To configure a RD Gateway Farm, you would need to install the Gateway server Role on two or more servers.
Once you have installed the Gateway role you would then need to export the policies from the first server and import them into the newly created.
Open the RD Gateway Manager, then open the Server properties. Under the server Farm Tab add all the Gateway servers including the Farm name. In this example we use:
Server 1: RDS1.test.local
Server 2: RDS2.test.local
Farm Name: HARDCB.test.local.
This needs to be completed on all RD Gateway servers.
Test the Farm using MSTSC:
Ryan Mangan's IT Blog 
Ryan, specifically what does the RG Gateway farm do? Also, is it necessary when you have a H/W load-balancer?
I currently have a LB pointing at (2) RDG servers and all is working fine (as far as I can see).
Hi,
Please see the following link on what a RDS gateway is http://windows.microsoft.com/en-gb/windows7/what-is-a-remote-desktop-gateway-server. You don’t need to use a hardware Load Balancer, but for they do improve performance and provide more features http://blogs.msdn.com/b/rds/archive/2009/03/24/improving-ts-gateway-availability-using-nlb.aspx
Best Regards,
Hi, Ryan!
I have a quistion about RD GW Farm.
We made a GW Farm with 2 nodes and 2 Farm Names: for internal and external users.
For internal look like rdgwfarm.domain.local.
For external look like rds.domain.com.
Is that right way to do that?
And another quistion about RDGW Farm.
Now we trobleshooting an idle about 38 sec when we launch RemoteApp and on a client we used Sysinternals Process Explorer and saw, that clients mstsc connecting to both GW nodes simultaneously. Is that normal? I thought, that client should connect to one of two nodes.
Just a comment regarding the RD Gateway Farm. It is only there for backwards compatibility to guarantee affinity. When the two connections from the client happen to land on different RD Gateway farm members, the farm feature allows the second gateway to route the client traffic to the first gateway, thereby allowing the two RPC over HTTPS connections to be combined into one TCP connection to the RD Session Hosts. Microsoft does not recommend this configuration due to the scale overhead on the RD Gateways.
You can avoid the issue by simply sticking to a hardware load balancer (i.e. Kemp LoadMaster) or using NLB with affinity.
CR
Thanks Cláudio, Great info with regards to Microsoft’s recommendations. Of course this is only a how to guide, but for readers take note and have a look at my RDS 2012 Load Balancer posts.
https://ryanmangansitblog.wordpress.com/2013/09/05/load-balance-rds2012-rdwa-and-rdgw-using-sub-interfaces-on-kemps-loadmaster/
Hi Ryan.
Is the farm name the name of the connection broker DNS farm name?
I’m trying to a new gateway server and i get “Cannot determine the number of connection” error for the newly added server in the server farm tab in the gateway manager.
please help
It all depends on the server roles. if you are wanting to use this feature, you would add the RD gateway servers to the server farm. I would recommend that you stick with using NLB or a Hardware load balancer. Microsoft does not recommend this feature for scalability
you don’t need to
Best regards,
Thanks. Appreciate your immediate response.
I’m deploying RDS 2012 on Azure and want to add gateway server farm for high availability. I already have connection broker and session host high availability setup and stuck with gateway server role.
I cannot use hardware load balance or NLB. Please suggest high availability for gateway server role in Azure cloud.
Thanks
yes you can, download KEMP’s Azure VLM its free.
ok. But i have the web access and getway server roles installed in same VMs. I guess to use Azure VLM i will have to have gateway server role running in a different VM. Please confirm
That’s not a problem, they both use https, and if you want to separate the services you can use sub interfaces
ok. another question. gateway farm is planned to achieve high availability rather than load balancing. So how can Kemp’s availability be ensured. it should cause single point of failure.
You would use 2 kemp load balancers in a active standby configuration. Both aspects are covered, load balancing of sessions across the gateways and in case of a gateway failure, you would have continued access to the service. The gateway Uses two http channels one for input one for output, this means that you would need something that supports IP affinity, cookie based affinity or ssl Id based affinity. Kemp supports all of these. So to answer your question, single point of failure, will happen if a server goes down. This is due to the two http channels. The end user would need to reconnect which would allow them to connect to a second gateway. What kemp does: kemp can spread the load between the gateways, and provide connectivity over a single fqdn.
