Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Terminal Server Gateway deployment best practice

  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Re: Terminal Server Gateway deployment best practice

    So you want the Consultant to use TS Web access to remote into the server. Have you tested remoting into the web server using MSTSC from your own machine when outside?

    With regards to the RDP connection process, have a look at the even viewer and check SSL certificates match and so on.


    • #17
      Re: Terminal Server Gateway deployment best practice

      Hi Virtual,

      Finally I was able to access the Webserver that I want from the internet using Terminal Server Gateway,

      here's what I did:

      on Terminal Server Gateway (open ports 53, 88, 389, 135, 139, 3389, after that only open port 443 to the external and to the webserver):
      1. Join the TSG server into the domain
      2. go through the steps in
      3. TS_CAP_01 settings:
      Requirement tab:
      select password for the authentication
      add BUILTIN\Administrators group
      Device Redirection tab:
      Enable device redirection for all devices
      4. TS_RAP_01 settings:
      User groups tab:
      *make the same members as the previous CAP_01 setting*
      Computer group tab:
      select Allow users to connect to any network resources --> because of this now i can secure RDP to the webserver.
      Allowed ports tab:
      select Allow connection through any port --> and this one as well.
      5. Export the certificate as (whatever).cer and then this must be imported into the Trusted Root CA on the client workstation.

      on the DMZ Webserver (open only on port 443 after going through this steps)
      1. join the webserver to the domain
      2. go to system properties | Remote tab and click on Allow connection from computers running....
      3. click on Remote users button and add the same user as the previous one in the TSG group (step 3 and 4)

      on the client:

      1. import the certificate from the into the trusted root CA location (click on browse and select the folder).
      2. run mstsc (remote desktop application)
      3. General Tab:
      computer: (webserver IP address) --> due to the no DNS available.
      username: Webserver\Administrator
      Advanced Tab:
      select Connect and don't warn me.
      click on settings:
      select use these TS Gateway server settings:
      Server name:
      Login method: NTLM
      click on OK
      then connect by supplying the local admin password.