Remote Desktop Services Gateway configuration for RDS farm


 Remote Desktop Services Gateway configuration for RDS farm



Remote Desktop Services in Windows Server 2012 has undergone tremendous changes. Right from the installation options (where you get Role-based Installation and Scenario-based Installation), to the view of the environment in Server Manager.


One of the biggest concerns in Windows Server 2008 R2 and Windows Server 2012 vis-à-vis Remote Desktop Services was setting up an RD Gateway. You can check the following link for understanding the deployment and the various configurations for RD Gateway and the ports that need to be opened:

Deploying RD Gateway using a Scenario Based Deployment

RD Gateway deployment in a perimeter network & Firewall rules


In Windows Server 2008 R2, you had the concept of an RDS farm, where multiple RD Session Host servers can be clubbed together and accessed with a single farm name. But in Windows Server 2012, this has changed into creation of collections. This is then provided and accessed from the RD Web Portal. So, if you had a collection called “Session_Host_Servers”, you will see an RDP icon in the Web Access Portal with the name “Session_Host_Servers”.

But one of the biggest errors that users faced while accessing the RDS farm with a Gateway in place is the following:

“This computer can’t connect to the remote computer because the Terminal Services Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.”


09-03-24 SBS 2008 - Gateway Temporarily Not Available[4]

This can occur on multiple occasions, but one of them is where you are trying to connect to the farm name, something like and not when you are trying to connect to a RemoteApp or individual RD Session Host Servers, say


This happens because when you try to connect to the farm, the Gateway tries to connect to the DNS and resolve the farm name. But as there is no resource like that, you get the error. So, in order to access the farm as well, you need to add the name of the farm in the RD RAP policies, so that it checks that as a network resource and thus, does not need to resolve the name with the DNS. To do this, follow these simple steps:

1. Right-Click on Resource Authorization Policies and select Manage Local Computer Groups.



2. Select Create Group.



3. Enter the farm name and each individual servers in the farm and click on Add. Then click on OK.



Once these steps are done and you try to connect to the farm name directly, the RD Gateway will come to know that the farm name is a network resource and thus, not give you the error, but actually connect you to the farm.


Hope this helps. Happy reading!



Comments (9)

  1. Christina says:

    Could you give a concrete example of the names you are using? Let’s say that my Windows Server 2012 machine has the hostname of WinSRV and my domain name is In the “Collections” area (which you said was previously called farm?) I have a pool of Windows 8 virtual machines called Win8Pool. Under the RD Gateway deployment properties, the server name is What would I put in the “New RD Gateway-Managed Computer Group”?


    Hostname: winsrv

    Domain Name:

    Collection name: win8pool

    Server name:

    How would I add the server farm? Or where can I find the location of the name of the server farm?

  2. Saadallah says:


    Same question , what exactly is the farm name ?


  3. RJdaBest says:

    Does anyone solved this problem? What is exactly the farm name? I am using RDS 2012 and setup a full desktop collection?

  4. Not just the farm name says:

    You have to enter the Farm name and all of it's member servers or you will get authentication errors.

    This is actually mentioned in the Caution message in the above screencap at step 3.

  5. RDS Gateway 2012 deployment says:

    We're running servers in our server-environment for several different customers.

    I would like to have a setup were they connect to our RDS Gateway server and, depending on login, get the pubished apps/desktops for their company/login.

    My question is :

    Can I use one(1) RDS gw for several different customers , with different setups of their RDS server/s .

    During testing I got one RDS to work (2012 R2 server), to publish apps (Calc.exe for the test) and it worked to login and use.

    But when I managed to go through another server with the GW installed, i saw the published app, but got a certificate problem when starting the app. Is the certificate on the RDS to be named as the Gateway-server or as the RDS server? Which one does the connecting user "see"?

    Which roles/services is needed on the Gateway server, which are needed on the RDS server? How do I connect them? Trying to find tutorials, but in general they're just quicksetups with one RDS and GW on that same server.

    I'm starting from a clean slate as it comes to the RDS and Gateway, so I can fiddle around as much as I want now, but soon our customers would like to see a working example.


  6. Ian says:

    The farm name is the single DNS record you give to multiple IPs that make up that farm group (in a round robin DNS scenario)

  7. Soran says:

    Thanks for a nice blog!

    A question: can windows 2008 act as RD Gateway and RD Web Access for windows 2012 Terminal Server?

  8. Lokesh says:

    I have one domain and two session host server(terminal) ,i have installed CB,WEB SERVER ,RD GETWAY in domain and session host role in both terminals . when i connect my terminal to RD WEB to External side of office . Your computer can't connect to the remote computer because the remote desktop gateway server address is unreachable error is showing

    what i do can you help me? if you have any suggestion for the plz help me

    my no is 9716181448

    email id =

  9. me says:


    yes a server can act as all three. this would be ideal for test environments. what works well is

    RDSH = Server A

    RDCB= Server B

    RDGW= Server B

    RDWEB=Server C


    in order for you to complete the external access to rdwebaccess you need to open port 443 in your firewall/router and map it to your rdgateway server address. configure RD CAP/RD RAP policies to allow resources to connect to.

    NAT RULE public IP mapped to internal IP via 443 open

    ACCESS RULE internal ip of RDGATEWAY 443 open