How to configure RDG behind NAT

Posted on 24.03.2014 by abatishchev

This week’s problem was to make working Remote Desktop Gateway located behind a NAT. Here’s the lessons learned:

  • Issue an SSL certificate with the subject matching public DNS name (FQDN)
  • Use the default port 3389/TCP, otherwise SSL certificate’s name won’t match FQDN returning an error:

    The computer can’t verify the identity of the RD Gateway.

    or if you put it to current user’s Trusted Root Certification Authorities:

    Your computer can’t connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match.

  • Publish on the firewall, i.e. make available from outside, HTTPS port 443/TCP. Otherwise connection won’t be established returning another meaningless error:

    Your computer can’t connect to the remote computer because the RDG server is temporarily unavailable.

That’s all, folks!

This entry was posted in Infrastructure and tagged , . Bookmark the permalink.

6 Responses to How to configure RDG behind NAT

  1. balettan says:
    15.05.2021 at 13:26

    I am facing the same issue, Can you please explain in detail or share detailed procedure to resolve this issue

    Reply
    • abatishchev says:
      15.05.2021 at 13:28

      What’s the error you’re getting? Have you tried the instruction I provided?

      Reply
    • abatishchev says:
      18.05.2021 at 22:07

      Actually I’m not an expert I’m this area. The blog post is 7 years old. I got it working and blogged how I got it working, that’s about it. I even don’t remember all the details now. So I unlikely will be s good help on this issue, sorry.

      Reply
  2. Arun Balan says:
    18.05.2021 at 21:18

    My scenario is client machine using nat ip to call Remote Desktop Gateway Server and the firewall convert nat ip to actual ip.so I generated SSL for internal ip and installed in client computer then the error is as shown below

    Your computer can’t connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match.

    When I generated SSL for nat ip and installed in client computer the error is as shown below.

    Your computer can’t connect to the remote computer because the RDG server is temporarily unavailable.

    Reply
    • abatishchev says:
      18.05.2021 at 21:33

      I think the latter certificate is the right one. The error you’re getting indicates that it’s a firewall issue now. Try to allow everything first to make it working, then start to disallow to see when it stops working.

      Reply
  3. Arun Balan says:
    18.05.2021 at 22:00

    Can you please share your email id to share my exact and detailed scenario.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.