2

I have used the following guides with no luck:

http://www.rayheffer.com/953/building-a-remote-desktop-gateway-rdg-rd-gateway-server/

http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-Publishing-RD-Web-Access-RD-Gateway-Part2.html

We have MS TMG 2010 on Server 2008 R2 Standard. All we would like to do is allow home users (who have an AD account at work) connect to their own workstation at work over RDP. Essentially they would be using mstsc.exe from their home computer to do this.

We have to go over port 443 due to filtering of port 3389 on the ISP side. We don't want to use SSTP as Windows XP users won't be able to connect. So I decided to install RD Gateway on the server. We do want to use the same server as where TMG is on.

But even using the guides above, when we try to connect from home, we get:

Your computer can't connect to the remote computer because the remote desktop gateway server is temporarily unavailable.

We are getting so confused with setting this up and have spent weeks on it.

Sometimes we get:

Your computer can't connect to the remote computer because the Remote Desktop Gateway server address requested and the certificate subject name do not match. Contact your network administrator for assistance.

I have only installed the Remote Desktop Gateway role, not the Web Access one as we only want to use mstsc.exe from home.

Uwe L. Korn
  • 224
  • 1
  • 14
Name
  • 33
  • 1
  • 2
  • 4

2 Answers2

1

Well, first of all don't use port 443, that's the default SSL port. If you use a different port for RDP (your explanation doesn't ring true with me - I've never seen an ISP that filters port 3389, but I suppose anything's possible), then you should at least use a port that's not also in use by a common protocol or service.

Second of all, TMG lets you configure a Remote Access VPN. This is what you probably should be doing instead of, or in addition to setting up a Remote Desktop Gateway.

Third, sounds like you'd benefit from hiring an experienced Windows SA to set this up for you, even if only on a contract or consultant basis.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
  • Thanks. It does appear to be a 443 conflict. If I have ONLY the RD Gateway role installed, and not the RD Web role, do I still need IIS 7 installed for RD Gateway functionality - assuming the client will only use mstsc.exe? – Name Oct 10 '12 at 10:11
  • @name No. IIS is not required for RD Gateway. – HopelessN00b Oct 10 '12 at 10:44
  • Thanks. This is so strange. I have IIS disabled completely. Only the RD Gateway role is installed. We have TMG on the same box. We have a 2nd external IP address assigned to the ext. interface. A TMG rule and listener are made, listening on that IP. When we connect from outside and specify the gateway in mstsc.exe, all that keeps happening is it keeps asking for our credentials over and over. Any ideas where I may be going wrong? Ta – Name Oct 10 '12 at 12:02
1

You have to configure the MSTSC client for the RD Gateway. The easiest thing to do would be creating Connection Files for each Workstation and providing them for the end users. Asking them to configure a Gateway on their own is a bit much for typical users. Once you have the file configured it should be easy to copy it, edit it with notepad and change the workstation it's connecting to.

Chris S
  • 77,337
  • 11
  • 120
  • 212