Remote Desktop Gateway Installation Prerequisites

Applies To: Windows Server 2008 R2

For RD Gateway to function correctly, you must meet these prerequisites:

  • You must have a server with Windows Server 2008 R2 installed.

  • Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at

  • You must obtain a Secure Sockets Layer (SSL) certificate for the RD Gateway server if you do not have one already. By default, on the RD Gateway server, the Internet Information Services (IIS) service uses Transport Layer Security (TLS) 1.0 to encrypt communications between clients and RD Gateway servers over the Internet. For TLS to function correctly, you must install an SSL certificate on the RD Gateway server.


You do not need a certification authority (CA) infrastructure within your organization if you can use another method to obtain an externally trusted certificate that meets the requirements for RD Gateway. If your company does not maintain a stand-alone CA or an enterprise CA and you do not have a compatible certificate from a trusted public CA, you can create and import a self-signed certificate for your RD Gateway server for technical evaluation and testing purposes. For more information, see Create a Self-Signed Certificate for the Remote Desktop Gateway Server.

For information about certificate requirements for RD Gateway and how to obtain and install a certificate, see [Obtain a Certificate for the Remote Desktop Gateway Server](cc725949\(v=ws.10\).md).  
  • If you configure an RD Gateway authorization policy that requires that users on client computers be members of an Active Directory security group to connect to the RD Gateway servers, the RD Gateway servers must also be members of an Active Directory domain.

Role, role service, and feature dependencies

To function correctly, RD Gateway requires several role services and features to be installed and running. When you use Server Manager to install the RD Gateway role service, the following additional roles, role services, and features are automatically installed and started, if they are not already installed:

  • Remote procedure call (RPC) over HTTP Proxy

  • Web Server (IIS) [Internet Information Services]

    IIS must be installed and running for the RPC over HTTP Proxy feature to function.

  • Network Policy and Access Services

    You can also configure RD Gateway to use Remote Desktop connection authorization policies (RD CAPs) that are stored on another server that runs the Network Policy Server (NPS) service. By doing this, you are using the server running NPS, formerly known as a Remote Authentication Dial-In User Service (RADIUS) server, to centralize the storage, management, and validation of RD CAPs. If you have already deployed a server running NPS for remote access scenarios such as VPN and dial-up networking, using the existing server running NPS for RD Gateway scenarios as well can enhance your deployment.

Additional references