Installing and configuring TS Gateway.

This might appear to be a bit off topic, but it is really not. I have found this Windows 2008 role is very useful in my everyday life, doing development and demonstrations on SharePoint, so here we go:

A hidden jewel of Windows 2008 server is the TS gateway. If you have installed hyper-v on your windows 2008 server at home, you want an easy way to connect to more than one of the virtual servers. The “old” way of doing this was to open use regedit and change the port number for each virtual machine to 3390, 3391, etc… Then you would have to open each of those ports in your firewall.. not a really good or secure approach, not to mention these ports could be closed on the remote site you would be connection from.

TS Gateway solves this problem neatly. It requires you to open only port 443 in your firewall and point it to your TS Gateway server. Connecting remotely you then need to specify your gateway server under “Advanced – Connect from anywhere”. Sounds good? Here is a small walk through on how to get started:

1. Add required roles to your server


Select Terminal Services.


You only need the TS Gateway option checked.


You could either select ”create a self-signed certificate” or ”Choose a certificate later”. You will however need to make one later if you don’t have one matching your firewalls external DNS entry.


There are some policies to set, if you accept default values, you should be fine.


Continuing through the wizard ”Network Policy server” must be installed.


Required roles to IIS are added automaticly.

After the wizard has completed, go to admin tools, terminal services, TS Gateway manager.


Right click your server in the MMC window and select ”properties” and go to the SSL certificate page:


Choose to createa self-signed certificate. This is OK, because you are gone be on the receiving end of this line later on.


Enter the external DNS entry of your firewall. Are you using or similar, then that is the address you want. You need this because your client evaluates the CN name of the certificate against the DNS entry. (Yes, it will work if you add an entry to your host file instead. J)

After pressing OK. The certificate is installed on the server.

You now need to install that same certificate on your clients:
- Press Start – Run – Type mmc and press ok.
- Choose add/remove snap ins from the file menu.
- Add Certificates and choose “Computer account” when prompted.
- You will find your certificate below “Personal – Certificates”. Right click it, choose all tasks and export.

Copy the file to your client computer and right click it, choose “install” and this wizard appears:



Be certain to select this exact location for your certificate.


Press yes in the Security warning dialog and the certificate is installed:


Open TCP port 443 in your firewall, point it to the IP address of your TS gateway server.

Then it is finally time to configure your Remote Desktop connection:


Go to the advanced page and open “settings” below the “Connect from anywhere”.


Enter your firewall’s external DNS (corresponding with the certificate CN name). Press OK.


On the “General” tab, enter either the machine name or IP (ie. to the virtual machine you want to connect to. That’s it! TS Gateway takes care of the rest! J

PS: If you have not installed the certificate correctly, the following dialog will be presented:



As you can see, TS Gateway can help you overcome some obstacles, also with MOSS dev and demo.

Good luck!

Comments (2)

  1. Top News Stories Virtual SharePoint? (CMS Watch) Last week Microsoft announced new licensing arrangement

  2. Allan Woods says:

    Neat but what I want to do is host sveral of my vm’s through our sharepoint website. How do I connect the VM into sharepoint so that when one of the devlopers clicks on his vm it will load.

    I just can’t work it out. Someone before me had simply added http:/vmm as the url but that is not correct.



Skip to main content