[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Need help getting Remote desktop server farm completely configured

Posted on 2014-03-25
Medium Priority
Last Modified: 2014-04-27
I am setting up a server farm.  I have three servers at present.
Server 1. Domain controller;licensing server;file server
Server 2. Backup Domain controller; licensing server;RD Gateway server; Web access server
Server 3. First RDP server in farm

I have everything setup according to all of the documentation that I have read.  There are third party certificates installed, collections are created, all the roles have been setup.

The problem I have is all of the servers are virtual and I'm using remote desktop to get to them for doing my admin work.  When I try to connect to the gateway server(2) using an rdp client (not web access) it tries to log the user onto itself rather than server 3 in the farm.

Is there some special way that I have to set this up, so that I can have it both ways?  Or do I have to turn off remote desktop for that server?
Question by:geekdad1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39954772
If you fire up and RDP client and simply try to connect to an RDGateway server and the server is configured to allow remote desktop connections (even for administration) the you will be connecting to the RDGateway server. This is because you are connecting on the port that the RD service is listening on, which is 3389.

RDGateway, on the other hand, tunnels traffic over port 443. Which means the RDGateway service *listens* on port 443. To connect to another server behind RDGateway, you must use an RDP client that is RDGateway aware, and you must fill out the gateway paramaters in the settings of the RDP client.

The RDWeb service constructs an .rdp file with both the server and RDGateway settings properly populated in a way that new versions of Microsofts RDP clients can understand. Older clients will ignore the RDGateway settings, as will many 3rd-party clients.  RDWeb is not required though. As I mentioned, it just automates the creation of the .rdp files which is simpler for many end users.

So yes, you can certainly use RDGateway to connect to other servers behind the gateway, and also connect to the gateway service itself for administration. You just have to know the appropriate settings and use a compatible RDP client for this all to work as expected.

Author Comment

ID: 39956776
I have to get port 443 opened on the firewall.  That will take a day.  I'll get back as soon as I can test it again.

Author Comment

ID: 39992220
Sorry, I got sent out of town for a while.  I still need help getting this figured out.  According to the documentation I've read, when you connect using the rdp client and specify the gateway protocol it's supposed to come back with the gateway host and the name of the host that it's passing the connection off to.  I only get the name of the gateway host, and that's the host it connects to.  Port 443 is open on the external firewall.  I've got all of the hosts setup as per specifications (I think, but obviously not).  So I'm not sure where to go next to troubleshoot this.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 39992242
The gateway is ONLY a gateway. It doesn't make any assumptions and has no logic to guess which host you want to connect to. Not even itself. So if you are getting a RDP connection to gateway machine itself, the ONLY way that happens is if that is the machine name you are requesting a connection to. So look at your client settings. That sounds like where you are having difficulties. Not with the server.

Author Comment

ID: 39992826
So in my example above.  The .rdp file would ask to connect to server3 (the rdp host and using the internal fqdn not the external one), but it would specify a gateway protocol that pointed to server2 (gateway server).

I tried doing it that way and I got the connection screen I was expecting, with the server name I'm connecting to and the gateway name as well.  While that gets me connected to server3, I'm not sure that I'm going through the connection broker to establish the connection to the server pool.  The reason I'm suspicious is that when I have a session established, it doesn't show up in the server manager as a connection.  How do I specify to connect to a server group?

Accepted Solution

geekdad1 earned 0 total points
ID: 40016307
Turns out that the remote desktop server host role didn't get installed on server3 like it should have.  When I logged into server3 with the admin account, under server manager remote desktop services was not showing.  So it would appear that it was using only the admin remote login and not terminal services.  Server manager on the other servers said that it was installed so I assumed that it was.  I added the role while on server3.  I had to setup the licensing and connection broker through powershell.  Now when I log in I see the connection in the connections box under the server manager and some of the other problems I was having have been resolved.

Author Closing Comment

ID: 40025551
Cliff gave excellent advice.  It helped get me much further.  However the final problem that resolved this was quite different. I felt it was important to make sure the full story was told.

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question