remote desktop gateway

8 Topics

Setting up MFA for RD Web Access and RD Web Client using ADFS
All servers in our Remote Desktop Gateway (RDG) environment are running Windows Server 2022 (Datacenter and Standard). The RDG environment is fully operational. Users can successfully authenticate to RD Web Access and the RD Web Client, and all published folders and servers are visible as expected. Most servers are configured for direct access, with a few configured as Session Hosts. Overall, everything is functioning correctly except the MFA. Based on my research into integrating ADFS MFA with RD Web Access / RD Web Client, it appears that MFA is only triggered when authentication flows through Web Application Proxy (WAP). Question: To support MFA for internal users without exposing RD Web externally, I’m considering creating a separate WAP cluster dedicated to internal traffic that would proxy authentication requests to the ADFS servers and trigger MFA. Since I’m still building familiarity with WAP and ADFS, is it supported for ADFS to work with two WAP clusters one handling internal traffic and another handling external traffic against the same ADFS farm? -Larry
EntilZha
Jan 14, 2026 Place Windows Server for IT Pro
10Views
0likes
0Comments
Replacing our Server 2016 RDS with Server 2022 RDS
Hi All, I have a Server 2016 terminal server. I set it up a while ago obviously, and I have 10 2016 RDS CALS installed in the RD license manager. We are part of a domain, and I have a group policy assigned to our current RDS server with lots of user options like session limit, printer redirection, max profile size, etc. I created a new Server 2022 VM and installed the RDS role and all it's features. But for some reason, it doesn't appear to be configuring the services. I add the roles via Server Manager once installed, the computer reboots when the server comes back up, Server Manager starts and says the install is complete. But when I go to the Remote Desktop services section in Server Manager, I get this message: "A remote Desktop Service deployment does not exist in the server pool. To create a deployment, run the Add Roles and features wizard and select the Remote Desktop Services installation option." From looking around on the Internet, at step 3. there should be a configuration step where Server Manager starts and configures the RD gateway, license manager, etc. I also found some articles on the Internet about disabling IPv6 or making sure the server is a member of a domain. I've already tried those things and it's still not helping. I also removed all the Roles and readded, but it still behaves the same. The configuration step doesn't start on reboot and no RDS server. I also installed a web certificate and installed it on the server from my CA. Is there a better way to do this? I haven't worked with RDS in a long time. Here's some event viewer messages Event ID 1306 Remote Desktop Connection Broker Client failed to redirect the user domain\administrator. Error: NULL Event 102 The Remote Desktop Gateway service requires a valid Secure Sockets Layer (SSL) certificate to accept connections. Ensure that you have obtained a valid SSL certificate, and then bind (map) the certificate by using RD Gateway Manager. For more information, see "Obtain a certificate for the RD Gateway server" in the RD Gateway Help. The following error occurred: "259" Event ID 2056 The Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database. Pooled virtual desktop collection name: NULL Error: Logon to the database failed. Event ID 85 The Remote Desktop license server could not be registered as a service connection point in Active Directory Domain Services (AD DS). Ensure that there is network connectivity between the license server and AD DS. To register the license server as a service connection point in AD DS, use Review Configuration in the RD Licensing Manager tool.
Solved
ralvarezOES
Oct 10, 2025 Place Windows Server for IT Pro
297Views
0likes
2Comments
Troubleshooting UPN Authentication Issues in Remote Server Gateway
Hello everyone, I'm a system administrator currently facing an issue with UPN authentication on our Remote Server Gateway. I'm seeking advice or suggestions to resolve this problem. Here's a brief overview of the situation: Internally (at work), authentication using sAMAccountName and Kerberos works with no issues. However, with our Remote Server Gateway, UPN authentication consistently fails, while sAMAccountName works. Steps Taken: Adjusted user accounts, including adding them to global and forest admin groups. Checked DNS configurations, which seem to be correct. Reviewed group policies and found no restrictive settings affecting UPN authentication. Encountered some general event errors related to the failed connections, but they don't provide usable information. My concern is to understand how it could work. Is it possible that Kerberos or NTLM configurations are affecting UPN authentication on the Remote Server Gateway? If so, how can these settings be diagnosed and adjusted? Has anyone faced similar UPN authentication issues with Remote Server Gateways, but working with sAMAccount? Any solutions or advice would be valuable
FelData
Feb 07, 2024 Place Windows Server for IT Pro
1.4KViews
0likes
0Comments
Security Risk: iOS Remote Desktop Client accepting invalid RD Gateway Certificates
After accidentally importing a wrong certificate (CN mismatch) for our RD Gateway jump host, some mobile users were starting to complain immediately because they were getting certificate warnings. After the first report, I verified using my fully updated iPhone with the latest Microsoft Remote Desktop Client (10.3.6) but did not get any certificate warnings with a pre-configured connection using that RD Gateway. However, when using the Workspace Feed (aka RD WebAccess), there was a certificate warning when refreshing the feed. I then cross checked with the Android RDP Client and it showed the RD Gateway Certificate warning as expected. Well, I was a bit baffled and did some experiments: It seems the iOS RDP Client accepts any certificate without checking, self-signed, wrong CN, ... everything seems to be happily accepted ! I even tested with an old Pad using the abandoned Version 8 iOS client and it had the same issue. I know that Apple users love it if something just works, but in this case this would go way to far 😉 And no - the client did not connect directly to the target RDP server - as in skipping the gateway. That connection would not be possible without gateway and the connection also was confirmed in RD Gateway Monitor. Is it possible that Microsoft has this "feature" in the iOS RDP Client, like forever, and I'm the first to notice?
Vinz Focker
Feb 01, 2022 Place Windows Server for IT Pro
1.2KViews
0likes
0Comments
Remote desktop services (RDS) Gateway Server
Remote desktop services (RDS) Gateway Server detecting internal users in monitoring tab under gateway manager. Internal Users are getting flagged and connecting through gateway server. All users are connected with vpn from different sites of office.
Rickywin
Mar 11, 2021 Place Windows Server for IT Pro
1.2KViews
0likes
0Comments
Encrypted RD web application Connection
We need connectivity between user and published RD web application to be an HTTPS connection only with a load balancer in between. We don't want to use the RDP protocol or a direct connection to RDS server. Is it possible ?
Rickywin
Feb 08, 2021 Place Windows Server for IT Pro
1.1KViews
0likes
0Comments
Enable SSL Bridging on the RD Gateway Server
1) How to Enable SSL Bridging on the RD Gateway Server in RDS 2016 ? 2) How to test if it's working or not ?
Rickywin
Jan 31, 2021 Place Windows Server for Developers
2.8KViews
1like
0Comments
Updates KB4534297/KB4534309 Break RDS through Web Application Proxy on Server 2012 R2
We have Remote Desktop https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-integrate-with-remote-desktop-services through Web Application Proxy, both running on Server 2012 R2. The RDS application in WAP is configured for pass-through authentication so users can connect from both Windows and non-Windows ("rich apps" on Android/iOS/Mac) devices. This has been working for the past few years without issue. After installing recent update KB4534309 (or the rollup that contains it, KB4534297), the non-Windows clients are unable to connect. They show error 0x3000008 during the "initiating remote connection" phase: We couldn't connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help. Has anyone experienced this or figured out a way to fix it?
Andrew Colombino
Feb 20, 2020 Place Windows Server for IT Pro
2KViews
0likes
1Comment