none
Server 2012 RemoteApp custom port

    Question

  • Hopefully one of you lovely people might be able to help me out of a sticky situation with RemoteApps and custom port issues on my Server 2012 environment.

    I'm looking at deploying Hyper-V into production with some RemoteApp .rdp files and RDWeb to connect into my Hyper-V guest.

    I have Server 2012 Datacenter as my host OS on serv1.domain.tld, with Server 2012 Standard as my guest on rds1.domain.tld. rds1 acts as RD Gateway, Broker and Session Host for the moment, although I'll likely split that up some more once I have a working system in place.

    As the servers are behind a firewall and the default ports are in use for other things, I'd like to modify the RDP port from 3389 to a custom port but only for the .rdp files that are generated for RDWeb and the .msi files produced for GPOs. The servers will still respond to port 3389, but that port isn't used in my firewall. Instead the firewall will forward traffic from the custom port to the default 3389 port on the server internally.

    Is there a way to modify the address used by the server when generating the .rdp and the .msi files without modifying the server's actual RDP listening port?

    Wednesday, May 29, 2013 10:21 AM

Answers

  • Hi,

    If you use RD Gateway then you only need to open TCP port 443 and UDP port 3391 and forward them to your RD Gateway server.  You may have RD Web Access (uses TCP port 443) and RDG running on the same server.

    When an external client launches a RemoteApp they will connect to your RD Gateway via TCP port 443 and UDP port 3391, then the RDG will connect to your internal RDSH servers using TCP port 3389 and UDP port 3389 on behalf of the external client.  In this way the RDG will act as a middleman between your external users and your internal RDSH servers.

    In Server Manager - Remote Desktop Services - Overview - Tasks - Deployment Properties you need to specify the external FQDN of your RD Gateway server.  If you have RDWeb and RDG on the same server this would be the same FQDN that your users will use for RDWeb.  For example, if your users use https://rds1.yourdomain.com/rdweb to connect to your RD Web Access site, then you would enter rds1.yourdomain.com for the RD Gateway name in deployment properties.

    In the future please ask questions related to Remote Desktop Services over in the RDS Forum.

    Thanks.

    -TP

    • Proposed as answer by James Dyke Thursday, May 30, 2013 8:32 AM
    • Marked as answer by h3lpm3plz Thursday, May 30, 2013 8:33 AM
    Thursday, May 30, 2013 3:44 AM

All replies

  • How may external IP address do you have? i would setup diffrent IP address for the .rdp and set the firewall to do the NAT.

    Im guessing this is external?

    im guessing you cannot do what you require but i could be wrong.

    Also server 2012 does not use .rdp any more? have you looked into webaccess.??

    James.


    • Edited by James Dyke Wednesday, May 29, 2013 12:30 PM
    Wednesday, May 29, 2013 12:29 PM
  • Hi James

    We have just the 1 external IP unfortunately so NAT via the firewall isn't possible.

    The server is internal, not external and we have full control over the entire network here. We have multiple servers, and so the standard port is only good for rdp to one of them.

    We have configured web access at https://rds1.domain.tld/RDWeb and this works fine internally, but externally it uses the default 3389 port to create the connection which fails due to the non-default port. Web Access does still use .rdp files to launch the Remote Apps anyway, so I downloaded the .rdp file and modified it using notepad to append the custom port on the end and have successfully connected to the Remote App from an external source.

    This means that I know my system is all configured correctly and able to accept connections via the custom RDP port instead of 3389 as expected. However, when creating .rdp files for Web Access or for deployment via GPO etc the system still produces the files using the default port 3389 only.

    Wednesday, May 29, 2013 12:48 PM
  • how are you creating the .rdp files then? can't you just deploy the edited .rdp file?.

    Not sure if a gateway may help??

    http://blogs.msdn.com/b/rds/archive/2013/03/14/what-s-new-in-windows-server-2012-remote-desktop-gateway.aspx

    James.

    Wednesday, May 29, 2013 12:53 PM
  • The .rdp files are created by downloading them directly from Web Access. Log in, click the app, save. I need people to access the Remote App from outside the domain controlled environment, so the only deployment available to me is to email the .rdp file out which seems low-tech considering the infrastructure in place.

    I have a gateway set up and configured also, but it still needs to be aware of the custom port when generating the rdp files for web access, else it attempts to connect to 3389 on the session host and fails from external sources.

