Disable RDP Forwarding and Still Allow RDP / RemoteApp : TSplus Helpdesk

By default, TSplus Remote Access listens to the RDP protocol on the web ports defined on the AdmiinTool > Home screen. If you do not want to expose any ports listening to the RDP protocol to the public internet, you can block the RDP port using a firewall and disable RDP forwarding to the web ports. However, your RDP/RemoteApp clients must be configured to use our Remote Desktop Gateway (RDG) feature to tunnel the RDP traffic over an HTTPS tunnel, including our .connect file and RemoteApp on the web. Just so you know, if you have a TSplus Remote Access farm, the RDG will only work for farms that have our farm's reverse-proxy feature enabled. Also, TLSv1.2 must be enabled on the AdminTool > Web > HTTPS screen.

Additional information on configuring Remote Desktop Gateway for MSTSC:

https://support.tsplus.net/a/solutions/articles/44001910887?lang=en

Instructions

1. If RemoteApp via the web portal is used, change the variable var remoteapp2_useasrdg = 'off'; to remoteapp2_useasrdg = 'on'; in the C:\Program Files (x86)\TSplus\Clients\www\software\remoteapp2.js file. If you have a TSPlus Remote Access farm, this setting is only required on the gateway server.

2. If .connect files are used, regenerate them for all of your users, ensuring that the setting "Use the targeted server as a Remote Desktop Gateway (RDG) to encrypt data transfer" is selected in the Security tab when generating the .connect file.

3. Your TSplus Remote Access server must have a DNS record pointing to it and must have a valid SSL certificate for that DNS domain name bound to Terminal Services on the Windows computer where TSplus Remote Access is installed. This is automatically done for you when importing an SSL certificate in our AdminTool > Web > HTTPS screen. Suppose you have a TSpLus Remote Access farm. In that case, all of the application servers in the farm must have the same SSL certificate bound to Terminal Services on the gateway bound to Terminal Services on the application server.

4. Edit the C:\Program Files (x86)\TSplus\Clients\webserver\settings.bin file to include the following lines and reboot the web server using the AdminTool > Home screen for it to go into effect. If you have a TSplus Remote Access farm, do the same on all your application servers.

disable_rdp=true

avoid_disable_rule_of_local_rdp_on_rdg=true

Disable RDP Forwarding and Still Allow RDP / RemoteApp Print

Related Articles