locked
Collection Deployment Properties - RD Gateway RRS feed

  • Question

  • Hi guys, 

    In my private cloud environment I have a Remote Desktop Gateway (with public FQDN gateway.public.com) and a number of server with Remote Desktop Services role. To be more precise each server runs RD Connection Broker, RD Web Access and RD Session Host roles. Every customer connects to their respective server. 

    Recently I noticed that in Server Manager\Remote Desktop Services\Collections\Edit Deployment Properties\RD Gateway different clients have different setup which has the same result - They all can connect to their remote session hosts via remote desktop gateway. (Please see the screenshots below).

    To my surprise I discovered that even if incorrect FQDN is entered for RD gateway, users are still able to connect to their remote session hosts.

    In the context of my discoveries I'm just wondering if someone could explain what role RD Gateway settings play when a collection is deployed in similar scenario (RD Gateway + RD Session Host).

    Thanks and Regards,

    Friday, February 14, 2020 2:05 AM

Answers

  • Hi TP, 

    For each user an RDP shortcut is created and a user only needs to double click on it to get connect to a remote server.

    This is how a remote desktop connection is set. 

    Hi,

    Okay, my guess was correct.  Since you are manually creating the .rdp file for each user the RD Gateway settings in RDS Deployment properties are not used.  If you want the RDG settings in deployment properties to be used then each user needs to connect using one of the proper techniques instead of a manually-created .rdp file.  If you are happy with how things are now then continue to manually create the shortcuts.

    By "proper technique" above I mean via RD Web Access and/or Remote Resources aka Workspace (Mac, iOS, Android, UWP) and/or RemoteApp and Desktop Connections.  When using one of these methods the RD Client downloads the proper .rdp settings for the deployment and these are used when launching a connection.  Additionally, if you make a change in deployment properties or on a session collection the RD Client will automatically download the new information.

    -TP

    • Marked as answer by Nightwolf_82 Thursday, February 20, 2020 2:12 AM
    Wednesday, February 19, 2020 5:37 AM

All replies

  • Hi,

    How, precisely, are users launching connections?  Based on what you have written, end users are not launching connections via RD Web Access or RemoteApp and Desktop Connections or Remote Resources aka Workspaces (Mac, iOS, Android, UWP).

    If I had to guess I would say they are launching via some sort of static method such as a .rdp file that already has the correct RD Gateway FQDN within it.  Or perhaps you give them instructions on manually entering information into the Remote Desktop Client?  Regardless, they aren't getting their RD Gateway settings from their deployment because they wouldn't be able to connect if they were (for the ones that are incorect).

    When you make changes to the RD Gateway tab in RDS deployment properties, that changes the contents of .rdp files that are downloaded via the webfeed.  For example, say you change the RDG FQDN to an invalid address and Apply the change.  Next time one of the users refreshes their RDWeb page, or their RemoteApp and Desktop Connections (happens automatically), or their Workspace on their iOS RD Client refreshes, etc., the invalid FQDN will be downloaded and used for launching connections.

    -TP

    • Proposed as answer by TP []MVP Wednesday, February 19, 2020 5:37 AM
    Friday, February 14, 2020 5:29 AM
  • Hi,

     

    As we know, remote Desktop Gateway is used to allow secure connections using HTTPS from computers outside the corporate network. With CAP and RAP, RD gateway help to restrict users and devices to be reached in RDS.

     

    The setting option under collection for RD gateway is same as what appear on mstsc:

    Run mstsc-Show option --advanced

     

    If users successfully conducted the remote session via Gateway(not check bypass option), the will be record under monitoring of remote gateway manager.

     

    Last but not least, below is a guidance on how to set up RDS Gateway role.

    Deploying Remote Desktop Gateway RDS 2012

    https://ryanmangansitblog.com/2013/03/27/deploying-remote-desktop-gateway-rds-2012/

     

    Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.

     

    Best Regards,

    Jenny


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, February 14, 2020 5:39 AM
  • Hi,

     

    Is there any update?

    Please feel free to let us know if more assistance needed.

     

    Thanks,

    Jenny


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 18, 2020 6:31 AM
  • Hi TP, 

    For each user an RDP shortcut is created and a user only needs to double click on it to get connect to a remote server.

    This is how a remote desktop connection is set.

     

    Wednesday, February 19, 2020 4:45 AM
  • Hi TP, 

    For each user an RDP shortcut is created and a user only needs to double click on it to get connect to a remote server.

    This is how a remote desktop connection is set. 

    Hi,

    Okay, my guess was correct.  Since you are manually creating the .rdp file for each user the RD Gateway settings in RDS Deployment properties are not used.  If you want the RDG settings in deployment properties to be used then each user needs to connect using one of the proper techniques instead of a manually-created .rdp file.  If you are happy with how things are now then continue to manually create the shortcuts.

    By "proper technique" above I mean via RD Web Access and/or Remote Resources aka Workspace (Mac, iOS, Android, UWP) and/or RemoteApp and Desktop Connections.  When using one of these methods the RD Client downloads the proper .rdp settings for the deployment and these are used when launching a connection.  Additionally, if you make a change in deployment properties or on a session collection the RD Client will automatically download the new information.

    -TP

    • Marked as answer by Nightwolf_82 Thursday, February 20, 2020 2:12 AM
    Wednesday, February 19, 2020 5:37 AM
  • Unfortunately, I can't check RD Web Access and/or Remote Resources aka Workspace (Mac, iOS, Android, UWP) and/or RemoteApp and Desktop Connections but I got the idea. Therefore, let's mark it as solved.

    Thanks.

     
    Thursday, February 20, 2020 2:12 AM