Remote Desktop Services Gateway configuration for RDS farm

 

 

Remote Desktop Services in Windows Server 2012 has undergone tremendous changes. Right from the installation options (where you get Role-based Installation and Scenario-based Installation), to the view of the environment in Server Manager.

 

One of the biggest concerns in Windows Server 2008 R2 and Windows Server 2012 vis-à-vis Remote Desktop Services was setting up an RD Gateway. You can check the following link for understanding the deployment and the various configurations for RD Gateway and the ports that need to be opened:

Deploying RD Gateway using a Scenario Based Deployment

RD Gateway deployment in a perimeter network & Firewall rules

 

In Windows Server 2008 R2, you had the concept of an RDS farm, where multiple RD Session Host servers can be clubbed together and accessed with a single farm name. But in Windows Server 2012, this has changed into creation of collections. This is then provided and accessed from the RD Web Portal. So, if you had a collection called “Session_Host_Servers”, you will see an RDP icon in the Web Access Portal with the name “Session_Host_Servers”.

But one of the biggest errors that users faced while accessing the RDS farm with a Gateway in place is the following:

“This computer can’t connect to the remote computer because the Terminal Services Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.”

 


09-03-24 SBS 2008 - Gateway Temporarily Not Available[4]

This can occur on multiple occasions, but one of them is where you are trying to connect to the farm name, something like rdfarm.domainname.com and not when you are trying to connect to a RemoteApp or individual RD Session Host Servers, say rds1.domainname.com.

 

This happens because when you try to connect to the farm, the Gateway tries to connect to the DNS and resolve the farm name. But as there is no resource like that, you get the error. So, in order to access the farm as well, you need to add the name of the farm in the RD RAP policies, so that it checks that as a network resource and thus, does not need to resolve the name with the DNS. To do this, follow these simple steps:

1. Right-Click on Resource Authorization Policies and select Manage Local Computer Groups.

1

 

2. Select Create Group.

2

 

3. Enter the farm name and each individual servers in the farm and click on Add. Then click on OK.

3

 

Once these steps are done and you try to connect to the farm name directly, the RD Gateway will come to know that the farm name is a network resource and thus, not give you the error, but actually connect you to the farm.

 

Hope this helps. Happy reading!