Monday, October 24, 2011

Running RD Gateway on a different port then 443 (Windows Server 8)

If you have been working with the Remote Desktop Gateway (RDGW) or with the previous version, the Terminal Services Gateway (TSGW), you’ll probably know that running the RDGW on a different port then port 443 is not possible (or at least not supported).

Good news is coming for organizations that needed this functionality (and I have seen requests for this on Technet Forums on multiple occasions). Running RD gateway on a different port than port 443 will be possible on Windows Server 8! Even better, this setting is easily accessible from within the RD Gateway manager and can be changed within a few clicks.

In this blog post I’ll quickly show you how to configure this.

When you installed the RD Gateway via the new Server Manager (either remotely or locally) the RD Gateway Manager Manager will be available. When you open up the manager it looks quite a lot like the RDGW Manager in Windows Server 2008 R2.

However, when we open up the properties of the RDGW server we’ll notice a new tab there called Transport Settings.

On this tab we have several options. We can change the IP address that the RD Gateway listens on. By default this is "All Unassigned", but we now have the ability to easily set this to a single specific IP-address that exists on the server. Useful when your RD Gateway server has multiple IP-addresses and you want to narrow this down to a single one.

New here is the ability to change the port that RD Gateway server listens on. So let’s test this functionality and change that to a different port. We’ll choose and set port 999 for now.

We get a warning that listener rules will be modified in the Windows Firewall and, of course, all active sessions will be disconnected, as the RD Gateway server will be restarted.

When we run a netstat we see that the RDGW is now running on 999 instead of 443.

Now let’s try to connect to the a RD Session Host using the new RD Gateway port. We open up a mstsc, enter the hostname of the RDSH and the necessary credentials. On the advanced tab using the settings button we configure the RD Gateway settings as show below.

We save the settings and try to connect. We get the error below:

“A valid gateway server address must be specified”. Why do we get this error? We tried to connect using a Remote Desktop Client supporting RDP 7.0 and apparently Remote Desktop Protocol version 7.0 does not support this.

So we open up a Windows 8 client, run mstsc and try the same configuration. This time successfully!

We’re now able to save the RD Gateway properties of the client and start a new session, and thus connect using a RD Gateway server on port 999.

Once connected we open up the connection details of the session where secure connection on port 999 is now displayed:

Conclusion: RD Gateway running on Windows Server 8 will support changing the port that the gateway listens on. A pre-requisite for this to work is using a Remote Desktop Client that supports Remote Desktop Protocol 8.0

No comments:

Post a Comment