none
Using a different FQDN for SSL certificate when configuring RDS Gateway Server RRS feed

  • Question

  • Hi,

    Hopefully a straight forward question, I've have the interesting job of installing a RDS system into a current AD domain which uses a public domain (domainA.com).  The RDS service is only going to be accessed from the internet but it needs to have a different public domain name i.e. domainB.com.  In the past when I've used a bit of PowerShell to change the gateway web URL on an existing RDS system but as this is a new one I thought I'd see if I can do everything during installation.

    As we know the configuration screen for the gateway servers asks for the FQDN of the RD Gateway server and there is a is note below the entry box that says "The FQDN must match the RD Gateway server name used by the remote desktop services client". 

    It's this note that is making me ask this question.  Do I have to set the FQDN in this box to rds.domainA.com or can I set it to  rds.domainB.com here?  are there any checks that are done by the configuration wizard that would through this?  Of course the public CA SSL certificates will be configured for the rds.domainB.com URL.

    Thanks in advance

    Rob

    Friday, November 1, 2019 12:25 PM

Answers

  • Hi Rob,

    To be clear, my script (Set-RDPublishedName) does not change the gateway and/or rdweb url.  It changes the published FQDN for the broker(s) that the clients use to connect to the RDS deployment.  The client may or may not need to use RD Gateway to connect to the published FQDN, and if it does, then the FQDN of the RD Gateway applies.

    The FQDN for RD Web Access is separate and not something that is published by the deployment.  Rather, it is something that is given to the end user and used by them to connect to the RD Web server.  RDWeb allows them to discover which RemoteApps/Full Desktops are available and the settings needed to connect to each.  RDWeb and RDG may be installed on the same server in which case it is common they share the same FQDN, however, they still perform distinct functions.

    I mention the above because it is important to understand the role that each FQDN in the RDS deployment plays.

    Now, to your question.  I recommend you enter the RD Gateway FQDN (e.g. rdgateway.domainb.com) that will be used by the clients in the box shown in your screenshot.  It is important to note that you need to replace the certificate with a public one as soon as possible, so this self-signed one that it creates really doesn't matter much.

    As an aside my guess is you will likely use Set-RDPublishedName so that rds.domainb.com shows for the published FQDN (again, this is different than the RDG FQDN).

    -TP

    Monday, November 4, 2019 4:51 AM
    Moderator

All replies

  • Hi Rob,

    To be clear, my script (Set-RDPublishedName) does not change the gateway and/or rdweb url.  It changes the published FQDN for the broker(s) that the clients use to connect to the RDS deployment.  The client may or may not need to use RD Gateway to connect to the published FQDN, and if it does, then the FQDN of the RD Gateway applies.

    The FQDN for RD Web Access is separate and not something that is published by the deployment.  Rather, it is something that is given to the end user and used by them to connect to the RD Web server.  RDWeb allows them to discover which RemoteApps/Full Desktops are available and the settings needed to connect to each.  RDWeb and RDG may be installed on the same server in which case it is common they share the same FQDN, however, they still perform distinct functions.

    I mention the above because it is important to understand the role that each FQDN in the RDS deployment plays.

    Now, to your question.  I recommend you enter the RD Gateway FQDN (e.g. rdgateway.domainb.com) that will be used by the clients in the box shown in your screenshot.  It is important to note that you need to replace the certificate with a public one as soon as possible, so this self-signed one that it creates really doesn't matter much.

    As an aside my guess is you will likely use Set-RDPublishedName so that rds.domainb.com shows for the published FQDN (again, this is different than the RDG FQDN).

    -TP

    Monday, November 4, 2019 4:51 AM
    Moderator
  • Hi TP

    Thank you for getting back to me and explaining the differences between the Gateway and broker URLs.  If I am understanding you correctly there is no way to set a different URL for the web broker so I will need to use your script to do this.  The RDWeb and RDG are on the same host in this instance.

    Regards

    Rob

    Monday, November 4, 2019 10:42 AM