Win 2012 RDS can I set different ports on each Session Host Collection?

Windows Server 2012 RDS environment. Broker on single server, RDWeb and RDGateway on server together. Also have a separate Gateway server and a separate Licensing server.

I have over 30 Session Host collections, all consisting of a single machine. I want clients to be able to access their Servers/RemoteApps through RDWeb, with the ability for these collections to use non standard ports. Is it possible to set a non standard RDP port for each collection?

Barring that is it possible to have a RDP RemoteApp use a gateway? I can get connected to the session host using a non standard port through an RDGateway just fine as long as I just use the regular RDP client and not go through RDWeb. But I want my clients to go through the RDWeb page. For security reasons clients would like to use non standard ports.

Thanks for any help!
 Ian
bbellasAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevinhsiehCommented:
The normal thing to do is have your clients go to RDWeb, and then connect through RD Gateway, especially if you are connecting from outside the perimeter. Changing to non-standard ports doesn't buy you any real security. Real security would be to use firewalls to limit RDP connections to the session hosts to only the RD Gateways. RD Gateway requires authentication of the users before allowing the connection, and I have two factor authentication on mine. :-)

Here are the instructions on how to configure RDWeb to use RD Gateway.
https://technet.microsoft.com/en-us/library/cc731465.aspx
bbellasAuthor Commented:
Hello, thanks for your response. We are configured to use RDWeb with RDGateway and I agree this should be secure enough, however we have a major client that insists on using a port other than 3389 as their company security policy does not allow that port to be opened in their firewall.

Most clients connect to our RDWeb, and then connect to their Session host through the RDP icon. The RDP connection then asks for 2FA. This client still wants to connect through RDWeb, but wants the RDP connection to use a port other that 3389. I have found the registry entries that hold all the RDP connection information on the RDBrooker, and I have adjusted the ports accordingly (as well as on the Gateway, and the Session Host), but that breaks the RDP connection through the RDWeb page.

I currently have this client connecting through RDP, using our gateway but have the gateway policies configured to use a non standard port. We would prefer they get this access through RDWeb as it's easier to deploy.

THanks!
 Ian
bbellasAuthor Commented:
I should add this is 1 single client requesting this port change. We don't want to configure another RDWeb/Gateway for the single client which is why I was hoping we can make these changes just based on a Session Collection.

 Ian
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

kevinhsiehCommented:
With RD Gateway, port 3389 isn't allowed from thee Internet. Only 443 needs to be open to the Internet, and that's to the RD Gateway. If they want to change change the port from the RD Gateway to the session host, then they just don't understand security very well. It adds complexity and no security. Complexity is the enemy of security.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bbellasAuthor Commented:
That is always how I've understood it, but we run into issues if that port is not opened on client firewalls. Are there any other ports required to allow the connection that couple possibly be blocked or is it strictly 443?

 Ian
kevinhsiehCommented:
Which client firewalls? THe RDS Session hosts only need 3389 open to the RD Gateway Server(s).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.