Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.
To install the Remote Desktop Gateway role service |
-
Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
-
If the Remote Desktop Services role is not already installed:
- In Server Manager, under Roles Summary, click Add
Roles.
- In the Add Roles Wizard, if the Before You Begin page
appears, click Next. This page will not appear if you have
already installed other roles and you have selected the Skip
this page by default check box.
- On the Select Server Roles page, under Roles,
select Remote Desktop Services, and then click
Next.
- On the Remote Desktop Services page, click
Next.
- On the Select Role Services page, select the Remote
Desktop Gateway check box.
- If prompted to specify whether you want to install the
additional role services required for Remote Desktop Gateway, click
Add Required Role Services.
- On the Select Role Services page, click Next.
If the Remote Desktop Services role is already installed:
- Under Roles Summary, click Remote Desktop
Services.
- Under Role Services, click Add Role Services.
- On the Select Role Services page, select the Remote
Desktop Gateway check box, and then click Next.
- If prompted to specify whether you want to install the
additional role services required for Remote Desktop Gateway, click
Add Required Role Services.
- On the Select Role Services page, click Next.
- In Server Manager, under Roles Summary, click Add
Roles.
-
On the Choose a Server Authentication Certificate for SSL Encryption page, specify whether to choose an existing certificate for SSL encryption (recommended), create a self-signed certificate for SSL encryption, or choose a certificate for SSL encryption later. If you are completing an installation for a new server that does not yet have certificates, see Obtain a Certificate for the Remote Desktop Gateway Server for certificate requirements and information about how to obtain and install a certificate.
Under the Choose an existing certificate for SSL encryption (recommended) option, only certificates that have the intended purpose (server authentication) and Enhanced Key Usage (EKU) [Server Authentication (1.3.6.1.5.5.7.3.1)] that are appropriate for the RD Gateway role service will appear in the list of certificates. If you select this option, click Import, and then import a new certificate. A certificate that does not meet these requirements will not appear in the list.
-
On the Create Authorization Policies for RD Gateway page, specify whether you want to create authorization policies (an RD CAP and an RD RAP) during the Remote Desktop Gateway role service installation process or later. If you select Later, follow the procedures in Create an RD CAP to create this policy. If you select Now, do the following:
- On the Select User Groups That Can Connect Through RD
Gateway page, click Add to specify additional user
groups. In the Select Groups dialog box, specify the user
group location and name, and then click OK as needed to
check the name and to close the Select Groups dialog
box.
To specify more than one user group, do either of the following: Type the name of each user group, separating the name of each group with a semi-colon; or add additional groups from different domains by repeating the first part of this step for each group.
- After you finish specifying additional user groups, on the
Select User Groups That Can Connect Through RD Gateway page,
click Next.
- On the Create an RD CAP for RD Gateway page, accept the
default name for the RD CAP (RD_CAP_01) or specify a new name,
select one or more supported Windows authentication methods, and
then click Next.
- On the Create an RD RAP for RD Gateway page, accept the
default name for the RD RAP (RD_RAP_01) or specify a new name,
and then do one of the following: Specify whether to allow users to
connect only to computers in one or more computer groups, and then
specify the computer group; or specify that users can connect to
any computer on the network. Click Next.
- On the Select User Groups That Can Connect Through RD
Gateway page, click Add to specify additional user
groups. In the Select Groups dialog box, specify the user
group location and name, and then click OK as needed to
check the name and to close the Select Groups dialog
box.
-
On the Network Policy and Access Services page (which appears if this role service is not already installed), review the summary information, and then click Next.
-
On the Select Role Services page, verify that Network Policy Server is selected, and then click Next.
-
On the Web Server (IIS) page (which appears if this role service is not already installed), review the summary information, and then click Next.
-
On the Select Role Services page, accept the default selections for Web Server (IIS), and then click Next.
-
On the Confirm Installation Selections page, verify that the following role services will be installed:
- Remote Desktop Services\RD Gateway
- Network Policy and Access Services\Network
Policy Server
- Web Server (IIS)
- RPC over HTTP Proxy
- Remote Desktop Services\RD Gateway
-
Click Install.
-
On the Installation Progress page, installation progress will be noted.
If any of these roles, role services, or features has already been installed, installation progress will be noted only for the new roles, role services, or features that are being installed.
-
On the Installation Results page, confirm that installation for these roles, role services, and features was successful, and then click Close.