RDS Gateway

Configure remote desktop client to use the University Gateway 

 

IT Support Note: Any firewalls between rds-gateway.oit.duke.edu and the endpoint must permit TCP port 3389. For any windows managed machines, this is likely already in place, but secure VRFs and local workstations may need configured to allow access. For windows workstations, enabling remote desktop automatically adds the necessary firewall rules to the local firewall.   
 
The gateway has been configured to use DUO for MFA.  You will only be able to connect to the gateway if you have a DUO enabled account that has either a push or a phone option activated.  There is no interface to enter a yubikey or passcode. 

 

You do not need to use the Cisco AnyConnect VPN to remote access your computer

 

Connect on Windows

To connect using windows remote desktop: 

 
1) Open Remote Desktop Connection

2) In the Remote Desktop Connection client, enter the Computer name as <yourcomputername>.win.duke.edu.  Make sure to use the fully qualified domain name. 
 

 

3) Click on Show Options and choose the Advanced Tab and Click on the Settings button 
 
 

4) Choose the Use these RD Gateway server settings radio button 
 
5) Enter the following information: 

Server name: rds-gateway.oit.duke.edu

Logon Method: 
Choose: Ask for password 
 
Uncheck the Bypass RD Gateway server for local addresses check box should not be checked.   
 
 

 
For Logon settings :  

 

  1. If you are logging onto the gateway and the endpoint with the same user:  

A.1) Check Use my RD Gateway credentials for the remote computer and click OK 
 

 

A.2) Click the Connect button 
You will be prompted once for a user account and password to authenticate. 
 

 
A.3) Enter the following information: 

Username: WIN\netID 

Password 

Enter the password and click OK.  

Note: This must be a DUO enabled account that allows push or phone calls. 

You will immediately be prompted with either a DUO push to your phone, or if push is not enabled then DUO will call.   If there is not a push or phone number available for DUO, the account cannot authenticate to the gateway.   
 
Once the DUO prompt has been approved, then you will be presented with a remote desktop connection.  If the endpoint is configured to use duo for remote desktop, then it will prompt you for a duo response before finishing the logon.  Otherwise, it will load the desktop. 
 
 

  1. If you are logging into the gateway and the endpoint with different accounts:  

B.1) Uncheck the Use my RD Gateway credentials for the remote computer and click OK


 
B.2) Click the Connect button 
You will be prompted once for a user account and password to authenticate. 
 

 

B.3) Enter the following information: 

Username 
Add the user account you use to access the remote gateway. This must be a DUO enabled account that allows push or phone calls.  Use the formats: WIN\netID 
Password 
Enter the password and click OK.   

You will immediately be prompted with either a DUO push to your phone, or if push is not enabled then DUO will call.   If there is not a push or phone number available for DUO, the account cannot authenticate to the gateway.   


 
B.4) Once the DUO prompt has been approved, you will get a second authentication prompt for the endpoint machine. 
 

 
B.5) Enter the following information: 

Username 
Add the user account you use to access the remote PC.  You should not have to specify the domain unless you are logging in with a local account. 
Password 
Enter the password and click OK.   

 
After the second authentication, you will be presented with a remote desktop connection.  If the endpoint is configured to use duo for remote desktop, then it will prompt you for a duo response before finishing the logon.  Otherwise it will load the desktop. 

 
WARNING:   The remote desktop gateway settings can be somewhat sticky.   
If you successfully connect using the gateway once, and then later wish to connect to a remote desktop session WITHOUT the gateway: 

Go into Options -> Advanced tab -> Settings and select the Automatically detect RD Gateway server settings radio button 


 

 

Connecting on a Mac 

To connect a mac to a windows remote desktop endpoint: 
 
1) Download the Microsoft Remote Desktop client from the Mac App Store
 
2) In the Connection Center, Add Desktop. If you already have desktops setup, click on the + and choose Add PC 
 

 
3) Enter the following information: 

PC name: i.e testcomputer.win.duke.edu
The fully qualified domain name of the computer 
User Account: 
Add the user account you use to access the remote PC. For Active Directory (AD) joined computers or local accounts, use one of these formats: WIN\netID, or netID@win.duke.edu 

Enter a Friendly name (Optional)  i.e testcomputer

 

4) Click on the Gateway pulldown and choose Add New 

5) Enter the following information:  

Server name 
Enter rds-gateway.oit.duke.edu  

User name  
This must be a DUO enabled account with either push or phone enabled. The gateway requires MFA and only allows those two verification options.  Make sure to either use win\netid or netid@win.duke.edu 
 
You can also select Use PC User Account to use the same user name and password as those used for the remote desktop connection. 
 

5) Click Add 

6) Make sure the new gateway is selected and Uncheck Bypass for local connections
 

7) Click Save

8) From the main Microsoft Remote Desktop 10 window, double click on the Friendly name you just created, and a window will open showing Connecting ... (it may take several moments to connect) 

 

 

 

Article Number: KB0032645