How to configure RDG behind NAT

This week problem was to make working the Remote Desktop Gateway located behind a NAT. Here’s the lesson learned:

  • Issue an SSL certificate with subject matching public DNS name (FQDN)
  • Use default port 3389/TCP otherwise SSL certificate name won’t match FQDN returning an error:

    The computer can’t verify the identity of the RD Gateway.

    or if you put it to current user’s Trusted Root Certification Authorities:

    Your computer can’t connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match.

  • Publish HTTPS port 443/TCP as well. Otherwise connection won’t be established returning another meaningless error:

    Your computer can’t connect to the remote computer because the RDG server is temporarily unavailable.

That’s all, folks!