In order for your users to connect to one of these servers through a single domain name, you will need to place your RDS gateway servers in a NLB cluster.
To do this, open the Network Load Balancing Manager and right-click "New Cluster".
Since creating a cluster is almost identical to creating an IIS web servers cluster, refer to our NLB tutorial for this part.
Enter the name of your 1st RD gateway server and click Connection.
Specify an IP address for this cluster.
Provide a name for your cluster.
Note : if you test this tutorial in virtual (thanks to VMware), choose Multicast because unicast is not supported by default.
If you choose Unicast and your gateway servers are virtualized using VMware Workstation :
Create the associated record on your DNS server :
Note : generally, the DNS server is on the same server as the Active Directory.
Change the default port rule to use only TCP port 443 (HTTPS) and choose the "Multiple Host" filtering mode so that the network load is distributed by NLB on your different RDS gateway servers.
At the moment, you have a cluster with a single RDS gateway server.
To add your 2nd RD gateway server to your cluster, just right-click "Add Host To Cluster" on your NLB cluster.
Enter the name of your 2nd RDS gateway server and click Login.
Then, click Next.
Port rules are already indicated.
Once the configuration is complete, your 2 servers will be in "state : converged".
In the properties of your RD gateways :
Choose the certificate that is valid for the public (external) domain name of your RDS gateways (in our case : rds.informatiweb-tuto.net) and that has been provided by a trusted Internet-based certification authority (such as : Symantec SSL or GeoTrust).
In our case, we used a small trick to generate a free valid Internet certificate for our RD gateways through Let's Encrypt (free certification authority) and OpenSSL (for certificate conversion from PEM to PFX).
Note : to convert the certificate obtained in PEM format (Linux format) to PFX format (Windows format), use this command with OpenSSL 1.x :
openssl pkcs12 -export -out Cert.pfx -in cert.pem -inkey privkey.pem -passin pass:my_pass -passout pass:my_pass
Enter the password protecting the private key.
If the password is correct, the certificate will be imported to the gateway server.
As you can see, our certificate :
Note : for the "No SSL certificate are installed" error to disappear, all you have to do is apply the changes and then reopen that window.
As expected, the error disappears and the message "The following certificate is installed on ..." appears.
Import the same certificate on the 2nd RD gateway server.
Windows Server 6/7/2019
Windows Server 3/8/2019
Windows Server 4/28/2019
Windows Server 3/16/2019
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.