Here are the basics, as promised earlier, for deploying the Remote Desktop Gateway role on Windows Server 2012 platform. Here are the basic steps to add only this role on a single server:
Install Remote Desktop Gateway Role on Windows Server 2012
- Once logged in a administrator, open Server Manager and select “Add servers roles and features”
- If you have not already check the box next to “Skip this page by default” then click “Next >”
- It is important to select role based installation here before clicking “Next >”. This article only explains how to install RD Gateway, not a full deployment.
- Select your server that will host the RD Gateway rolethen click “Next >”
- Select Remote Desktop Services role
- Skip feature selection as you don’t need anything here
- On the Remote Desktop Services role click “Next >”
- On the Add Roles and Features Wizard click “Add Features”
- Make sure Remote Desktop Gateway role is selected and click “Next >”
- On the Network Policy and Access Services (NPS) click “Next >”
- Make sure Network Policy Server role is selected and click “Next >”
- Make sure leave the defaults for the Web Server Role (IIS) role is selected and click “Next >”
- Checked the “Restart the destination server automatically if required” check-box then click “Install”
- You may notice that Server Manager states there are no RD Connection Broker servers in the server pool. This is as designed since this is not a complete Remote Desktop Session host environment as we want to have only RD Gateway
- In Server Manager go to Tools > Terminal Services > Remote Desktip Gateway Manager and you will see that Remote Desktop Gateway server is not configured. One of the most important things to keep things simple for the user is the RD Gateway certificate (the SSL certificate needs to be installed on BOTH the server and on the client workstation for this will not work). It is highly recommended to get an external SSL Certificate for this process – a great provider is StartSSL as they are free for a basic secure certificate.
- Click on “View or modify certificate properties” then click on “Import Certificate…”
- Navigate the file downloaded from your certificate provider and import it.
- On the right hand side click on the “Create New Authentication Policies Wizard”
- In the wizard select “Create RD CAP and a RD RAP (recommended)” then click “Next >”
- Name the Remote Desktop Client Access Policy policy then click “Next >”
- Leave the default of Password authentication then select an Active Directory User Group (I usually create a specific one for this purpose and add the needed members to it) then click “Next >”
- Device redirection and session time out are left at their defaults, so click “Next >”
- Name the Remote Desktop Remote Access Policy policy then click “Next >”
- Select an Active Directory Computer Group (I usually create a specific one for this purpose and add the needed endpoints to it) then click “Next >”
- Leave the default port as 3389 then click “Next >”
- Finish the wizard and you will receive successful message the RD RAP and RD CAP policies have been created.
- The server is now configured. Go to the client workstation and import the SSL certificate from your provider.
- Open the RDP client, click on the “Show Options”, click on the “Advanced” tab then “Settings…”
- Specify the RD gateway server here. (The RD Gateway address here and the server name on the certificate needs to be the same.) Then select “Use my RD Gateway credentials for the remote computer” and then click “OK”
- On the General tab, specify local computer name of the workstation or server inside the network and full username including local domain then click “Next >”