Forum Discussion
Solved
RDS connections are Not using HTTPS
I've built a VDI with 3 Windows server 2019 on Hyper-V on Windows 10 pro latest version. testing it on my local network, when clients connect to the RDS server, gateway manager shows the connections ...
Some updates,
I got an answer from a Microsoft expert and he said that
"With an RDP Gateway in the connection path it will end up RDP over HTTPS on port 443 and the Gateway will NAT that traffic back to 3389 to the endpoint on the LAN."
so that's probably why I'm seeing 3389 HTTP on the gateway monitoring because it only shows the endpoint and not what is happening before NAT.
I know it's possible to verify that by using tools such as Wireshark or Fiddler and i will do that later.
my RDGateway is on the same server as the rest of the VDI components, my VPN server is the only one behind DMZ, i haven't opened any ports manually in the firewalls. so i guess i'm gonna be fine.Another option that can be used with success is Azure App Proxy and RDP Gateway to help secure this while not requiring a VPN with Pre Auth at the Azure AD level.
Details on that secure method of publishing RDP Gateway in the link below
Try adjusting the following
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core
and change the Key IsUdpEnabled to 0 (instead of 1)
Give that a try. I know of a bug in Server 2019 where UDP could not be unchecked in the GUI so has to be done via the registry.
Now the UDP is gone and only the HTTP connection on port 3389 is shown in gateway monitoring. still no HTTPS
