You want to use Citrix ADC as RDS Gateway with an RDS Broker for your RDS Farm? In this article I will show you how to configure this. As a basis for this article you should read the following article if possible:
In this article, you will learn how to set up the Citrix ADC for use as a proxy for Remote Desktop Services. This configuration is also a prerequisite for connecting to the Remote Desktop Services Farm. The article already explains how you as a user can connect RDP to any desktop via the Citrix ADC.
But here I would like to explain how you can provide desktops and apps to users from a Remote Desktop Services Farm. We want to use groups to control the assignment of desktops and apps. As a prerequisite for the entire configuration, the farm should already be set up for Remote Desktop Services. This includes the Remote Desktop Connection Brokers And also the session hosts. Internal connections should all work. If you need more information about this, you can read the individual instructions here:
https://docs.microsoft.comwindows-server/remote/remote-desktop-services/welcome-to-rds
- Configuration on RDS Session Hosts
- Citrix ADC as RDS Gateway Configuration
- Create a RDP Server Profile on the Citrix ADC
- Enable the RDP Server Profile on the Citrix vServer
- Create a RDP Client Profile that fits to the Server Profile
- Bind your RDP Client Profile to the Session Policy
- Create the Deskop Bookmark and assign it to a Group of Users
- Create a Bookmark to publish an application on the Portal
- Assign the bookmark to a user group
- Test your Citrix ADC RDS Gateway configuration
Configuration on RDS Session Hosts
Before we can start with the configuration of the Citrix ADC, we must make a little bit of configuration on the Session Hosts. Yes, the Session Hosts, not the Broker or somewhere else. I know what I am talking about 😉
The following setting is best set via GPO on the RDS session hosts. The setting must be made, otherwise the connection via the RDS Connection Broker will not work later when the user comes via the Citrix ADC Gateway. The same setting also causes Connection Broker Load balancing via Citrix ADC to reconnect the correct session even if a disconnect has occurred.
You can find the Setting under:
Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker
Then let’s go to the Citrix ADC and continue configuring there.
Citrix ADC as RDS Gateway Configuration
Create a RDP Server Profile on the Citrix ADC
To make our connections available from the Internet via port 3389 in the future, we first have to create a server profile. Here we connect to the Citrix ADC and navigate to the following sub-item of the configuration:
Configuration / Citrix Gateway / Policies / RDP Profiles and Connections / Server Profiles
Here we create a new server profile
Within the Server Profile we type in Pre Shared Key and we activate the RDP redirection.
Enable the RDP Server Profile on the Citrix vServer
The just created RDP server profile is now bound to our Citrix Unified Gateway vServer. This activates listening on port 3389 on the VIP of the Gateway vServer. Of course, the NAT on the firewall should be adjusted accordingly and the connection should be allowed from outside.
The RDP server profile is entered directly on the server. You can do this in the advanced basic settings of the vServer.
Important: “ICA only” must also be deactivated for the configuration.
Create a RDP Client Profile that fits to the Server Profile
Now we create an RDP client profile that matches the corresponding RDP server profile. It is important that I enter the Pre Shared Key I used above. The profile will be created under the following menu item in the configuration:
Configuration / Citrix Gateway / Policies / RDP Profiles and Connections / Client Profiles
Here we now create the Client Profile. In the Client Profile we can define settings, which should be used for the later session. For example, Clipboard, Devices or Printer settings. These Policy settings are mandatory for all sessions, which are created over the Citrix ADC as RDS Gateway and the RDS Broker.
My Clientprofile is looking like that. Please make sure that you enter the settings according to your requirements. As RDP Host you should type in your external FQDN, on which your Port 3389 (Citrix ADC VIP + vServer) is running.
Bind your RDP Client Profile to the Session Policy
The next task I have to do is to bind the RDP Client Profile to the Session Policy of the Citrix Unified Gateway vServer. To do this I edit the vserver.
There I select the session policy and edit the corresponding profile.
In the tab Remote Desktop I enter the created RDP client profile.
When we have done that, we can now start creating the bookmarks. In the case of bookmarks, these are the applications and website shortcuts that users will later see via the portal of the unified gateway.
Create the Deskop Bookmark and assign it to a Group of Users
I do not want every user to see the desktop of the RDS farm. Therefore, I first create the bookmark and way to assign it to a user group afterwards.
The Bookmarks can be created under the following configuration menu item:
Configuration / Citrix Gateway / Ressources / Bookmarks
It is important that the point “Use Citrix Gateway as a Reverse Proxy” is activated. for a Desktop you have only to enter the following Bookmark URL. The hostname you have to enter is any RDS Session host. If it receives the session request, it will redirect it to the RDS Connection Broker and the session is assigned to the Session Host with the least load.
If you want, you can also use a custom icon for your Desktop or Application.
Create a Bookmark to publish an application on the Portal
If you want to publish an application which is presented over the RDS Farm, you must use a more complex bookmark URL. But do not worry, it’s easy to find out. The easiest way is to open the application over the internal RDWeb and open your connection file in an editor. Then all you must do is put the following information together in order, chained with an “&” in between. Look on this example. In this example I have entered the finished bookmark URL below. We then enter this URL into our Citrix ADC bookmark.
The finished URL for a Seamless Application therefore looks as follows (all should in one line):
rdp://fqdn.lab.local?alternate shell:s:||APPNAME&remoteapplicationprogram:s:||APPNAME&remoteapplicationname:s:APPNAME&remoteapplicationcmdline:s:&remoteapplicationmode:i:1Now we have created the desired bookmarks. Here you can create as many as you like. Now we want to assign them to the corresponding users.
Assign the bookmark to a user group
Since our users are already eagerly waiting for the app or the desktop, we now assign them. To do that, go to the following menu item:
Configuration / Citrix Gateway / User Administration / AAA Groups
Here I create a new AAA Group.
To assign a Bookmark (in our case the App or Desktop) you have to edit the AAA Group and bind a Bookmark to it.
That was ist.
Test your Citrix ADC RDS Gateway configuration
Now that we have configured everything, we can now test the assigned applications. For this I log on to the Citrix Unified Gateway and if everything works correctly, I get my applications displayed.
I hope the article has brought you further to configure Citrix ADC as RDS Gateway and hope it can help some in the community. If you have any questions, feel free to contact me. Check also my other Posts about Citrix ADC
Hi Thomas
I’d already followed all the steps bar the RDS Disable IP Address Redirection but with that added it still wasn’t working. Not sure if its down to the Ver of the ADC its 12.1.X.
When I queried with CTS they said using Connection Broker was a feature being worked on works fine with direct server mappings