Installing and configuring TS Gateway.

This might appear to be a bit off topic, but it is really not. I have found this Windows 2008 role is very useful in my everyday life, doing development and demonstrations on SharePoint, so here we go:

A hidden jewel of Windows 2008 server is the TS gateway. If you have installed hyper-v on your windows 2008 server at home, you want an easy way to connect to more than one of the virtual servers. The “old” way of doing this was to open use regedit and change the port number for each virtual machine to 3390, 3391, etc… Then you would have to open each of those ports in your firewall.. not a really good or secure approach, not to mention these ports could be closed on the remote site you would be connection from.

TS Gateway solves this problem neatly. It requires you to open only port 443 in your firewall and point it to your TS Gateway server. Connecting remotely you then need to specify your gateway server under “Advanced – Connect from anywhere”. Sounds good? Here is a small walk through on how to get started:

1. Add required roles to your server

clip_image002

Select Terminal Services.

clip_image004

You only need the TS Gateway option checked.

clip_image006

You could either select ”create a self-signed certificate” or ”Choose a certificate later”. You will however need to make one later if you don’t have one matching your firewalls external DNS entry.

clip_image008

There are some policies to set, if you accept default values, you should be fine.

clip_image010

Continuing through the wizard ”Network Policy server” must be installed.

clip_image012

Required roles to IIS are added automaticly.

After the wizard has completed, go to admin tools, terminal services, TS Gateway manager.

clip_image014

Right click your server in the MMC window and select ”properties” and go to the SSL certificate page:

clip_image016

Choose to createa self-signed certificate. This is OK, because you are gone be on the receiving end of this line later on.

clip_image018

Enter the external DNS entry of your firewall. Are you using dyndns.org or similar, then that is the address you want. You need this because your client evaluates the CN name of the certificate against the DNS entry. (Yes, it will work if you add an entry to your host file instead. J)

After pressing OK. The certificate is installed on the server.

You now need to install that same certificate on your clients:
- Press Start – Run – Type mmc and press ok.
- Choose add/remove snap ins from the file menu.
- Add Certificates and choose “Computer account” when prompted.
- You will find your certificate below “Personal – Certificates”. Right click it, choose all tasks and export.

Copy the file to your client computer and right click it, choose “install” and this wizard appears:

clip_image020

clip_image022

Be certain to select this exact location for your certificate.

clip_image024

Press yes in the Security warning dialog and the certificate is installed:

clip_image026

Open TCP port 443 in your firewall, point it to the IP address of your TS gateway server.

Then it is finally time to configure your Remote Desktop connection:

clip_image028

Go to the advanced page and open “settings” below the “Connect from anywhere”.

clip_image030

Enter your firewall’s external DNS (corresponding with the certificate CN name). Press OK.

clip_image032

On the “General” tab, enter either the machine name or IP (ie. 192.168.1.100) to the virtual machine you want to connect to. That’s it! TS Gateway takes care of the rest! J

PS: If you have not installed the certificate correctly, the following dialog will be presented:

clip_image034

 

As you can see, TS Gateway can help you overcome some obstacles, also with MOSS dev and demo.

Good luck!