Workaround to connect to a TFS Lab Environment from outside a TMG firewall

Whist on the road I have had need to access our Lab Management system via our TMG firewall through which we expose our TFS 2010 for remote users (via SSL). When I load Microsoft Tests Manager (MTM) I can connect to the TFS server, as expected, and go into ‘Lab Center’ mode. I can see my project’s environment and can start, stop and deploy them without issue (all communication routed via our TFS server). However the MTM environment viewer fails to make a connection to the test VMs in the environments.


MTM environment viewer can connect to an environment in two ways:

  • Host connection – via the Hyper-V management protocols
  • Guest connection – via a RDP session to the VM’s operating system

From outside our firewall a host connection is not an option as the required ports are not open. So my only option was a guest connection. However, our TMG firewall is set to provide a  RD gateway, effectively a proxy for RDP sessions. You have to configure RDP to use this, and have to authenticate with this gateway prior to authenticating with the actual target remote machine.


The problem is MTM does not support the use of TMG RD Gateways.

However there is a solution. If I right click on the VM in MTM Environment Viewer you can launch a standard remote desktop session.


If you do this you will be prompted to authenticate correctly.Firstly with your domain account to authenticate with the TMG RD gateway, then for other credentials to the test VM.

So a reasonable workaround, if a VPN or TMG Direct Access is not on option for you.