IDEE
← 🌐 Configure RDWeb with Web-AuthN
1 of 2

πŸšͺ Configuring RD Gateway

πŸ“ Step 1: Launch the RD Gateway Configuration Wizard

  1. On your Windows Server, open Server Manager.

  2. Navigate to:
    Remote Desktop Services β†’ Overview

  3. In the DEPLOYMENT OVERVIEW section, find the RD Gateway role.

  4. Click the Task dropdown menu and select Configure RD Gateway.

βš™οΈ Step 2: Specify the Gateway Server & SSL Certificate

  1. The configuration wizard will launch. Click Next.

  2. Select a server: Choose the server you want to act as your RD Gateway from the list.

  3. SSL Certificate Configuration:

    • For the SSL certificate name, paste the External URL you copied from the Entra Application Proxy setup.

  4. Complete the wizard with the remaining default settings.

πŸ”— Step 3: Link the Gateway to the Deployment Properties

  1. Back in the DEPLOYMENT OVERVIEW, click the Task dropdown again and this time select Edit Deployment Properties.

  2. Navigate to the RD Gateway tab.

  3. Select the option: "Use these RD Gateway server settings:"

  4. In the Server name field, paste the same External URL.

  5. Crucially, uncheck the box for "Bypass RD Gateway server for local addresses". This ensures all traffic, even from inside the network, flows securely through the gateway for consistent behavior.

πŸ“œ Step 4: Configure Certificates (Critical Step)

  1. Stay in the Deployment Properties window and click on the Certificates tab.

  2. You must ensure certificates are configured for both:

    • RD Connection Broker

    • RD Web Access

  3. Use the same public TLS certificate (from a trusted CA like DigiCert, Sectigo) that you used for your RD Web Access server. It must contain the external FQDN.

πŸ” Step 5: Establish Certificate Trust

For the entire system to function without certificate errors, you must:

  1. On both your RD Gateway server and RD Web Access server:

  2. Install the public TLS certificate into the Trusted certificate store.

  3. Install the Root CA certificate (the authority that issued your public cert) and any Intermediate CA certificates into the Trusted Root Certification Authorities store.