December 21, 2024
030420_2308_HowtoInstal5.png
Today, I am going to show you how to deploy simple Remote Desktop Gateway on the Microsoft Windows Server 2019 without complete Remote Desktop Services Infrastructure. It means I don't have a farm of RD session host servers sitting behind and I don't want to deploy Connection broker, web access and session host server (e.g. complete infrastructure).

Today, I am going to show you how to deploy simple Remote Desktop Gateway on the Microsoft Windows Server 2019 without complete Remote Desktop Services Infrastructure. It means I don’t have a farm of RD session host servers sitting behind and I don’t want to deploy Connection broker, web access and session host server (e.g. complete infrastructure).

  1. Login to Windows Server 2019.
  2. Open server manager and select add server roles and features.

  3. On the Before You Begin page, click Next.

  4. On the Installation Type page, select Role-based or feature based Installation.

  5. On the Server Selection page, make sure select the Windows 2019 server and click Next.

  6. On the Select server roles page, select Remote Desktop Services, click Next.

  7. On the Select features page, click Next.

  8. On the Remote Desktop Services page, click Next.

  9. On the Select role services page, select Remote Desktop Gateway.

  10. On the Add features that are required for Remote Desktop Gateway page, click Add features.

  11. On the Select role services page, click Next.

  12. On the Network Policy and Access Services page, click Next.

  13. On the Web Server Role (IIS) page, click Next.

  14. On the Select role services page, click Next.

  15. On the Confirm installation selections page, select Restart the destination server automatically if required.

  16. Click Yes on the restart warning message page and then click Install.

  17. On the Results page, make sure installation progress without issues, click Close.

  18. On the Server Manager, select Tools, click Remote Desktop Services and then click Remote Desktop Gateway Manager.

  19. On the RD Gateway Manage page, select the windows server 2019 gateway server (in my case is CGY-RDSH01), click View and modify certificate properties of Configuration Status.

  20. On the Properties page, in my case, I would like to access corporate network (servers) from External, so I need to purchase and install certificate from public CA. Select Import a certificate into the RD Gateway CGY-RDSH01 Certificates (Local Computer) Personal Store, click Browse and Import Certificate.

  21. I have done exported the wildcard certificate .pfx file from other server and copied it to gateway server, select the .pfx file, click Open.

  22. Enter Private key password, click OK.

  23. Make sure the certificate successfully imports to RD Gateway server, click OK.

  24. On the Properties page, click OK.

  25. On the RD Gateway Manager, expand the RD gateway server, select Policies, click Create New Authorization.

  26. On the Authorization Policies page, select Create a RD CAP and a RD RAP (recommended), click Next.

  27. On the Connection Authorization Policy page, type the name for the RD CAP, in my case is RD CAP Policy.

  28. On the Requirements page, select Password and click Add Group at User group membership (required).

  29. Enter the security group name which allows to connect to the gateway server, in my case is Domain Users, click OK.

  30. On the Device Redirection page, in my case, I allow device redirection for all client devices, select Enable device redirection for all client devices, click Next.

  31. On the Session Timeout, select enable the, and change the idle and session timeout period settings as your requirements, click Next.

  32. On the RD CAP Summary page, click Next.

  33. On the Resource Authorization Policy page, type the name for the RD RAP, in my case is RD RAP Policy, click Next.

  34. On the User Group, in my case is Domain Users, click Next.

  35. On the Network Resource, in my case, select Allow users to connect to any network resource (computer), click Next.

  36. On the Allowed Ports, select Allow connections only to port 3389, click Next.

  37. On the RD RAP Summary page, click Finish.

  38. On the Confirm Policy Creation page, click Close.

  39. On the RD Gateway Manager, select the Gateway server (in my case is CGY-RDSH01), click Add RD Gateway Server Farm members at Configuration Status.

  40. On the Properties page, select Server Farm, type the Gateway server name for RD Gateway server farm member, in my case is CGY-RDSH01, click Add.

  41. On the Properties page, click Apply.

  42. Make sure the Status of Gateway server shows OK (it may need to take some time for the server to start services), click OK.

  43. Now, it’s the time to test gateway function from External client machine.
  44. Open Remote Desktop Connection from External Client.
  45. Enter computer name of corporate machine (client or server), click Show Options.

  46. Select General and enter User name, click Advanced.

  47. On the Advanced page, click Settings at Connect from anywhere.

  48. On the Connection settings page, select Use these RD Gateway server settings, type FQDN of gateway server to the server name filed.
  49. On the Logon settings, select Use my RD Gateway credentials for the remote computer, click OK.

  50. On the Remote Desktop Connection page, click Connect.

  51. Enter the password of domain user, click OK.

  52. It will connect to the machine directly from external.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Author: Cary Sun

Cary Sun has a wealth of knowledge and expertise in data center and deployment solutions. As a Principal Consultant, he likely works closely with clients to help them design, implement, and manage their data center infrastructure and deployment strategies.
With his background in data center solutions, Cary Sun may have experience in server and storage virtualization, network design and optimization, backup and disaster recovery planning, and security and compliance management. He holds CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999. Cary is also a Microsoft Most Valuable Professional (MVP), Microsoft Azure MVP, Veeam Vanguard and Cisco Champion. He is a published author with several titles, including blogs on Checkyourlogs.net, and the author of many books.
Cary is a very active blogger at checkyourlogs.net and is permanently available online for questions from the community. His passion for technology is contagious, improving everyone around him at what they do.

Blog site: https://www.checkyourlogs.net
Web site: https://carysun.com
Blog site: https://gooddealmart.com
Twitter: @SifuSun
in: https://www.linkedin.com/in/sifusun/
Amazon Author: https://Amazon.com/author/carysun

Tags:

Related News

121424_1947_HowtoAddMic8.png

How to Add Microsoft Azure Archive Blob Storages as Archive Object Repositories

December 20, 2024
121424_1921_HowtoAddMic14.png

How to Add Microsoft Azure Blob Storage as an Immutability Object Repository

December 19, 2024

You may have missed

121424_1947_HowtoAddMic8.png

How to Add Microsoft Azure Archive Blob Storages as Archive Object Repositories

December 20, 2024
121424_1921_HowtoAddMic14.png

How to Add Microsoft Azure Blob Storage as an Immutability Object Repository

December 19, 2024
121424_1853_HowtoAddMic5.png

How to Add Microsoft Azure Blob Storage as an Object Repository

December 18, 2024
121424_1822_HowtoCreate6.png

How to Create Veeam Cloud Credential for Microsoft Azure Compute Accounts

December 17, 2024
121424_1747_CreatingVee5.png

Creating Veeam Cloud Credential for Microsoft Azure Storage Accounts with Entra ID Authentication

December 16, 2024
120924_1942_CreatingVee5.png

Creating Veeam Cloud Credential for Microsoft Azure Storage Accounts with Share Key Authentication

December 13, 2024