Link to home
Start Free TrialLog in
Avatar of Grasp Technologies
Grasp TechnologiesFlag for United States of America

asked on

Win 2012 RDS can I set different ports on each Session Host Collection?

Windows Server 2012 RDS environment. Broker on single server, RDWeb and RDGateway on server together. Also have a separate Gateway server and a separate Licensing server.

I have over 30 Session Host collections, all consisting of a single machine. I want clients to be able to access their Servers/RemoteApps through RDWeb, with the ability for these collections to use non standard ports. Is it possible to set a non standard RDP port for each collection?

Barring that is it possible to have a RDP RemoteApp use a gateway? I can get connected to the session host using a non standard port through an RDGateway just fine as long as I just use the regular RDP client and not go through RDWeb. But I want my clients to go through the RDWeb page. For security reasons clients would like to use non standard ports.

Thanks for any help!
 Ian
Avatar of kevinhsieh
kevinhsieh
Flag of United States of America image

The normal thing to do is have your clients go to RDWeb, and then connect through RD Gateway, especially if you are connecting from outside the perimeter. Changing to non-standard ports doesn't buy you any real security. Real security would be to use firewalls to limit RDP connections to the session hosts to only the RD Gateways. RD Gateway requires authentication of the users before allowing the connection, and I have two factor authentication on mine. :-)

Here are the instructions on how to configure RDWeb to use RD Gateway.
https://technet.microsoft.com/en-us/library/cc731465.aspx
Avatar of Grasp Technologies

ASKER

Hello, thanks for your response. We are configured to use RDWeb with RDGateway and I agree this should be secure enough, however we have a major client that insists on using a port other than 3389 as their company security policy does not allow that port to be opened in their firewall.

Most clients connect to our RDWeb, and then connect to their Session host through the RDP icon. The RDP connection then asks for 2FA. This client still wants to connect through RDWeb, but wants the RDP connection to use a port other that 3389. I have found the registry entries that hold all the RDP connection information on the RDBrooker, and I have adjusted the ports accordingly (as well as on the Gateway, and the Session Host), but that breaks the RDP connection through the RDWeb page.

I currently have this client connecting through RDP, using our gateway but have the gateway policies configured to use a non standard port. We would prefer they get this access through RDWeb as it's easier to deploy.

THanks!
 Ian
I should add this is 1 single client requesting this port change. We don't want to configure another RDWeb/Gateway for the single client which is why I was hoping we can make these changes just based on a Session Collection.

 Ian
ASKER CERTIFIED SOLUTION
Avatar of kevinhsieh
kevinhsieh
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
That is always how I've understood it, but we run into issues if that port is not opened on client firewalls. Are there any other ports required to allow the connection that couple possibly be blocked or is it strictly 443?

 Ian
Which client firewalls? THe RDS Session hosts only need 3389 open to the RD Gateway Server(s).
Avatar of butt head
butt head

apologies for spam, but I can't see any comments...