateway to connect to other servers behind the gateway, and also connect to the gateway service itself for administration. You just have to know the appropriate settings and use a compatible RDP client for this all to work as expected.

Author Comment

ID: 39956776
I have to get port 443 opened on the firewall.  That will take a day.  I'll get back as soon as I can test it again.

Author Comment

ID: 39992220
Sorry, I got sent out of town for a while.  I still need help getting this figured out.  According to the documentation I've read, when you connect using the rdp client and specify the gateway protocol it's supposed to come back with the gateway host and the name of the host that it's passing the connection off to.  I only get the name of the gateway host, and that's the host it connects to.  Port 443 is open on the external firewall.  I've got all of the hosts setup as per specifications (I think, but obviously not).  So I'm not sure where to go next to troubleshoot this.
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
ID: 39992242
The gateway is ONLY a gateway. It doesn't make any assumptions and has no logic to guess which host you want to connect to. Not even itself. So if you are getting a RDP connection to gateway machine itself, the ONLY way that happens is if that is the machine name you are requesting a connection to. So look at your client settings. That sounds like where you are having difficulties. Not with the server.

Author Comment

ID: 39992826
So in my example above.  The .rdp file would ask to connect to server3 (the rdp host and using the internal fqdn not the external one), but it would specify a gateway protocol that pointed to server2 (gateway server).

I tried doing it that way and I got the connection screen I was expecting, with the server name I'm connecting to and the gateway name as well.  While that gets me connected to server3, I'm not sure that I'm going through the connection broker to establish the connection to the server pool.  The reason I'm suspicious is that when I have a session established, it doesn't show up in the server manager as a connection.  How do I specify to connect to a server group?

Accepted Solution

geekdad1 earned 0 total points
ID: 40016307
Turns out that the remote desktop server host role didn't get installed on server3 like it should have.  When I logged into server3 with the admin account, under server manager remote desktop services was not showing.  So it would appear that it was using only the admin remote login and not terminal services.  Server manager on the other servers said that it was installed so I assumed that it was.  I added the role while on server3.  I had to setup the licensing and connection broker through powershell.  Now when I log in I see the connection in the connections box under the server manager and some of the other problems I was having have been resolved.

Author Closing Comment

ID: 40025551
Cliff gave excellent advice.  It helped get me much further.  However the final problem that resolved this was quite different. I felt it was important to make sure the full story was told.

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I'll explain how to setup a Plex Media Server ( on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
Let’s list some of the technologies that enable smooth teleworking. 
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question