[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 342
  • Last Modified:

Need help getting Remote desktop server farm completely configured

I am setting up a server farm.  I have three servers at present.
Server 1. Domain controller;licensing server;file server
Server 2. Backup Domain controller; licensing server;RD Gateway server; Web access server
Server 3. First RDP server in farm

I have everything setup according to all of the documentation that I have read.  There are third party certificates installed, collections are created, all the roles have been setup.

The problem I have is all of the servers are virtual and I'm using remote desktop to get to them for doing my admin work.  When I try to connect to the gateway server(2) using an rdp client (not web access) it tries to log the user onto itself rather than server 3 in the farm.

Is there some special way that I have to set this up, so that I can have it both ways?  Or do I have to turn off remote desktop for that server?
0
geekdad1
Asked:
geekdad1
  • 5
  • 2
2 Solutions
 
Cliff GaliherCommented:
If you fire up and RDP client and simply try to connect to an RDGateway server and the server is configured to allow remote desktop connections (even for administration) the you will be connecting to the RDGateway server. This is because you are connecting on the port that the RD service is listening on, which is 3389.

RDGateway, on the other hand, tunnels traffic over port 443. Which means the RDGateway service *listens* on port 443. To connect to another server behind RDGateway, you must use an RDP client that is RDGateway aware, and you must fill out the gateway paramaters in the settings of the RDP client.

The RDWeb service constructs an .rdp file with both the server and RDGateway settings properly populated in a way that new versions of Microsofts RDP clients can understand. Older clients will ignore the RDGateway settings, as will many 3rd-party clients.  RDWeb is not required though. As I mentioned, it just automates the creation of the .rdp files which is simpler for many end users.

So yes, you can certainly use RDGateway to connect to other servers behind the gateway, and also connect to the gateway service itself for administration. You just have to know the appropriate settings and use a compatible RDP client for this all to work as expected.
0
 
geekdad1Author Commented:
I have to get port 443 opened on the firewall.  That will take a day.  I'll get back as soon as I can test it again.
0
 
geekdad1Author Commented:
Sorry, I got sent out of town for a while.  I still need help getting this figured out.  According to the documentation I've read, when you connect using the rdp client and specify the gateway protocol it's supposed to come back with the gateway host and the name of the host that it's passing the connection off to.  I only get the name of the gateway host, and that's the host it connects to.  Port 443 is open on the external firewall.  I've got all of the hosts setup as per specifications (I think, but obviously not).  So I'm not sure where to go next to troubleshoot this.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Cliff GaliherCommented:
The gateway is ONLY a gateway. It doesn't make any assumptions and has no logic to guess which host you want to connect to. Not even itself. So if you are getting a RDP connection to gateway machine itself, the ONLY way that happens is if that is the machine name you are requesting a connection to. So look at your client settings. That sounds like where you are having difficulties. Not with the server.
0
 
geekdad1Author Commented:
So in my example above.  The .rdp file would ask to connect to server3 (the rdp host and using the internal fqdn not the external one), but it would specify a gateway protocol that pointed to server2 (gateway server).

I tried doing it that way and I got the connection screen I was expecting, with the server name I'm connecting to and the gateway name as well.  While that gets me connected to server3, I'm not sure that I'm going through the connection broker to establish the connection to the server pool.  The reason I'm suspicious is that when I have a session established, it doesn't show up in the server manager as a connection.  How do I specify to connect to a server group?
0
 
geekdad1Author Commented:
Turns out that the remote desktop server host role didn't get installed on server3 like it should have.  When I logged into server3 with the admin account, under server manager remote desktop services was not showing.  So it would appear that it was using only the admin remote login and not terminal services.  Server manager on the other servers said that it was installed so I assumed that it was.  I added the role while on server3.  I had to setup the licensing and connection broker through powershell.  Now when I log in I see the connection in the connections box under the server manager and some of the other problems I was having have been resolved.
0
 
geekdad1Author Commented:
Cliff gave excellent advice.  It helped get me much further.  However the final problem that resolved this was quite different. I felt it was important to make sure the full story was told.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now