1.3.1.1.1 Connection Setup Phase
During the connection setup phase, a connection between the RDG client and RDG server is first established, and then the RDG server establishes a connection to the target server. This phase consists of the following four operations:
Tunnel creation: Involves negotiating the protocol versioning and capabilities, returning the server certificate, and returning a context representation for the tunnel (2) to the RDG client. The RDG client presents the context representation to the RDG server in subsequent operations on the tunnel (2). Tunnel (2) creation is accomplished by using the TsProxyCreateTunnel (section 3.2.6.1.1) method which is always the first call in the protocol sequence. A tunnel (2) shutdown, as specified in section 3.2.6.1.3, is possible without proceeding further in the RDG protocol sequence.
Tunnel authorization: Involves processing authorization rules for the RDG client connection, performing health checks, conducting quarantines, enforcing user authentication, performing health remediation as needed, and modifying terminal server device redirection settings. Tunnel authorization is accomplished by calling to the TsProxyAuthorizeTunnel (section 3.2.6.1.2) method which is the second call in the protocol sequence. A tunnel shutdown, as described in section 3.2.6.3, is possible after tunnel authorization without proceeding further in the RDG protocol sequence.
Request for messages: After the tunnel is authorized, if the client and the server are both capable of sending and receiving administrative messages, the RDG client can call TsProxyMakeTunnelCall (section 3.2.6.1.3), with the RDG transport constant TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST (section 2.2.5.2.17) as the parameter. When the server has a message to send to the client, the server completes the pending call to TsProxyMakeTunnelCall and the client then makes another call to TsProxyMakeTunnelCall.
Channel creation: This operation requires that a connection be made to the target server and can also include verification of access rights to determine whether a connection is allowed. The creation of a channel involves creating a server context representation for the channel and returning the context representation to the RDG client. The RDG client can then present the context representation in subsequent operations on the channel. This is accomplished by using the TsProxyCreateChannel method call which is the third call in the protocol sequence. A channel shutdown, as specified in section 3.2.6.3, is possible without proceeding further in the RDG protocol sequence. A tunnel shutdown is only possible after all channels inside the tunnels are shut down. When the channels are not closed by the RDG client prior to requesting tunnel shutdown, they are closed automatically by the RDG server.

Figure 1: Message sequence between the RDG client and RDG server during connection setup phase