Solved

Changing the port for RDS on windows server 2012 R2

Posted on 2015-02-20
3
175 Views
Last Modified: 2015-03-15
Dear Experts,

I'm having issues configuring my Windows 2012R2 RDS roles.  I've installed and configured the roles in their default session-based capacity.  Access from LAN stations is fine. However, configuring access for remote users is a bit of a pig.

Its a single server (domain member) that has RD Web Access, RD Gateway, RD Licensing, RD Connection Broker and I have added the RD Host server and created a collection.

This site has only one public static IP address and exchange is using port 443 so I changed the transport settings in the RD Gateway to use port 444. I have also installed an SSL cert from godaddy.

When I visited the rdweb site from an external location, I could logon fine (as admin) and browse around.  There are 3 apps published by default (calc, paint and wordpad) but when I click on any of these, I get a message stating that the server could not be found. So I googled around and made the following changes:
- in IIS, changed the DefaultTSGateway to point to the external FQDN
- in the RD Gateway settings, added the internal and external FQDN of the RDS server into the server farm (I had to create a split dns entry internally for this)
- Use windows powershell to perform Set-RDSessionCollectionConfiguration –CollectionName "YourCollectionName" –CustomRdpProperty "gatewayhostname:s:rdg.yourdomain.com:444

Once these steps were completed, I could logon to an RDP session. I had to configure the RDC to use the RD Gateway server settings with the new port 444.

So I re-published the calculator app and this time when I click on it, it brings me through logging on but then fails stating that the name on the certs do not match. I click to view the certificate and am presented with the exchange certificate details!!  

It would appear that, at some level, it is communicating on port 443 even though I have changed the transport to use port 444.

Because I have had to make so many little changes that seem to me to be fixes, the whole thing feels dirty.

Any experts with any advice would be appreciated.

Thanks
0
Comment
Question by:tech53
  • 2
3 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
I use a wildcard certificate myself to not have this potential problem. And both can be on port 443 just using different host headers.
0
 

Accepted Solution

by:
tech53 earned 0 total points
Comment Utility
I have ordered another static IP from my ISP and will use that on 443.
0
 

Author Closing Comment

by:tech53
Comment Utility
I found this route to cause least trouble.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In this article, I'll explain how to setup a Plex Media Server (https://plex.tv/) on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
OfficeMate Freezes on login or does not load after login credentials are input.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now