Forefront Unified Access Gateway (UAG) integrates with Remote Desktop Gateway (RD Gateway) to enable client endpoints to connect to Remote Desktop Services (RDS) servers and applications, published via a Forefront UAG portal. Forefront UAG can publish RDS deployments even if RDS servers are configured to use an existing RD Gateway, because Forefront UAG handles the RDP metadata before sending it to the requesting endpoint.

The following topics describe how to publish RemoteApps and Desktop Connections via Forefront UAG:

When publishing RemoteApps and Desktop Connections, the server certificate presented to the end user by the Forefront UAG site must be valid. If the certificate has expired or is not trusted by the endpoint, a connection cannot be established.

The following section describes how to establish client trust for RemoteApps and Remote Desktops.

Establishing client trust for RemoteApps and Remote Desktops

When you use Forefront UAG to publish RemoteApps and Remote Desktops, Forefront UAG signs these applications with the same certificate that is used for the portal. By default, RDC clients do not trust signed applications unless they were configured to trust the certificate for use with RDS. Note that it is insufficient for the certificate to be chained to a certification authority (CA) that is included in the Trusted Root Certification Authorities store.

To prevent end users from being presented with a warning when they connect to RemoteApps and Remote Desktops, you must make sure that RDC clients are configured to trust the portal certificate. For information, see About Digitally Signing RemoteApp Programs.

Additionally you should make sure that the certificate for the RD Gateway is correct on the Forefront UAG server.

  1. On the Forefront UAG server, click Start, click Administrative Tools, click Remote Desktop Services, and then click Remote Desktop Gateway Manager.

  2. In the RD Gateway Manager console, click the name of the Forefront UAG server, and then in the Actions pane click Properties.

  3. On the Properties dialog box, click the SSL Certificate tab, and make sure that the certificate in use is for Default Web Site.