다음을 통해 공유


Remote Desktop Services Gateway configuration for RDS farm

 

 Remote Desktop Services Gateway configuration for RDS farm

 

 

Remote Desktop Services in Windows Server 2012 has undergone tremendous changes. Right from the installation options (where you get Role-based Installation and Scenario-based Installation), to the view of the environment in Server Manager.

 

One of the biggest concerns in Windows Server 2008 R2 and Windows Server 2012 vis-à-vis Remote Desktop Services was setting up an RD Gateway. You can check the following link for understanding the deployment and the various configurations for RD Gateway and the ports that need to be opened:

Deploying RD Gateway using a Scenario Based Deployment

RD Gateway deployment in a perimeter network & Firewall rules

 

In Windows Server 2008 R2, you had the concept of an RDS farm, where multiple RD Session Host servers can be clubbed together and accessed with a single farm name. But in Windows Server 2012, this has changed into creation of collections. This is then provided and accessed from the RD Web Portal. So, if you had a collection called “Session_Host_Servers”, you will see an RDP icon in the Web Access Portal with the name “Session_Host_Servers”.

But one of the biggest errors that users faced while accessing the RDS farm with a Gateway in place is the following:

“This computer can’t connect to the remote computer because the Terminal Services Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.”

 

09-03-24 SBS 2008 - Gateway Temporarily Not Available[4]

This can occur on multiple occasions, but one of them is where you are trying to connect to the farm name, something like rdfarm.domainname.com and not when you are trying to connect to a RemoteApp or individual RD Session Host Servers, say rds1.domainname.com.

 

This happens because when you try to connect to the farm, the Gateway tries to connect to the DNS and resolve the farm name. But as there is no resource like that, you get the error. So, in order to access the farm as well, you need to add the name of the farm in the RD RAP policies, so that it checks that as a network resource and thus, does not need to resolve the name with the DNS. To do this, follow these simple steps:

1. Right-Click on Resource Authorization Policies and select Manage Local Computer Groups.

1

 

2. Select Create Group.

2

 

3. Enter the farm name and each individual servers in the farm and click on Add. Then click on OK.

3

 

Once these steps are done and you try to connect to the farm name directly, the RD Gateway will come to know that the farm name is a network resource and thus, not give you the error, but actually connect you to the farm.

 

Hope this helps. Happy reading!

Comments

  • Anonymous
    February 28, 2013
    Could you give a concrete example of the names you are using? Let’s say that my Windows Server 2012 machine has the hostname of WinSRV and my domain name is WinDom.net In the “Collections” area (which you said was previously called farm?) I have a pool of Windows 8 virtual machines called Win8Pool. Under the RD Gateway deployment properties, the server name is winsrv.windom.net. What would I put in the “New RD Gateway-Managed Computer Group”? Recap: Hostname: winsrv Domain Name: windom.net Collection name: win8pool Server name: winsrb.windom.net How would I add the server farm? Or where can I find the location of the name of the server farm?

  • Anonymous
    June 05, 2013
    Hi, Same question , what exactly is the farm name ? Thanks.

  • Anonymous
    June 21, 2013
    Does anyone solved this problem? What is exactly the farm name? I am using RDS 2012 and setup a full desktop collection?

  • Anonymous
    January 06, 2014
    You have to enter the Farm name and all of it's member servers or you will get authentication errors. This is actually mentioned in the Caution message in the above screencap at step 3.

  • Anonymous
    July 02, 2014
    We're running servers in our server-environment for several different customers. I would like to have a setup were they connect to our RDS Gateway server and, depending on login, get the pubished apps/desktops for their company/login. My question is : Can I use one(1) RDS gw for several different customers , with different setups of their RDS server/s . During testing I got one RDS to work (2012 R2 server), to publish apps (Calc.exe for the test) and it worked to login and use. But when I managed to go through another server with the GW installed, i saw the published app, but got a certificate problem when starting the app. Is the certificate on the RDS to be named as the Gateway-server or as the RDS server? Which one does the connecting user "see"? Which roles/services is needed on the Gateway server, which are needed on the RDS server? How do I connect them? Trying to find tutorials, but in general they're just quicksetups with one RDS and GW on that same server. I'm starting from a clean slate as it comes to the RDS and Gateway, so I can fiddle around as much as I want now, but soon our customers would like to see a working example. /Jonas

  • Anonymous
    July 17, 2014
    The comment has been removed

  • Anonymous
    February 02, 2015
    Thanks for a nice blog! A question: can windows 2008 act as RD Gateway and RD Web Access for windows 2012 Terminal Server?

  • Anonymous
    October 21, 2015
    I have one domain and two session host server(terminal) ,i have installed CB,WEB SERVER ,RD GETWAY in domain and session host role in both terminals . when i connect my terminal to RD WEB to External side of office . Your computer can't connect to the remote computer because the remote desktop gateway server address is unreachable error is showing what i do can you help me? if you have any suggestion for the plz help me my no is 9716181448 email id = lvkesh@gmail.com

  • Anonymous
    October 30, 2015
    Soran, yes a server can act as all three. this would be ideal for test environments. what works well is RDSH = Server A RDCB= Server B RDGW= Server B RDWEB=Server C Lokesh, in order for you to complete the external access to rdwebaccess you need to open port 443 in your firewall/router and map it to your rdgateway server address. configure RD CAP/RD RAP policies to allow resources to connect to. NAT RULE public IP mapped to internal IP via 443 open ACCESS RULE internal ip of RDGATEWAY 443 open