On event of active Kemp load balancer automatically failover to the standby load balancer ?
Yes
thanks for the info. i have configured Kemp VLM with gateway server Ips as real servers. But the remoteapp launch fails “remoteapp disconnected your computer can’t connect to the remote computer because an error occured in the remote computer”. the event in the gateway server shows as “Http transport: IN channel could not find a corresponding OUT channel”.
I have used “weighted least connection” in the scheduling method. still why is the IN & OUT channel not directed to same gateway server ?
Also, what should be the gateway server name in the “deployment properties” of RDS when i have two loadbalanced gateway servers.
Ensure that you are using one of the recommended affinity rule as your in and out channels are being broken up . I did mention this In a previous reply.
Yes. I’m using “Source IP Address” in the persistence option. I think that would give the affinity to the connection. I still get the ‘IN channel could not find a corresponding OUT channel’ error. Should the gateway server name in the RDS deployment properties be changed to the VLM FQDN ?
Should anything else be done apart from adding both my real servers to the Kemp virtual service configured with “source ip address” persistence.
Note : I have both web access & gateway roles installed in two virtual machine and trying to use Kemp for gateway load balancing.
Hi, Can i use Application request routing (ARR) to get the gateway servers loadbalanced ?. I can enable the stickiness using ARR. Why should i use a 3rd party load balancer like Kemp
Layer 7 Load balancers provide real time health checks. They also allow IP affinity rules. RD Gateway uses two HTTP channels so source IP affinity needs to be used. have a look at the following article which states issues with ARR http://forums.iis.net/t/1208158.aspx?RD+Gateway+through+IIS+ARR
As I understand it, all clients will get kicked when a Gateway server goes down … right? So the benefit of Gateway farm is to let the client be able to log back in again (on a Gateway server that is still running)?
Hi Ryan,
Thanks so much for creating this guide. Question for you: should the RD Gateway be on a machine separated from the other RDS services, or could they be deployed on the same machine? (Goal here is for high availability).
Example A:
Load Balancer with 2 x DMZ Server (RD Gateway, RD Connection Broker, RD Web Access on each) –>
2 x Internal Server (RD Session Host on each)
Or would it be better to deploy Example B:
Load Balancer with 2 x DMZ Server(RD Gateway, Web Access) –>
2 x Internal Server (RD connection Broker) –>
2 x Internal Server (RD Session Host)
Thoughts?
Hi Ryan,
My understanding according to your post is that the RDGW is in charge of creating the secure connection via the RD WEB Access and finally via the broker with the session host.
I was under the impression that the URL that should be used by external users should point to the RDGW.
I have a single server configuration that works fine, but then everything except AD is on one server.
I then built an advanced set of servers according to what you described in this article.
This is going to be a high availability infrastructure but right now I have configured just the following:
1 x RDDS – Domain Controller
1 x RDGW – Gateway
1 x RDBR – Broker
1 x RDWA – Web Access
1 x RDSH – Session Host
I am using a wildcard certificate.
All servers are Windows 2012 R2, and are on a cloud so end users are all external.
When I try to connect to the RDWA URL https://rdwa.contoso.com/rdweb I get the correct logon screen, and when I provide the credentials I can access the published remote App.
When I try to access the RDGW (which is published as rdgw.contoso.com) I land on the RDGW IIS (which is running by default), and the session doesn’t get redirected to the RDWA.
So the question is – am I missing an important part of the setup, or the whole concept ?
Thanks !
The whole concept. You don’t connect to the gateway with using a web browser. You would connect to using the gateway using MSTSC, or using a RDP file.
Hi Ryan – you are right.
Thanks !
Hi Ryan, I am setting up RDS 2012R2 on AWS using an elastic load balancer to deliver applications over https using Remoteapp. My setup is as follows:
2x RDWEB/RDGW
2x RDCB
2xRDSH
SQL mirroring.
Whenever I try to load an app I get the ” your computer can’t connect to the remote computer because the remote desktop gateway is temporarily unavailable” error
Should I seperate the RDWEB and RDGW roles onto different server?
The whole thing is externally available, using a wildcard cert and the AD domain name is the same as the public domain name I am using.
Any ideas??
the Gateway has two channels input and output. you need to ensure you have persistence setup.