TNBlogsFS/BlogFileStorage/blogs_technet/sbs/WindowsLiveWriter/HowtoManuallyInstallCertificatesinSBS200_7019/image_thumb.png' alt='Install Terminal Services Server 2008 R2 Certificate' title='Install Terminal Services Server 2008 R2 Certificate' />Remote Desktop Services in Windows 2. R2 Part 2. Welcome to the second article in this series on Remote Desktop Services in Windows 2. R2.  We were first introduced to the Remote Desktop RD Gateway in the first release of Windows 2. RD Gateway was formerly known as Terminal Server TS Gateway. TS Gateway opened up Remote Access barriers providing access to our Terminal Servers via SSL or port 4. VPN access through either IPSEC or L2. TP. In Windows Server 2. R2, not much has changed and in todays article I will provide you with a step by step guide on configuring your RD Gateway which will provide your remote users access to the Remote Desktop Host or RD Web Access via any Internet connection utilising Remote Desktop Connection client over HTTPS. If you missed part 1 of this series which discussed the installation of your Remote Desktop Role and services, you can access it here. There are a number of prerequisites that are required in order for the RD Gateway to function and these were all setup in part 1 of this series. For reference I have listed these below Remote procedure call RPC over HTTP Proxy Internet Information Services. Lets begin by navigating to All Programs Administrative Tools Remote Desktop Services Remote Desktop Gateway Manager. Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4. You will be presented with the below screen. In the left navigation pane of your RD Gateway Manager MMC console, click on your server and select properties under Actions. We will now go through each tab under the server properties and make any necessary configuration changes. Lets refer to this process as post wizard configuration. Share Windows applications and data with users anywhere in the world. Multiuser plans start from 8. To test your scenario, here is what I did I have Windows Server 2008 R2 DC Installed Roles Active Directory Certificate Services, Active Directory Domain. Under the General Tab, we are provided with the ability to configure the maximum number of connections that are allowed to connect to this RD Gateway. If you are concerned with server performance, we can set a hard limit of allowed simultaneous connections. We can also disable new connections if we are performing scheduled maintenance on our server. The next tab allows us to secure the RD Gateway by using an SSL certificate. We can create a self signed certificate recall that this was completed during the initial install wizard in part 1 of this series, select an existing certificate that is located on the server under Certificates Personal store or Import a certificate that we have requested via a 3rd Party Certification Authority CA or utilising an internal CA. It is deemed best practice to utilise a 3rd party CA that participates in the Microsoft Root Certification Members Programme alleviating the headache that is usually involved in exporting the root certificate, distributing them to your end users and then providing them with instructions on how to import them into their local machines. Utilising a self signed certificate is usually reserved for testing purposes only, and not in a production environment, however it will suffice in this step by step guide. The third tab introduces the RD CAP Store and provides us with the ability to utilise our local server running Network Policy Server NPS or the ability to specify a central server that is already configured and running NPS. This was also initially configured during the installation wizard of our Remote Desktop Services role in part 1. The next tab, Server Farm, allows us to specify farm members for the RD Gateway. As a minimum we need to Add this RD Gateway server below as follows. You do so by entering the fully qualified domain name of the server and clicking on Add. It will then add it below under Remote Desktop Gateway server farm status as per the below screen capture. You will notice the above warning regarding the registry not being updated. This warning will disappear and the status will change to OK after clicking on Apply. The next tab allows you to select or deselect events that you would wish to log. These corresponding events are stored in Event Viewer under Application and Services LogsMicrosoftWindowsTerminal Services Gateway. By default, all items under the Auditing tab are selected to be captured and logged. The below screen capture is an example of the Terminal. Services Gateway Event Viewer on our Windows 2. R2 server. SSL bridging is next and is required to be configured if you are utilizing Microsoft ISA Server to further secure the RD Gateway. Microsoft ISA Server is a great application level firewall which offers reverse proxy and can be configured to work hand in hand in providing secure access over SSL. The last tab in the RD Gateway properties is Messaging which was not present in Windows 2. TS Gateway. This is a welcome addition for administrators to utilise when pre planning for system maintenance and wanting to advise users with a global system notification, and the also providing the ability to set a logon message such as the companys logon policy. The first area within the Messaging tab is the ability to set a timed system message with the ability to set a start datetime and end datetime. When a user logs in via the RD Gateway, they will be presented with the following message that we configured above The second area under messaging allows you to specify a message such as your companys logon policy that will appear each time a user logs into the RD Gateway remote computer. This is simply a text file with the contents within. The below similar notice is what will appear when logging on to your Remote Desktop Host via the RD Gateway. You will notice that the system will not continue to login the OK button is dimmed unless you accept the terms of this policy. The last option allows you to specify that connections to the Remote Desktop Host via the RD Gateway will be restricted to clients that support RD Gateway messaging which is anything greater than Remote Desktop Client version 7. Now prior to connecting to the RD Gateway and testing our setup, we will need to export the self signed SSL certificate located on the RD Gateway and install it on our client computer that we will be connecting from. The easiest way to accomplish this is to open the Certificates MMC snap in, locate the certificate from the Personal Certificates store, and right click, All Tasks Export. This will invoke the below Certificate Export Wizard. Click Next. Select Yes, export the private key. Click Next. Select, Include all certificates in the certificate path if possible. Buy A Windows Vista Product Key. Click Next. Type and confirm a password and then click Next again. Specify a name and location to export the pfx certificate file. Click Next and then Finish. We can now copy or email the exported certificate to our end users who will then install the certificate to their local personal store. This can be easily achieved by double clicking on the exported certificate and invoking the Certificate Import Wizard. Please ensure that when you come to the Certificate Store section of the Import Wizard that you select Place all certificates in the following store and select Trusted Root Certification Authorities. Now that we have successfully imported the root self signed certificate authority, we can now test our setup and login to our remote computer via the RD Gateway. Before we begin, you need to ensure that you are running the latest Remote Desktop Connection client which is version 7. This version is already included with Windows 7 and is made available for download to Windows Vista SP1 and SP2 clients and to Windows XP SP3 clients. This can be downloaded from the Microsoft Support site http support.