Today, I am going to show you how to deploy simple Remote Desktop Gateway on the Microsoft Windows Server 2019 without complete Remote Desktop Services Infrastructure. It means I don’t have a farm of RD session host servers sitting behind and I don’t want to deploy Connection broker, web access and session host server (e.g. complete infrastructure).

  1. Login to Windows Server 2019.
  2. Open server manager and select add server roles and features.

  3. On the Before You Begin page, click Next.

  4. On the Installation Type page, select Role-based or feature based Installation.

  5. On the Server Selection page, make sure select the Windows 2019 server and click Next.

  6. On the Select server roles page, select Remote Desktop Services, click Next.

  7. On the Select features page, click Next.

  8. On the Remote Desktop Services page, click Next.

  9. On the Select role services page, select Remote Desktop Gateway.

  10. On the Add features that are required for Remote Desktop Gateway page, click Add features.

  11. On the Select role services page, click Next.

  12. On the Network Policy and Access Services page, click Next.

  13. On the Web Server Role (IIS) page, click Next.

  14. On the Select role services page, click Next.

  15. On the Confirm installation selections page, select Restart the destination server automatically if required.

  16. Click Yes on the restart warning message page and then click Install.

  17. On the Results page, make sure installation progress without issues, click Close.

  18. On the Server Manager, select Tools, click Remote Desktop Services and then click Remote Desktop Gateway Manager.

  19. On the RD Gateway Manage page, select the windows server 2019 gateway server (in my case is CGY-RDSH01), click View and modify certificate properties of Configuration Status.

  20. On the Properties page, in my case, I would like to access corporate network (servers) from External, so I need to purchase and install certificate from public CA. Select Import a certificate into the RD Gateway CGY-RDSH01 Certificates (Local Computer) Personal Store, click Browse and Import Certificate.

  21. I have done exported the wildcard certificate .pfx file from other server and copied it to gateway server, select the .pfx file, click Open.

  22. Enter Private key password, click OK.

  23. Make sure the certificate successfully imports to RD Gateway server, click OK.

  24. On the Properties page, click OK.

  25. On the RD Gateway Manager, expand the RD gateway server, select Policies, click Create New Authorization.

  26. On the Authorization Policies page, select Create a RD CAP and a RD RAP (recommended), click Next.

  27. On the Connection Authorization Policy page, type the name for the RD CAP, in my case is RD CAP Policy.

  28. On the Requirements page, select Password and click Add Group at User group membership (required).

  29. Enter the security group name which allows to connect to the gateway server, in my case is Domain Users, click OK.

  30. On the Device Redirection page, in my case, I allow device redirection for all client devices, select Enable device redirection for all client devices, click Next.

  31. On the Session Timeout, select enable the, and change the idle and session timeout period settings as your requirements, click Next.

  32. On the RD CAP Summary page, click Next.

  33. On the Resource Authorization Policy page, type the name for the RD RAP, in my case is RD RAP Policy, click Next.

  34. On the User Group, in my case is Domain Users, click Next.

  35. On the Network Resource, in my case, select Allow users to connect to any network resource (computer), click Next.

  36. On the Allowed Ports, select Allow connections only to port 3389, click Next.

  37. On the RD RAP Summary page, click Finish.

  38. On the Confirm Policy Creation page, click Close.

  39. On the RD Gateway Manager, select the Gateway server (in my case is CGY-RDSH01), click Add RD Gateway Server Farm members at Configuration Status.

  40. On the Properties page, select Server Farm, type the Gateway server name for RD Gateway server farm member, in my case is CGY-RDSH01, click Add.

  41. On the Properties page, click Apply.

  42. Make sure the Status of Gateway server shows OK (it may need to take some time for the server to start services), click OK.

  43. Now, it’s the time to test gateway function from External client machine.
  44. Open Remote Desktop Connection from External Client.
  45. Enter computer name of corporate machine (client or server), click Show Options.

  46. Select General and enter User name, click Advanced.

  47. On the Advanced page, click Settings at Connect from anywhere.

  48. On the Connection settings page, select Use these RD Gateway server settings, type FQDN of gateway server to the server name filed.
  49. On the Logon settings, select Use my RD Gateway credentials for the remote computer, click OK.

  50. On the Remote Desktop Connection page, click Connect.

  51. Enter the password of domain user, click OK.

  52. It will connect to the machine directly from external.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun