External clients can't access my RDS farm – here's what I've set up:
(all servers are Win 2012 R2 and clients are Win 8.1)
Server: PDC1
ip: 10.0.0.2
roles: file, print, sql 2012, dhcp, dns, RD License Server, RD Gateway, RD Web Access
Server: SVRDS1
ip: 10.0.0.3
roles: RD Host Session, RD Connection Broker (HA)
Server: SVRDS2
ip: 10.0.0.4
roles: RD Host Session, RD Connection Broker (HA)
Server: SVRDS3
ip: 10.0.0.5
roles: RD Host Session, RD Connection Broker (HA)
RD Loadbalancing on all three servers.
I've set up round robin (rd.mycompany.local) on SVRDS1-3 and if I internally try to connect to rd.mycompany.local then it works. I'm guided to any of the host servers.
In my firewall, I've set port 3389 to point to SVRDS1. If I only have SVRDS1 in my host collection, every thing is fine – but if I add SVRDS2 and 3 to the host collection, trying to connect externally fails.
My own thoughts…
-
Client tries to connect and hits SVRDS1, but due to loadbalancing, RD want's to transfer to SVRDS2, which is not available from outside the network?
-
I need to use RD Gateway, but how? I don't have a DMZ and I'm not supposed to port forward 443 from PDC1?
-
I should find another job, because I'm a noob at this 😉
Hope you can guide me in a direction – thanks!!!
Best Answer
Using the Gateway is easy and will be very beneficial to you. What you need to do is:
There are a few more minor adjustments, but I'll let you decipher if you need them by reading this resource.
Also, I'd recommend not having all those roles you mentioned you have on your first server, if in fact it is a domain controller. It's always just safer to leave only AD roles on domain controllers, but if you can't change that, then obviously this is just 20/20 hindsight. Just my recommendation, but something I'd highly recommend.