RDS 2012 – Configuring a RD Gateway Farm

To configure a RD Gateway Farm, you would need to install the Gateway server Role on two or more servers.

Once you have installed the Gateway role you would then need to export the policies from the first server and import them into the newly created.

Open the RD Gateway Manager, then open the Server properties. Under the server Farm Tab add all the Gateway servers including the Farm name. In this example we use:

Server 1: RDS1.test.local

Server 2: RDS2.test.local

Farm Name: HARDCB.test.local.

This needs to be completed on all RD Gateway servers.


Test the Farm using MSTSC:


27 thoughts on “RDS 2012 – Configuring a RD Gateway Farm

Add yours

  1. Ryan, specifically what does the RG Gateway farm do? Also, is it necessary when you have a H/W load-balancer?

    I currently have a LB pointing at (2) RDG servers and all is working fine (as far as I can see).

  2. Hi, Ryan!
    I have a quistion about RD GW Farm.
    We made a GW Farm with 2 nodes and 2 Farm Names: for internal and external users.
    For internal look like rdgwfarm.domain.local.
    For external look like rds.domain.com.
    Is that right way to do that?
    And another quistion about RDGW Farm.
    Now we trobleshooting an idle about 38 sec when we launch RemoteApp and on a client we used Sysinternals Process Explorer and saw, that clients mstsc connecting to both GW nodes simultaneously. Is that normal? I thought, that client should connect to one of two nodes.

  3. Just a comment regarding the RD Gateway Farm. It is only there for backwards compatibility to guarantee affinity. When the two connections from the client happen to land on different RD Gateway farm members, the farm feature allows the second gateway to route the client traffic to the first gateway, thereby allowing the two RPC over HTTPS connections to be combined into one TCP connection to the RD Session Hosts. Microsoft does not recommend this configuration due to the scale overhead on the RD Gateways.
    You can avoid the issue by simply sticking to a hardware load balancer (i.e. Kemp LoadMaster) or using NLB with affinity.


  4. Hi Ryan.
    Is the farm name the name of the connection broker DNS farm name?
    I’m trying to a new gateway server and i get “Cannot determine the number of connection” error for the newly added server in the server farm tab in the gateway manager.
    please help

    1. It all depends on the server roles. if you are wanting to use this feature, you would add the RD gateway servers to the server farm. I would recommend that you stick with using NLB or a Hardware load balancer. Microsoft does not recommend this feature for scalability

      you don’t need to

      Best regards,

      1. Thanks. Appreciate your immediate response.
        I’m deploying RDS 2012 on Azure and want to add gateway server farm for high availability. I already have connection broker and session host high availability setup and stuck with gateway server role.
        I cannot use hardware load balance or NLB. Please suggest high availability for gateway server role in Azure cloud.


  5. ok. But i have the web access and getway server roles installed in same VMs. I guess to use Azure VLM i will have to have gateway server role running in a different VM. Please confirm

      1. ok. another question. gateway farm is planned to achieve high availability rather than load balancing. So how can Kemp’s availability be ensured. it should cause single point of failure.

      2. You would use 2 kemp load balancers in a active standby configuration. Both aspects are covered, load balancing of sessions across the gateways and in case of a gateway failure, you would have continued access to the service. The gateway Uses two http channels one for input one for output, this means that you would need something that supports IP affinity, cookie based affinity or ssl Id based affinity. Kemp supports all of these. So to answer your question, single point of failure, will happen if a server goes down. This is due to the two http channels. The end user would need to reconnect which would allow them to connect to a second gateway. What kemp does: kemp can spread the load between the gateways, and provide connectivity over a single fqdn.

  6. thanks for the info. i have configured Kemp VLM with gateway server Ips as real servers. But the remoteapp launch fails “remoteapp disconnected your computer can’t connect to the remote computer because an error occured in the remote computer”. the event in the gateway server shows as “Http transport: IN channel could not find a corresponding OUT channel”.

    I have used “weighted least connection” in the scheduling method. still why is the IN & OUT channel not directed to same gateway server ?

    Also, what should be the gateway server name in the “deployment properties” of RDS when i have two loadbalanced gateway servers.

  7. Yes. I’m using “Source IP Address” in the persistence option. I think that would give the affinity to the connection. I still get the ‘IN channel could not find a corresponding OUT channel’ error. Should the gateway server name in the RDS deployment properties be changed to the VLM FQDN ?
    Should anything else be done apart from adding both my real servers to the Kemp virtual service configured with “source ip address” persistence.
    Note : I have both web access & gateway roles installed in two virtual machine and trying to use Kemp for gateway load balancing.

  8. Hi, Can i use Application request routing (ARR) to get the gateway servers loadbalanced ?. I can enable the stickiness using ARR. Why should i use a 3rd party load balancer like Kemp

  9. As I understand it, all clients will get kicked when a Gateway server goes down … right? So the benefit of Gateway farm is to let the client be able to log back in again (on a Gateway server that is still running)?

  10. Hi Ryan,

    Thanks so much for creating this guide. Question for you: should the RD Gateway be on a machine separated from the other RDS services, or could they be deployed on the same machine? (Goal here is for high availability).

    Example A:

    Load Balancer with 2 x DMZ Server (RD Gateway, RD Connection Broker, RD Web Access on each) –>
    2 x Internal Server (RD Session Host on each)

    Or would it be better to deploy Example B:

    Load Balancer with 2 x DMZ Server(RD Gateway, Web Access) –>
    2 x Internal Server (RD connection Broker) –>
    2 x Internal Server (RD Session Host)


  11. Hi Ryan,
    My understanding according to your post is that the RDGW is in charge of creating the secure connection via the RD WEB Access and finally via the broker with the session host.
    I was under the impression that the URL that should be used by external users should point to the RDGW.

    I have a single server configuration that works fine, but then everything except AD is on one server.

    I then built an advanced set of servers according to what you described in this article.
    This is going to be a high availability infrastructure but right now I have configured just the following:
    1 x RDDS – Domain Controller
    1 x RDGW – Gateway
    1 x RDBR – Broker
    1 x RDWA – Web Access
    1 x RDSH – Session Host
    I am using a wildcard certificate.

    All servers are Windows 2012 R2, and are on a cloud so end users are all external.
    When I try to connect to the RDWA URL https://rdwa.contoso.com/rdweb I get the correct logon screen, and when I provide the credentials I can access the published remote App.
    When I try to access the RDGW (which is published as rdgw.contoso.com) I land on the RDGW IIS (which is running by default), and the session doesn’t get redirected to the RDWA.

    So the question is – am I missing an important part of the setup, or the whole concept ?

    Thanks !

  12. Hi Ryan, I am setting up RDS 2012R2 on AWS using an elastic load balancer to deliver applications over https using Remoteapp. My setup is as follows:
    2x RDCB
    SQL mirroring.
    Whenever I try to load an app I get the ” your computer can’t connect to the remote computer because the remote desktop gateway is temporarily unavailable” error
    Should I seperate the RDWEB and RDGW roles onto different server?
    The whole thing is externally available, using a wildcard cert and the AD domain name is the same as the public domain name I am using.
    Any ideas??

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: