How to Set Up Remote Desktop Gateway in 4 Steps - V2 Cloud

Tech Tutorials

How to Set Up Remote Desktop Gateway in 4 Steps

  • January 4, 2022
  • Author: V2 Cloud

Note: A self-signed certificate was used for the purpose of this tutorial.

What is the Remote Desktop Gateway?

Remote Desktop Gateway (RD Gateway) is a role service that allows authorized remote users to connect to internal network resources from any Internet-connected device running the Remote Desktop Connection (RDC) client.

These resources can include Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running RemoteApp programs, or computers with Remote Desktop enabled.

 

Advantages of Remote Desktop Gateway

RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish secure, encrypted connections between remote users and internal network resources. This setup ensures secure access even if the internal server names or IP addresses are not resolvable over the internet, as long as the RD Gateway can resolve them.

For optimal security, it’s recommended to install a valid SSL certificate from a trusted provider (e.g., Comodo, InstantSSL, Verisign). While a self-signed certificate is used in this tutorial, purchasing a valid SSL certificate is best for production environments.

 

How to Set Up Remote Desktop Gateway

In this tutorial, you will learn to:

  • Install an SSL certificate
  • Set up RD Gateway
  • Create Connection Authorization Policy (CAP) and Resource Authorization Policy (RAP)
  • Test your RD Gateway connection

 

Step 1: Install the Remote Desktop Role

1.1. Sign in to the Target Server: Use administrator credentials.

Sign in to the Target Server: Use administrator credentials.

 

1.2. Open Server Manager: Select Manage > Add Roles and Features.

Open Server Manager: Select Manage > Add Roles and Features.

 

1.3. Select Installation Type: Choose Role-Based or Feature-Based installation, then click Next.

Select Installation Type: Choose Role-Based or Feature-Based installation, then click Next.

 

1.4. Select Destination Server: Choose your local computer from the server pool, then click Next.

Select Destination Server: Choose your local computer from the server pool, then click Next.

 

1.5. Select Server Roles: Check Remote Desktop Services, then click Next.

Select Server Roles: Check Remote Desktop Services, then click Next.

 

1.6. Select Role Services: Check only Remote Desktop Gateway, then click Next.

Select Role Services: Check only Remote Desktop Gateway, then click Next.

 

1.7. Add Required Features: When prompted, select Add Features, then click Next.

Add Required Features: When prompted, select Add Features, then click Next.

 

1.8. Network Policy and Access Services: Click Next.

Network Policy and Access Services: Click Next.

 

1.9. Web Server Role (IIS): Click Next.

Web Server Role (IIS): Click Next.

 

1.10. Role Services: Click Next.

Role Services: Click Next.

 

1.11. Confirm Installation Selections: Click Install and wait for the installation to complete.

 

1.12. Installation Successful: Close the installer.

Installation Successful: Close the installer.

Step 2: Create Connection Authorization Policy (CAP) and Resource Authorization Policy (RAP)

2.1. Open RD Gateway Manager: From Server Manager, navigate to Tools > Remote Desktop Gateway Manager.

Open RD Gateway Manager: From Server Manager, navigate to Tools > Remote Desktop Gateway Manager.

 

2.2. Access RD Gateway Manager: In the RD Gateway Manager, go to Servers, right-click your server name, and select RD Gateway Manager.

Access RD Gateway Manager: In the RD Gateway Manager, go to Servers, right-click your server name

, and select RD Gateway Manager.

 

2.3. Create Authorization Policies: In the left pane, navigate to Policies. Right-click Connection Authorization Policies, select Create New Policy and choose the Wizard option.

Create Authorization Policies: In the left pane, navigate to Policies. Right-click Connection Authorization Policies, select Create New Policy and choose the Wizard option.

 

2.4. Set Up CAP and RAP: Select Create an RD CAP and an RD RAP (recommended) and click Next.

Set Up CAP and RAP: Select Create an RD CAP and an RD RAP (recommended) and click Next.

Connection Authorization Policy (CAP)

Connection Authorization Policy ensures that only selected groups (i.e., group members) are allowed to use the Remote Desktop Gateway to access resources.

You can use groups based on active directory users or groups based on the active directory computer objects. To provide flexibility in terms of what machines users can remote desktop from, we recommend using user groups.

2.5. Name the Policy: Give the policy a descriptive name, such as Allowed-To-Use-RDGateway, and click Next.

Name the Policy: Give the policy a descriptive name, such as Allowed-To-Use-RDGateway, and click Next.

 

2.6. Select User Groups: Choose the user groups allowed to use RD Gateway.

For this tutorial on how to set up an RD gateway, we will select the Domain Admins group.

The best practice is to create another user group in which you add users that you want to allow to use the Remote Desktop Gateway. You can create groups based on the resources the users need to access.

This way, you can add those groups here and then use these groups in the Resource Authorization Policy later on.

Select User Groups: Choose the user groups allowed to use RD Gateway.

 

2.7. Device Redirection: Accept the default settings for device redirection and click Next.

Device Redirection: Accept the default settings for device redirection and click Next.

 

2.8. Timeout Settings: Enter the appropriate timeout values and click Next, then Next again to finalize the CAP.

Timeout Settings: Enter the appropriate timeout values and click Next, then Next again to finalize the CAP.

Resource Authorization Policy (RAP)

The Resource Authorization Policy is used to restrict access to servers based on group memberships. You will need to create active directory groups and add servers as members of these groups.

Resource Authorization Policy (RAP)

 

2.9. User Groups for Network Access: Select the user groups allowed to access network resources via RD Gateway. For this tutorial, select Domain Admins.

User Groups for Network Access: Select the user groups allowed to access network resources via RD Gateway. For this tutorial, select Domain Admins.

 

2.10. Select Server Groups: Choose the group containing the servers that users can access. For this tutorial, use the Domain Controllers group.

For this tutorial on how to set up a remote desktop gateway, we will use the built-in group called Domain Controllers.

You can create additional groups containing servers that are related or belong to particular departments. This way, in the previous steps you can assign groups based on department users and allow them only to access particular servers.

Select Server Groups: Choose the group containing the servers that users can access. For this tutorial, use the Domain Controllers group.

 

2.11. Verify Group Names: Click Check Name to ensure the group is found, then click OK and Next.

Verify Group Names: Click Check Name to ensure the group is found, then click OK and Next.

 

2.12. Specify Remote Desktop Ports: If the servers use a different port for RDP, specify it here. Otherwise, select Allow connections only to port 3389 and click Next, then Finish.

Specify Remote Desktop Ports: If the servers use a different port for RDP, specify it here. Otherwise, select Allow connections only to port 3389 and click Next, then Finish.

 

2.13. Confirm Policy Creation: Review the policies and click Close.

Confirm Policy Creation: Review the policies and click Close.

Step 3: Install an SSL Certificate

The Remote Desktop Gateway needs to have an SSL certificate installed. You can purchase an SSL certificate for the fully qualified internet domain name of the Remote Desktop Gateway or purchase a wildcard SSL certificate for the domain.

For this tutorial on setting up a remote desktop gateway, a Self-Signed Certificate was used.

3.1. Access Server Properties: In the RD Gateway management console, right-click your server name and select Properties.

Access Server Properties: In the RD Gateway management console, right-click your server name and select Properties.

 

3.2. Import SSL Certificate: Go to the SSL Certificate tab, select Import a certificate into the RD Gateway bubble, then browse and import the certificate.

Import SSL Certificate: Go to the SSL Certificate tab, select Import a certificate into the RD Gateway bubble, then browse and import the certificate.

 

3.3. Select and Import Certificate: Choose your PFX file, click Open, and enter the password for the PFX file. If the password is correct, the import will be successful.

Select and Import Certificate: Choose your PFX file, click Open, and enter the password for the PFX file. If the password is correct, the import will be successful.

 

We have now successfully installed a self-signed SSL certificate on TCP Port 443 (Default SSL port).

self-signed SSL certificate on TCP Port 443 (Default SSL port).

Step 4: Test RD Gateway Connection

We must test connectivity from the Remote Desktop Gateway to the network resources that clients will need to connect to. Specifically, we need to test RDP traffic by using a remote desktop client to connect to the allowed servers.

We’ve allowed the domain controllers to be accessed by the Domain Admins group through the Remote Desktop Gateway, and we’ve allowed the Domain Admins group to be able to use the Remote Desktop Gateway by using the Authorization policies.

4.1. Test Connectivity: Use a remote desktop client to connect to the allowed servers through the RD Gateway.

Test Connectivity: Use a remote desktop client to connect to the allowed servers through the RD Gateway.

 

4.2. Verify Access: Ensure that the Domain Admins group can access the domain controllers as configured in the authorization policies.

Verify Access: Ensure that the Domain Admins group can access the domain controllers as configured in the authorization policies.

 

With Remote Desktop Gateway installed it gives you or your users an extra layer of security to connect over an address or DNS name of your gateway server.

All you need to do is provide the name or private IP address of the Remote Desktop server that you want your users to connect to. It doesn’t matter that the name of the RD Server is not resolvable on the internet, or the IP address is from a private range.

As long as the RD Gateway can resolve the name, and the appropriate rights are given to the user credentials which your clients are using, they can connect to the Remote Desktop Server.

Frequently Asked Questions about Remote Desktop Gateway

1. Can I use Remote Desktop Gateway with multiple Remote Desktop Servers?

Yes, you can use Remote Desktop Gateway to manage access to multiple Remote Desktop Servers. By configuring Resource Authorization Policies (RAPs), you can control which user groups have access to specific servers. This allows you to scale your remote access infrastructure and manage permissions effectively across multiple servers.

2. What are the system requirements for setting up a Remote Desktop Gateway?

To set up a Remote Desktop Gateway, you need a server running Windows Server 2012 or later. The server should have a minimum of 2 GB of RAM, a dual-core processor, and sufficient disk space for the operating system and any additional roles and features. Additionally, a reliable network connection and a valid SSL certificate are essential for secure and efficient operation.

3. How do I troubleshoot connection issues with Remote Desktop Gateway?

If users are experiencing connection issues with Remote Desktop Gateway, follow these steps:

  • Check Network Connectivity: Ensure the server is reachable over the network and that there are no firewall or routing issues.
  • Verify SSL Certificate: Confirm that the SSL certificate is correctly installed and trusted by client devices.
  • Review Event Logs: Check the server’s event logs for any errors or warnings related to RD Gateway services.
  • Confirm User Permissions: Ensure that the users experiencing issues have the necessary permissions set in both Connection Authorization Policies (CAPs) and Resource Authorization Policies (RAPs).
  • Test RDP Ports: Make sure the RDP port (default is 3389) is open and accessible.

 

Simplify Remote Access and IT with V2 Cloud

By using V2 Cloud, you gain access to a fully integrated virtual desktop solution, reducing complexity and ensuring secure remote access without sacrificing user experience and performance.

Benefits of V2 Cloud

V2 Cloud offers clear and straightforward pricing with no hidden fees, helping you manage your IT budget more effectively. Our platform is designed for quick and easy deployment, allowing you to set up virtual desktops and servers within minutes, with step-by-step instructions and dedicated support to ensure a smooth process.

We operate on a pay-as-you-go basis, providing flexibility to scale your resources up or down as needed without being locked into long-term contracts. Our flat-rate pricing model simplifies financial planning, making it easier to forecast expenses and avoid fluctuating costs often associated with traditional IT infrastructure.

How V2 Cloud Will Help You

  • Remote Access and Security: Ensuring secure remote access can be complex and expensive. V2 Cloud provides a secure environment for remote work, using advanced encryption and multi-factor authentication to protect your data.
  • IT Management Complexity: Managing traditional IT infrastructure requires significant time and expertise. V2 Cloud simplifies IT management with an intuitive interface, reducing the need for specialized IT staff and allowing you to focus on your core business.
  • High Infrastructure Costs: Setting up and maintaining physical servers is costly and resource-intensive. V2 Cloud’s virtual desktop infrastructure (VDI) reduces hardware costs and maintenance, offering a more affordable alternative to traditional setups.
  • Scalability Issues: Scaling traditional IT resources can be slow and cumbersome. V2 Cloud allows you to scale your virtual desktops and servers effortlessly, ensuring your IT resources grow with your business.
  • Downtime and Reliability: Downtime can be detrimental to business operations. V2 Cloud guarantees high availability and reliability, minimizing downtime and ensuring your business operations run smoothly.

Get Started with V2 Cloud

Learn more about V2 Cloud and start with a risk-free 7-day trial to experience its simplicity, scalability, and power. For more detailed instructions and support, talk to our specialists.

By choosing V2 Cloud, you’re opting for a hassle-free, secure, and efficient solution to modernize your IT infrastructure and empower your remote workforce.

Back to top

Let us help you find the solution that fits your business needs