Hi,
I am running a VM with an RDS 2012 deployment and all required roles on this VM: Web Access, Gateway, Licensing, Connection Broker and Session Host.
Only change from standard settings is that the RD Gateway's https port has been changed from 443 to 444 to allow it to work behind a NAT firewall where port 443 is required for another website. Router has got port forwarding from external port 444 to VM's port 444 (RD Gateway's port needs to be changed for RDWeb to work properly, otherwise the port number is dropped from its URLs).
In the internal network everything is working fine as one would expect with Deployment Properties RD Gateway set to Automatic (or Custom with "Bypass RD Gateway server for local addresses" set to True), for all of RemoteApps, RDWeb and rdp-client.
Externally, i.e., coming through the router from the outside, I can get the Windows 8 rdp-client (Note: this does not seem to work with a Windows 7 SP1 rdp-client even after patching and changing group policies to support rdp-protocol 8) to work by manually setting the RD Gateway to [myFQDN]:444 under Options/Advanced. It goes through the RD Gateway, the authentication is logged on the server, desktop comes across. Accordingly, in a saved rdp-file this shows as gatewayhostname:s:[myFQDN]:444.
What is not working externally are RemoteApps and RDWeb. Obviously, I have set the Deployment Properties RD Gateway to Custom Settings with the appropriate external FQDN (and, yes, the certs are good) but there is no option to set a the changed port number as the field does not allow this (same goes for the equivalent Powershell command). The downloaded rdp-files for the RemoteApps clearly show that the port for the RD Gateway is not picked up (gatewayhostname:s:[myFQDN] rather than the expected gatewayhostname:s:[myFQDN]:444). I guess that RDWeb uses the same rdp-files that the RemoteApps download (as can be found in the registry) so I assume that whatever solves the one will also solve the other.
Any ideas for a resolution? Or is this a bug/intentional restriction? It kind of beats the purpose of allowing a different port number if it is only fully working in a local network.
Thanks for your help.
