• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 260
  • Last Modified:

Changing the port for RDS on windows server 2012 R2

Dear Experts,

I'm having issues configuring my Windows 2012R2 RDS roles.  I've installed and configured the roles in their default session-based capacity.  Access from LAN stations is fine. However, configuring access for remote users is a bit of a pig.

Its a single server (domain member) that has RD Web Access, RD Gateway, RD Licensing, RD Connection Broker and I have added the RD Host server and created a collection.

This site has only one public static IP address and exchange is using port 443 so I changed the transport settings in the RD Gateway to use port 444. I have also installed an SSL cert from godaddy.

When I visited the rdweb site from an external location, I could logon fine (as admin) and browse around.  There are 3 apps published by default (calc, paint and wordpad) but when I click on any of these, I get a message stating that the server could not be found. So I googled around and made the following changes:
- in IIS, changed the DefaultTSGateway to point to the external FQDN
- in the RD Gateway settings, added the internal and external FQDN of the RDS server into the server farm (I had to create a split dns entry internally for this)
- Use windows powershell to perform Set-RDSessionCollectionConfiguration –CollectionName "YourCollectionName" –CustomRdpProperty "gatewayhostname:s:rdg.yourdomain.com:444

Once these steps were completed, I could logon to an RDP session. I had to configure the RDC to use the RD Gateway server settings with the new port 444.

So I re-published the calculator app and this time when I click on it, it brings me through logging on but then fails stating that the name on the certs do not match. I click to view the certificate and am presented with the exchange certificate details!!  

It would appear that, at some level, it is communicating on port 443 even though I have changed the transport to use port 444.

Because I have had to make so many little changes that seem to me to be fixes, the whole thing feels dirty.

Any experts with any advice would be appreciated.

Thanks
0
tech53
Asked:
tech53
  • 2
1 Solution
 
David Johnson, CD, MVPOwnerCommented:
I use a wildcard certificate myself to not have this potential problem. And both can be on port 443 just using different host headers.
0
 
tech53Author Commented:
I have ordered another static IP from my ISP and will use that on 443.
0
 
tech53Author Commented:
I found this route to cause least trouble.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now