IT Knowledge Base

User Tools

Site Tools


Contact me at for any feedback or suggestions.

My other sites:

Search all my sites:


Remote Desktop Gateway

Installing it

Go into Server Manager > Remote Desktop Services > Deployment Servers, and in here, add a Remote Desktop Gateway server. This will install the role, and also add it to the deployment.

If you just add the role, using the Add Roles wizard, then it isn't added to the deployment.

I found this out when I tried adding RD Gateway role by using the Add Roles wizard, and then I went into the deployment properties, certificates - next to the RD Gateway role service, it listed the Level as “Unknown” and I was not able to configure the certificate. After adding the RD Gateway server to the “Deployment Servers”, Unknown changed to “Not Configured”.

Allow access to servers

To specify which servers can be accessed, and by who, create a “Resource Authorization Policy” in the RD Gateway Manager.

For those servers which you just access for administration (ie everything except the RDS session hosts), I suggest creating a group which just includes your support user accounts.

Connect to Desktops

To use the “connect to a Remote Computer” feature in RDS 2012 you would need to add the RD gateway address to the settings on the web access server

Configure “Connect to a Remote Computer” in RDWeb 2012 – Ryan Mangan's IT Blog

Other notes

The Remote Desktop Gateway Manager displays a summary of the number of connections from remote users to computers on the internal network.

Server Manager > Tools > Terminal Services > Remote Desktop Gateway Manager (installed with the RD Gateway role)

By default uses ports 443 and 3391. Use RD Gateway Manager tool to change the RD Gateway Port.

How to change the externally published FQDN

Weird setup notes

All of the below is untested, or only tested to some degree. I can't stand behind this info, but it may be a useful place to start. Do your own testing!

Setup RD Gateway Role on Windows Server 2012 R2 - VirtuallyBoring - setup guide

Changing the RDWeb External Port

If using RDWeb and you need to change the port, achieved by changing the RDGateway port. Eg you may be forwarding 4433 external to 443 internal - but if you want to change the port for RDWeb - you actually go into RD Gateway Manager, properties, change the port there to 4433.

Steps to get RD Web working with a different port than 443:

(this example is using a single server called rds01.mundy.local, externally available on, which holds all roles: RD session host, RD Gateway, and RD Web.

  1. Change the published FQDN for the RD Deployment to rds01.mundy.local

    from TechNet - Change published FQDN for Server 2012 or 2012 R2 RDS Deployment

  2. Changed the RD Gateway server name on the deployment settings to rds01.mundy.local
  3. Changed the TCP port in RD Gateway Manager from 443 to 4433
  4. Forwarded external 4433 to the RD Gateway server on 443
  5. Set the custom attribute for RDWeb to use the external FQDN and custom port to reach RD Gateway:
    Set-RDSessionCollectionConfiguration -CollectionName “Remote Desktop Collection - 1” -CustomRdpProperty “” -ConnectionBroker rds01.mundy.local
remote_desktop_gateway.txt · Last modified: 2018/04/17 11:10 by Dan Mundy