Windows 2008 Remote Desktop gateway is a great idea.
Instead of opening up multiple machines on your firewall to allow users to remote dektop in, RD gateway allows you to open up a single IP which then tunnels through to RDP servers inside of your network.
RDG uses a combnation of RDRAP and RDCAP to verify who is allowed to use the gateway, and what servers they can connect to.
I had a situation were we needed to grant business Partners access to one of our servers bu I didn't want them to be able to access any other network resources.
So I created a new user and put him in his own group. I also clicked the "Logon to" button and gave him access to the targer server: TARGET
Then I granted that group access to TARGET with RDRAP.
I also added the user into the "Administrators" group on the TARGET machine.
But...
Something didn't work...
I could connect using RDP in the office with that username to the TARGET machine but not through the RD gateway. I kept getting logon error messages and asked to re enter the password.
After much headscratching it was found that it was the "Logon to" setting that was causing the problem.
RD Gateway will not work with a user with "Logon to" set. You can either delete the setting OR add in the client machine name.. yes.. really... the name of the PC you wil be running the Remote Desktop Client from!It sounds crazy, but it definitely works, so hopefully you don't have to go throught the same hoops I did to work it out.
Thanks go to the guys on the Windows Server Forums for helping me work this out.
If this post helped you out, please show your thanks by clicking on one of the adverts located on the page.