Remote Desktop Gateway Role Service Migration
Applies To: Windows Server 2008, Windows Server 2008 R2
This guide describes how to migrate the Remote Desktop Gateway (RD Gateway) role service. It shows how to export Remote Desktop connection authorization policies (RD CAPs), Remote Desktop resource authorization policies (RD RAPs), and RD Gateway properties by using Remote Desktop Gateway Manager. In addition, this guide explains how to use RD Gateway Manager to import RD Gateway settings to a destination RD Gateway server.
This migration process can also be used to export Terminal Services connection authorization policies (TS CAPs), Terminal Services resource authorization policies (TS RAPs), and TS Gateway properties to an RD Gateway server. Preparation and verification of the migration are included in the guide.
In Windows Server 2008 R2, the TS Gateway role service is now called the RD Gateway role service. In this migration guide, this new terminology is used even when referring to previous versions of Windows Server unless there is a difference that makes it necessary to mention TS Gateway separately. Security group names have not changed in Windows Server 2008 R2.
Overview of the migration process for the RD Gateway role service
The RD Gateway role service migration process includes the following topics:
What needs to be migrated during the preparation phase
The following features are not migrated by using RD Gateway Manager. They must be migrated separately when you are preparing to migrate. For more information about how to migrate these features, see RD Gateway Migration: Preparing to Migrate.
Web Server (IIS)
Secure Sockets Layer (SSL)-compatible X.509 certificates
Network Access Protection (NAP) policies (from Windows Server 2008)
What is migrated by using RD Gateway Manager
By using RD Gateway Manager and the steps in this guide, you can export all RD CAP settings and RD RAP settings and most RD Gateway properties (except certificates) from an existing RD Gateway server, and import these settings and properties to a destination server within or across domains. The following settings will be migrated.
Remote Desktop connection authorization policies (RD CAPs)
State of the RD CAP (enabled or disabled)
Windows Authentication methods
Active Directory user groups used in RD CAPs
Local users (only if the user group exists on the destination server)
Computers to which users are allowed to connect
Idle and session timeout settings
Device redirection settings
Network Access Protection (NAP) settings inside the RD CAP (only for Windows Server 2008 R2)
Remote Desktop resource authorization policies (RD RAPs)
State of the RD RAP (enabled or disabled)
Computer groups that allow connections
Allowed ports that Remote Desktop Services clients can connect through
Active Directory user groups associated with RD RAP policies
Active Directory computer groups managed by RD Gateway
RD Gateway server properties
Logon and system message settings
Number of connections allowed through the RD Gateway server
Central RD CAP store servers
RD Gateway server farm members