How to configure RDG behind NAT

This week’s problem was to make working Remote Desktop Gateway located behind a NAT. Here’s the lessons learned:

  • Issue an SSL certificate with the subject matching public DNS name (FQDN)
  • Use the default port 3389/TCP, otherwise SSL certificate’s name won’t match FQDN returning an error:

    The computer can’t verify the identity of the RD Gateway.

    or if you put it to current user’s Trusted Root Certification Authorities:

    Your computer can’t connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match.

  • Publish on the firewall, i.e. make available from outside, HTTPS port 443/TCP. Otherwise connection won’t be established returning another meaningless error:

    Your computer can’t connect to the remote computer because the RDG server is temporarily unavailable.

That’s all, folks!

This entry was posted in Infrastructure and tagged , . Bookmark the permalink.

5 Responses to How to configure RDG behind NAT

  1. balettan says:

    I am facing the same issue, Can you please explain in detail or share detailed procedure to resolve this issue

    • abatishchev says:

      What’s the error you’re getting? Have you tried the instruction I provided?

    • abatishchev says:

      Actually I’m not an expert I’m this area. The blog post is 7 years old. I got it working and blogged how I got it working, that’s about it. I even don’t remember all the details now. So I unlikely will be s good help on this issue, sorry.

  2. Arun Balan says:

    My scenario is client machine using nat ip to call Remote Desktop Gateway Server and the firewall convert nat ip to actual ip.so I generated SSL for internal ip and installed in client computer then the error is as shown below

    Your computer can’t connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match.

    When I generated SSL for nat ip and installed in client computer the error is as shown below.

    Your computer can’t connect to the remote computer because the RDG server is temporarily unavailable.

    • abatishchev says:

      I think the latter certificate is the right one. The error you’re getting indicates that it’s a firewall issue now. Try to allow everything first to make it working, then start to disallow to see when it stops working.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.