Just looking for some confirmation as I can find no evidence online (which leads me to beleive that I'm misunderstadning what I should expect.
Running a small PoC for RDS. Currently, I have 1 Session server, 1 Broker, 1 web access server and a RD Gateway in my DMZ (joined to the domain but only has enough ports open to the DCs to get its job done). Everything works, landing page for the web access server customised, etc and I can log in and access my published apps. SSO also working.
I was expecting, when I started setting up the gateway, that what I would see when I punched in the external URL was what I see when I land on the web access server internally (essentially a login page). Having configured the external access on the FW and opened the required ports as well as setting up a valid external cert on the gateway (Lets Encrypt - all other RDS servers in chain have certs issued by my internal CA), I can get to my Gateway server from outside but I just land on the default IIS page. The /rdweb throws a 404 as expected because there is no site named /rdweb on the Gateway server.
The only sites that seem to be published under the Default website on the RDS Gateway are Rpc and RpcwithCert. Internally, I can hit my web access server directly and get all my apps as expected both through the browser and RemoteApps tool. The internal
rules in my FW allow the RDS Gateway Server in the DMZ to the LAN only to the DCs for LDAP, etc and 3389 to only the Broker server because that’s all it should need.
From outside my LAN, I can use the RDP client in Windows to add my publically accessible RD Gateway and connect to my servers in the LAN over RDP to the desktop by adding the RD Gateway address into the Gateway section of the RDP client. What I am really looking
to do however, is to get the published apps made available through Windows RemoteApp externally. This isn't working as when I enter https://rds.mydomain.com:4443 in RemoteApp, I get nothing back unlike what I get if I pointed it at: https://rds_web_access_server/rdweb/feed/webfeed.aspx
when on my internal LAN.
I thought this was the point of the RD Gateway, to allow exactly this? So am I'm missing some part of the puzzle? I just can't find any solutions online.