Configuring Remote Access using the RDS Gateway Author: AC, SNE
Contents Introduction... 3 Pre-requisites... 3 Supported Operating Systems... 3 Installing the I.T. Services Certificate Authority Root Certificate... 3 Connecting to a target system on Windows 7 operating systems... 8 Troubleshooting... 11 Appendix A - Manually create an RDP connection... 12 Revision History... 16 2
Introduction Remote Desktop Services Gateway is a technology used by I.T. Services in UCC to allow vendors who are authorized to connect via Remote Desktop to Windows Servers on the UCC network. The Remote Desktop Services Gateway service only allows for the re-direction of the clipboard, all other devices are disabled. It is possible to copy and paste files through the Remote Desktop connection for supported Operating Systems but it is not recommended to use this for large files. Pre-requisites This is a list of the pre-requisites for using the Remote Desktop Services gateway service. A supported client operating system A domain account with rights to connect to the target system The Root Certificate for I.T. Services internal Certificate Authority An IP address that has been authorised to connect to target systems Supported Operating Systems The following are the list of Windows client platforms that I.T. Services will support for use with the Remote Desktop Services gateway service. Windows 7 Windows 8 While the service may work with other versions of Windows Operating Systems any issues encountered will not be investigated unless they can be reproduced on a supported operating system. Installing the I.T. Services Certificate Authority Root Certificate This section will show how to install the I.T. Services internal root certificate on a windows client. 1. Launch a Microsoft Management Console by clicking Start then Run or using the Windows Key and R on your keyboard 3
2. Select the certificates snap-in and click Add 3. Select Computer Account 4
4. Select Local Computer and then Click Finish 5. Click Ok 5
6. Select Trusted Root Certification Authorities 6
7. Right click Trusted Root Certification Authorities and select All Tasks and then select Import 7
Connecting to a target system on Windows 7 operating systems On Windows 7 Service Pack 1, the user is prompted with several security warnings during the connection process. 1. Double click on the remote desktop connection file provided or follow the instructions in Appendix A to create a connection file. 2. At this point you receive a warning; you can choose Cancel or click Connect to continue. If you do not want to receive the Warning again, click the Don t ask me again for remote connections to this computer tick box. 3. Enter the credentials to authenticate against the gateway server 4. You will be asked to authenticate a second time, this is to logon to the remote server 8
Note :- If you do not wish to have enter credentials twice then modify the connection file to do this. Open the connection file and click on the Advanced tab and then in the Connect from anywhere section, click on Settings. In the Logon settings section, click on the Use My RD Gateway credentials for the remote computer tick box to enable this functionality. 5. A window will pop up saying that you are connecting to the remote server 6. You may receive a warning similar to the image below; click on Yes if you wish to continue. If you don t want to be prompted for this error again click in the Don t ask me again for connections to this computer tick box. 9
At this stage you are connected to the target system and may be required to enter your credentials to log in to the target system. Note :- It is possible to save the credentials in the RDP file, however I.T. Services does not recommend this due to confusion that may occur at time of password changes 10
Troubleshooting Symptom Unable to connect to remote server Unable to log on Troubleshooting Steps and suggested solutions Does your network firewall allow RDS Gateway traffic? RDS Gateway uses the https (TCP 443) protocol to connect from the client to the remote server Is the Root Certificate installed correctly? Check this by connecting to the URL on the RSDS gateway server https://rdsgateway.ucc.ie/docs/ If there is a certificate error it indicates that the root certificate is not installed correctly or the server certificate has expired Follow the instructions in the section Installing the I.T. Services Certificate Authority Root Certificate to install the root certificate correctly Verify that the certificate has not expired by clicking on the Padlock in the address bar of Internet Explorer and then clicking on View Certificates. This will display the Certificate and you can check the Valid from dates of the certificate Unable to log on Are you attempting to logon outside of your permitted logon hours? By default, vendor accounts have their logon hours restricted. Make sure you are attempting a logon within your allowed logon window. Unable to log on Is the password correct? Are you using the rights password Has the password expired? Contact your UCC contact to get the password reset. Unable to log on Are you using the correct remote server name? When the access is granted it is based on the name of the remote server, the UCC contact will give you the name of the server to use. The RDS Gateway admin will have given your UCC contact the name that the gateway filters on, you using any other name or an IP address will not work. Error Your remote desktop connection failed because the remote computer cannot be authenticated This error occurs because the remote server is using a self-signed certificate. Modify the connection file and change the Server Authentication on the Advanced tab from Do not connect to either Warn me or Connect and don t warn me 11
Appendix A - Manually create an RDP connection This section shows to create an RDP file manually if you have not been provided 1. Open the Remote Desktop Connection application. In the Computer field enter the fully qualified domain name of the machine that you wish to connect to and then click on Show Options. 2. Click on the Advanced tab. In the Server Authentication section click in the drop down and select Warn Me and then in the Connect from anywhere section, click on Settings 12
3. Select the Use these RD Gateway server settings: radio button and in the Server name field enter rdsgateway.ucc.ie and in the Logon Method field select Ask for Password (NTLM) and then click the Ok button Note :- If you do not wish to have enter credentials twice then in the Logon settings section, click on the Use My RD Gateway credentials for the remote computer tick box to enable this functionality. 4. Click on the General tab and make sure the Computer and User Name fields are completed, then click on the Save As button. 13
5. In the File name field enter the name that you want to save the connection as, also make sure than the connection is been saved to a location of your choosing and then click Save. 14
6. At this stage you can click the Connect button to make a connection to the remote server or close the Remote Desktop Connection application 15
Revision History Date Version Editor Description 09/09/2009 0.1 AC Initial Release of document draft version 15/06/2013 0.9 AC Remove support for Windows XP clients 01/08/2013 1.0 AC Add troubleshooting section Add manual connection file as an appendix 16