Step 3: Verifying RD Gateway Functionality
Updated: June 24, 2009
Applies To: Windows 7, Windows Server 2008 R2
To verify the functionality of the RD Gateway deployment, complete the following:
Install the SSL certificate for the RD Gateway server on the CONTOSO-CLNT computer.
Enable certificate revocation checking on the CONTOSO-CLNT computer (optional).
Log on to CONTOSO-CLNT as Morgan Skinner and use Remote Desktop Connection (RDC) to connect to the RD Session Host server (RDSH-SRV) by using the RD Gateway server (RDG-SRV).
To install the SSL certificate for the RD Gateway server on the CONTOSO-CLNT computer
Log on to CONTOSO-CLNT as CONTOSO\Administrator.
Open the Certificates snap-in console by doing the following:
Click Start, click Run, type mmc and then click OK.
On the File menu, click Add/Remove Snap-in.
In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and then click Add.
In the Certificates snap-in dialog box, click Computer account, and then click Next.
In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
In the Add or Remove snap-ins dialog box, click OK.
In the Certificates snap-in console, in the console tree, expand Certificates (Local Computer), and then click Trusted Root Certification Authorities.
Right-click the Trusted Root Certification Authorities folder, point to All Tasks, and then click Import.
On the Welcome to the Certificate Import Wizard page, click Next.
On the File to Import page, in the File name box, click Browse, and then browse to the location where you copied the SSL certificate for the RD Gateway server. From the file type drop-down list, select All Files (*.*). Select the certificate RDG-SRV.cer, click Open, and then click Next.
On the Certificate Store page, accept the default option (Place all certificates in the following store - Trusted Root Certification Authorities), and then click Next.
On the Completing the Certificate Import Wizard page, confirm that the correct certificate has been selected and that the following certificate settings appear:
Certificate Store Selected by User: Trusted Root Certification Authorities
File Name: FilePath\RDG-SRV.cer
After the certificate import has successfully completed, a message appears confirming that the import was successful. Click OK.
With Certificates selected in the console tree, in the details pane, verify that the correct certificate appears in the list of certificates on the CONTOSO-CLNT computer.
Log off from the CONTOSO-CLNT computer.
To enable certificate revocation checking on the CONTOSO-CLNT computer (optional)
Log on to CONTOSO-CLNT as CONTOSO\Administrator.
Click Start, point to All Programs, and then click Accessories.
Right-click Command Prompt, and then click Run as administrator.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
At the command prompt, type
reg add "HKCU\Software\Microsoft\Terminal Server Gateway\Transports\Rpc" /v CheckForRevocation /t REG_DWORD /d 1.
The publishing and maintenance of the certificate revocation list is an integral part of the public key infrastructure (PKI), and it is external to RD Gateway. Do not enable certificate revocation checking on RD Gateway client computers until you have confirmed that your deployment can support this; otherwise, even the basic connection to an end resource through the RD Gateway server will not work. This is the reason why certificate revocation checking is disabled by default on the RD Gateway client, and the recommendation is to turn it on as a security best practice only after ensuring that the certificate revocation list is accessible from the Internet.
- Log off the computer.
To connect to RDSH-SRV with RDC by using RDG-SRV
Log on to CONTOSO-CLNT as Morgan Skinner.
Click Start, point to All Programs, point to Accessories, and then click Remote Desktop Connection.
In the Remote Desktop Connection dialog box, click Options.
On the Advanced tab, click Settings.
On the RD Gateway Server Settings page, click Use these RD Gateway server settings, enter the following settings, and then click OK.
Server name: RDG-SRV.contoso.com
Logon method: Allow me to select later
Bypass RD Gateway server for local addresses: Clear check box
On the General tab, in the Computer box, type rdsh-srv, and then click Connect.
In the Windows Security dialog box, type the password for contoso\mskinner, and then click OK.
If the connection is successful, a Windows desktop will appear on the screen for RDSH-SRV.
You have successfully deployed and demonstrated the functionality of RD Gateway on Remote Desktop Services by using the simple scenario of connecting to an RD Session Host server by using RD Gateway with an authorized remote user account by using Remote Desktop Connection. You can also use this deployment to explore some of the additional capabilities of Remote Desktop Services through additional configuration and testing.