Configuring Remote Desktop Services Gateway in Windows Server 2022
Posted on 20th June 2023
Configuring Remote Desktop Services Gateway in Windows Server 2022
Remote Desktop Services Gateway is a vital component of any Windows Server 2022 deployment that needs to provide secure access to remote desktop sessions. By using an RDS Gateway server, all traffic is encrypted and passed through a single port, making it much more difficult for unauthorized users to gain access to sensitive data.
In this guide, we will show you how to configure an RDS Gateway server on Windows Server 2022. We will cover the following topics:
Installing the Remote Desktop Services Gateway Role
Configuring the Remote Desktop Services Gateway Server
Creating and Configuring an RDS Gateway Certificate
Testing the Remote Desktop Services Gateway Configuration
Installing the Remote Desktop Services Gateway Role
The first step in configuring an RDS Gateway server is to install the Remote Desktop Services Gateway role. To do this, open the Server Manager console and select “Add roles and features”.
On the “Before you begin” page, click “Next”.
On the “Select installation type” page, select “Role-based or feature-based installation” and click “Next”.
On the “Select destination server” page, select the server you want to install the RDS Gateway role on and click “Next”.
On the “Select server roles” page, select the “Remote Desktop Services Gateway” role and click “Next”.
On the “Confirm installation selections” page, click “Install”.
Once the installation is complete, click “Close”.
Configuring the Remote Desktop Services Gateway Server
Now that the RDS Gateway role is installed, we can begin configuring the server. To do this, open the Remote Desktop Services Gateway Manager console and select the “Server Properties” option.
On the “General” tab, enter the fully qualified domain name (FQDN) of the server in the “Server name” field. This should be the same as the server’s internal DNS name.
In the “Logon method” drop-down, select the “RSA SecurID” option.
In the “Authentication method” drop-down, select the “PAP” option.
In the “Maximum number of connections” field, enter “500”. This will allow up to 500 concurrent connections to the RDS Gateway server.
Click the “Apply” button.
On the “RD CAP Store” tab, select the “Local computer” option and click the “Apply” button.
On the “Client Experience” tab, select the “Enable Single Sign On” and “Enable Restricted Admin mode for remote desktop connections” options.
In the “Idle session limit” field, enter “900”. This will limit idle sessions to 15 minutes.
In the “Active session limit” field, enter “3600”. This will limit active sessions to 1 hour.
Click the “Apply” button.
On the “Gateway Policies” tab, click the “Create new policy” button.
In the “Policy name” field, enter a name for the policy. This can be anything you want.
In the “User groups” field, enter the names of the Active Directory groups that should have access to the RDS Gateway server.
In the “Authentication methods” section, select the “PAP” option.
In the “Encryption level” drop-down, select the “Client Compatible” option.
In the “Resource authorization policies” section, select the “Allow users to connect to any resource in their user profile” option.
Click the “OK” button.
On the “Gateway Policies” tab, select the new policy you just created and click the “Edit” button.
In the “User groups” field, enter the names of the Active Directory groups that should have access to the RDS Gateway server.
In the “Authentication methods” section, select the “PAP” option.
In the “Encryption level” drop-down, select the “Client Compatible” option.
In the “Resource authorization policies” section, select the “Allow users to connect to any resource in their user profile” option.
Click the “OK” button.
On the “Gateway Policies” tab, select the new policy you just created and click the “Edit” button.
In the “User groups” field, enter the names of the Active Directory groups that should have access to the RDS Gateway server.
In the “Authentication methods” section, select the “PAP” option.
In the “Encryption level” drop-down, select the “Client Compatible” option.
In the “Resource authorization policies” section, select the “Allow users to connect to any resource in their user profile” option.
Click the “OK” button.
Your RDS Gateway server is now configured and ready for use. In the next section, we will show you how to create and configure an RDS Gateway certificate.
Creating and Configuring an RDS Gateway Certificate
In order for the RDS Gateway server to function properly, you will need to create and configure an RDS Gateway certificate. To do this, open the Certificate Manager console and select the “Add/Remove Snap-in” option.
In the “Add or Remove Snap-ins” window, select the “Certificates” snap-in and click the “Add >” button.
In the “Certificates Snap-in” window, select the “Computer account” option and click the “Finish” button.
In the “Add or Remove Snap-ins” window, click the “OK” button.
In the left-hand pane of the Certificate Manager console, expand the “Certificates” folder and select the “Personal” folder.
In the right-hand pane of the console, right-click on the “Certificates” folder and select the “All Tasks > Import” option.
In the “Certificate Import Wizard”, click the “Next” button.
On the “File to Import” page, click the “Browse” button.
Navigate to the location of the RDS Gateway certificate and click the “Open” button.
Click the “Next” button.
On the “Certificate Store” page, select the “Place all certificates in the following store” option and click the “Browse” button.
In the “Select Certificate Store” window, select the “Personal” store and click the “OK” button.
Click the “Next” button.
On the “Completing the Certificate Import Wizard” page, click the “Finish” button.
Your RDS Gateway certificate is now installed and ready for use. In the next section, we will show you how to test the RDS Gateway configuration.
Testing the Remote Desktop Services Gateway Configuration
To test the RDS Gateway configuration, you will need to connect to the server using the Microsoft Remote Desktop Client. To do this, open the Remote Desktop Connection application and enter the following information:
Connection name:
PC name:
User name:
Click the “Connect” button.
In the “Remote Desktop Connection” window, enter the password for the Active Directory account and click the “OK” button.
You should now be connected to the RDS Gateway server and be able to access your remote desktop session.