W2K8 R2 RDS 3 – Installing And Configuring A Remote Gateway

W2K8 R2 RDS 3 – Installing And Configuring A Remote Gateway

Introduction

This section of the article provides the steps required to install the Remote Desktop Gateway Role on to a Windows 2008 R2 Server.

Prerequisites

In order to install and configure a Remote Desktop Gateway the following prerequisites must be met :-

  • A Windows 2008 R2 Server
  • The server to be used must be part of a Domain

Installing The Remote Desktop Gateway Role

To install the Remote Desktop Connection Broker Role perform the following steps :

  • Open the Server Manager Console
  • Click on Roles and then click on Add Roles
  • From the list of available Roles select Remote Desktop Services and then click on Next
  • From the list of available Role Services select Remote Desktop Gateway  and then click on Next
  • When prompted to Add Role Services and Features required by the Remote Desktop Gateway click on Add Required Role Services
  • Click on Next
  • At the Server Authentication Certificate screen select whether you wish to Import a SSL Certificate, create a Self Sign Certificate, or choose one later
  • Click on Next to continue
  • At the Authorization Policies  screen select Later and then click on Next
  • At the Introduction To Network Policy and Access Servicesscreen click on Next
  • When prompted to Select Role Services for the Network Policy and Access Services click on Next
  • At the Introduction To Web Server (IIS) screen click on Next
  • When prompted to Select Role Services for the Web Server (IIS) click on Next
  • When prompted to Confirm Installation Selections click on Install

The Remote Desktop Gateway Role will now be installed on the server

Configuring RDS Gateway Authorization Policies

The next step is configure the RDS Gateway Authorization Policies.  To configure the RDS Gateway Authorization Policies perform the following steps :-

  • Open the RD Gateway Manager Console
  • Right Click on the Policies branch in the Left Hand Pane and selectCreate New Authorization Policies
  • At the next screen select Create a RD CAP and a RD RAP (recommended) and then click on Next
  • When prompted enter a name for the new RD CAP,
  • At the Requirements screen ensure that Password is ticked and add in the Active Directory User Group you wish to allow access
  • Click on Next to continue
  • On the Device Redirection screen select the devices you want to allow redirected for users
  • Click on Next to continue
  • At the Session Timeout screen select the Idle and Session Timeouts if required and then click on Next to continue
  • At the RD CAP Summary screen click on Next to continue
  • When prompted enter the name for the RD RAP and click on Next to continue
  • On the User Groups screen the User Group Membership should already be populated with the Group selected in the RD CAP Requirements screen
  • Click on Next to continue
  • At the Network Resources screen select either an Active Directory Group with your RDS Session Host servers in it or select Allow users to connect to any network resource (computer)
  • Click on Next to continue
  • On the Allowed Ports screen leave the selection as Allow connections only through TCP port 3389
  • Click on Next to continue
  • At the RD RAP Summary screen click on Finish to continue
  • At the Confirm Policy Creation  screen click on Close to complete configuring the Authorization Policies

Populate The TS Web Access Computers Security Group On The RDS Session Hosts

The next step populate the TS Web Access Computers Security Group on the RDS Session Hosts.  To populate the TS Web Access Computers Security Group on the RDS Session Hosts perform the following steps :-

  • Logon to the RDS Session Host Servers in turn as an Administrative account
  • Under Administrative Tools click on Computer Management
  • In the Left Hand pane expand Local Users and Groups and then click Groups
  • In the Right Hand pane Double Click the TS Web Access Computers Group
  • Click on Add and then click on Object Types
  • Select Computers in the list of Object Types and then click on OK
  • In the Enter the object names to select type the Computer Account of the RDS Connection Broker server

E.G. RDSBroker01

  • Click on OK and then OK again to close the properties of the TS Web Access Computers Group

Populate The Session Broker Computers Security Group On The RDS Gateway Server

The next step populate the Session Broker Computers Security Group on the RDS Session Hosts.  To populate the Session Broker Computers Security Group on the RDS Gateway Server perform the following steps :-

  • Logon to the RDS Gateway Server as an Administrative account
  • Under Administrative Tools click on Computer Management
  • In the Left Hand pane expand Local Users and Groups and then click Groups
  • In the Right Hand pane Double Click the Session Broker Computers Group
  • Click on Add and then click on Object Types
  • Select Computers in the list of Object Types and then click on OK
  • In the Enter the object names to select type the Computer Accounts of the RDS Session Host servers

E.G. RDSHost01; RDSHost02

  • Click on OK and then OK again to close the properties of the Session Broker Computers Group