    Wednesday, May 29, 2013 12:57 PM
  • Oh, I forgot to mention that rather than emailing the rdp file out, my ideal scenario is to allow users to login to Web Access via RDWeb and run the Remote Apps from there (or download the rdp file if they so wish).
    Wednesday, May 29, 2013 12:58 PM
    • Proposed as answer by James Dyke Thursday, May 30, 2013 8:32 AM
    • Unproposed as answer by h3lpm3plz Thursday, May 30, 2013 8:34 AM
    Wednesday, May 29, 2013 1:02 PM
  • I think you may be right James. It makes no sense as I have done some custom port redirects with the firewall and appended it to the address in the .rdp file to get a connection working.

    I'll have to look into this further and get back to you.
    Wednesday, May 29, 2013 5:42 PM
  • Hi,

    If you use RD Gateway then you only need to open TCP port 443 and UDP port 3391 and forward them to your RD Gateway server.  You may have RD Web Access (uses TCP port 443) and RDG running on the same server.

    When an external client launches a RemoteApp they will connect to your RD Gateway via TCP port 443 and UDP port 3391, then the RDG will connect to your internal RDSH servers using TCP port 3389 and UDP port 3389 on behalf of the external client.  In this way the RDG will act as a middleman between your external users and your internal RDSH servers.

    In Server Manager - Remote Desktop Services - Overview - Tasks - Deployment Properties you need to specify the external FQDN of your RD Gateway server.  If you have RDWeb and RDG on the same server this would be the same FQDN that your users will use for RDWeb.  For example, if your users use https://rds1.yourdomain.com/rdweb to connect to your RD Web Access site, then you would enter rds1.yourdomain.com for the RD Gateway name in deployment properties.

    In the future please ask questions related to Remote Desktop Services over in the RDS Forum.

    Thanks.

    -TP

    • Proposed as answer by James Dyke Thursday, May 30, 2013 8:32 AM
    • Marked as answer by h3lpm3plz Thursday, May 30, 2013 8:33 AM
    Thursday, May 30, 2013 3:44 AM
  • Thanks TP for spelling this out clearly. I've double-checked and I was completely wrong. 

    Basically I had forwarded 443 to the Gateway to view RDWeb and previously done the same for UDP 3391 during initial config - it was these ports being used by my .rdp files not my custom port.

    Thursday, May 30, 2013 8:36 AM
  • Came here looking for answers.  I'm going save some other poor shmuck from having to sift through the registry.  Export the key and make the changes and merge it back in.  Anyone looking how to quickly and easily make an rdp file for remote app.  The RDP settings are in the vicinity of this key as well.  No more sweet icons though. 

    <rant> I thought remoteapp was the greatest thing since sliced bread until MS screwed it all up.  The attractive part of remoteapp was that the user had no idea that program wasn't running on their machine.  Now you get rdweb published stuff.  Can't publish rdp or msi files.  The simple and useful has become the overly complex to get working across multiple users with a multitude of operating systems.  P.S. I want my start menu back!</rant>

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\CentralPublishedResources\PublishedFarms\QuickSessionCollection\DeploymentSettings]
    "fHasCertificate"=dword:00000000
    "CustomRDPSettings"="use redirection server name:i:1
    "
    "DeploymentRDPSettings"="redirectclipboard:i:1
    redirectprinters:i:1
    redirectcomports:i:0
    redirectsmartcards:i:0
    devicestoredirect:s:
    drivestoredirect:s:
    redirectdrives:i:0
    session bpp:i:15
    prompt for credentials on client:i:1
    server port:i:43396
    allow font smoothing:i:1
    promptcredentialonce:i:0
    gatewayusagemethod:i:0
    gatewaycredentialssource:i:0
    use multimon:i:1
    full address:s:someserversomewhere.com
    gatewayprofileusagemethod:i:1
    videoplaybackmode:i:0
    audiocapturemode:i:0


    • Edited by kthane Friday, August 01, 2014 7:59 PM
    Friday, August 01, 2014 7:58 PM
  • Actually, this is not the correct fix for Server 2012 R2 but you did point out the right direction.

    I have two customers running Server 2012 R2 with the exact same problem(s) as mentioned above. The correct way to fix their issues was using this Power Shell command:
    Set-RDSessionCollectionConfiguration

    Editing the Registry manually didn't do the trick so after searching the Web a bit more, it turned out that this PowerShell-command solved the problem, also using the "alternate full address:s:<internalservername.domain.local>" Client parameter.

    This is because somehow Server 2012 R2 uses the external FQDN when adding RemoteApps and that messes the m up (even the default Remote Desktop App when you haven't added any RemoteApps to the collection before!).

    Also don't forget to recreate the Collection(s) after you use the above Powershell-command! That's an important step. Then you're off, finally! Yeah!

    Thursday, January 04, 2018 12:33 AM