26 August 2010

Publish RDS Gateway through TMG

Getting your RDS environment to work internally can be a difficult and time consuming task.  However once you have successfully tested it from your internal network it is fairly easy to publish it with TMG

To test to see if your RDS gateway is working you need to un-check the "Bypass RDS Gateway for Local Addresses" This needs to be done on the RD Session Hosts and the Connection Broker

If this works fine for you then you can go ahead an publish.  

  • Re-check the "Bypass RDS Gateway for Local Addresses" on Session Hosts and the Connection broker. 
  • Export your certificate that you are using for the RD Gateway and install it on the TMG servers.

Create a SSL Listener

  • I specify a IP address for the Listener
  • Enable HTTP and SSL connections
  • For HTTP to HTTPS redirection select redirect all traffic from HTTP to HTTPS
  • From the Certificates tab select "Use a single certificate for this web listener" and select the certificate you installed earlier
  • Authentication is "No Authentication"
Next you need to create the publishing rule

  • Allow
  • From Anywhere
  • to - your RDSGW - Forward original host header - request appear to come from TMG
  • Traffic HTTPS
  • Listener - use the one created earlier
  • Public name - Make this the same as public dns name
  • Paths need to at least include /rdsweb/* and /rpc/*
  • Authentication delegation - "No Delegation, client may authenticate directly"
That's it.

I am going to include the screen shot of the listener and rules, just in case.

And here are the screen shot for the TMG rule


I know this was really spelling it out - but when I was struggling I wished there was someone that could just confirm that something was configured right.

If you need to publish your Gateway in a DMZ or perimiter environemnt here is a very nice detailed article

1 comment:

Anonymous said...

Thanks man, finally someone who spelled it out! No descent manual on the net but this :)

Post a Comment