This week’s problem was to make working Remote Desktop Gateway located behind a NAT. Here’s the lessons learned:
- Issue an SSL certificate with the subject matching public DNS name (FQDN)
- Use the default port 3389/TCP, otherwise SSL certificate’s name won’t match FQDN returning an error:
The computer can’t verify the identity of the RD Gateway.
or if you put it to current user’s Trusted Root Certification Authorities:
Your computer can’t connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match.
- Publish on the firewall, i.e. make available from outside, HTTPS port 443/TCP. Otherwise connection won’t be established returning another meaningless error:
Your computer can’t connect to the remote computer because the RDG server is temporarily unavailable.
That’s all, folks!