Configuring Remote Desktop Gateway in Windows Server 2022

Posted on 18th June 2023

Overview

Remote Desktop Gateway (RD Gateway) is a role service that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client.

Users can connect to an RD Gateway server to gain access to remote resources on an internal network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client.

Prerequisites

Before you install and configure the RD Gateway role service, review the following information and ensure that your environment meets the listed prerequisites.

• A server that is running Windows Server 2022 with the RD Gateway role service installed. For more information, see Install RD Gateway.
• A domain-joined client computer that is running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, or Windows XP with Service Pack 3 (SP3).
• An RD Gateway server certificate. For more information, see Create and deploy certificates for RD Gateway.
• A DNS record that resolves the fully qualified domain name (FQDN) of the RD Gateway server to the public IP address of the network perimeter firewall, router, or proxy through which remote users connect to the RD Gateway server. This DNS record is required so that remote users can connect to the RD Gateway server by using the FQDN of the server. If you are using a split-DNS deployment in which internal DNS servers resolve the FQDN of the RD Gateway server to the private IP address of the RD Gateway server and external DNS servers resolve the FQDN to the public IP address, you do not have to create a DNS record. In this scenario, remote users will be automatically redirected to the correct IP address when they attempt to connect to the RD Gateway server by using the FQDN.

Configure the RD Gateway server

Complete the following steps on the RD Gateway server to configure the server.

1. In the Remote Desktop Gateway Manager console, click the name of the server in the left pane.
2. In the Overview pane, click the Server Properties tab, and then do the following:
   • In the General section, verify that the correct certificate is selected in the Certificate drop-down list. If the correct certificate is not selected, click Select Certificate, and then select the correct certificate from the list of certificates. If you do not have a valid certificate installed on the RD Gateway server, see Create and deploy certificates for RD Gateway.
   • In the Transport Settings section, click Configure transport settings, and then do the following:
     • In the Transport Settings dialog box, click Enable Transport Layer Security (TLS).
     • In the Transport Settings dialog box, click Require strong encryption for all connections that use TLS.
     • In the Transport Settings dialog box, click OK.
   • In the Authentication Settings section, click Configure authentication settings, and then do the following:
     • In the Authentication Settings dialog box, in the Authentication Methods list, click to select the Allow client (user) certificate authentication check box, and then click OK.
3. In the Overview pane, click the Policies tab, and then do the following:
   • Click Create New Policy.
   • In the Name box, type a name for the policy.
   • In the User Groups list, click Add, click Add Group, and then add the user groups to which you want to assign this policy.
   • In the Network Resource Groups list, click Add, click Add Group, and then add the network resource groups to which you want to assign this policy.
   • In the Authentication and Delegation section, click Configure authentication and delegation settings, and then do the following:
     • In the Authentication Settings dialog box, in the Allowed client authentication methods list, click to select the Allow client certificate authentication check box, and then click OK.
     • In the Delegation Settings dialog box, in the Allowed delegation of credentials to these remote computers list, click to select the Allow delegation of credentials to these remote computers check box, and then click OK.
   • In the Resource Authorization Policies section, click Configure resource authorization policies, and then do the following:
     • In the Authorization Policies dialog box, in the Permissions list, click to select the Allow user to connect check box, and then click OK.
   • In the Client Connection Settings section, click Configure client connection settings, and then do the following:
     • In the Client Connection Settings dialog box, in the Client connection settings list, click to select the Allow clients to connect through RD Gateway check box, and then click OK.
   • In the Overview pane, click Apply.

Configure the firewall

Complete the following steps on the firewall to configure port forwarding and network address translation (NAT).

1. On the firewall, click Start, click Administrative Tools, and then click Windows Firewall with Advanced Security.
2. In the Windows Firewall with Advanced Security console, in the left pane, click Inbound Rules, and then, in the Actions pane, click New Rule.
3. In the New Inbound Rule Wizard, in the Rule Type list, click Port, and then click Next.
4. In the Protocol and Ports page, in the Protocol list, click TCP, and then, in the Specific local ports box, type 443. Click Next.
5. In the Action page, click Allow the connection, and then click <strong
   
   

   Previous Post - How to Use App Library on the iPhone 14

   

   Next Post - How to Extend Your Philips Hue System for Whole-Home Coverage