Solved

RDS: Not able to connect via WebAccess from outside world

Posted on 2010-09-09
5
1,622 Views
Last Modified: 2013-11-21
We are running Windows Server 2008 R2 Remote Desktop Services. We have configured it to use Virtual Desktop Pools. The user accesses the webesite via WebAccess, an clicks on the RemoteApp icon called Virtual Desktop Pools.

When doing this from the LAN, everything works fine. We do receive a security warning shown below, but other than that everything works fine.

"A website wants to run a RemoteApp program. Make sure that you trust the publisher before you connect to run the proram."

Publisher: SalesCloud.domain.com
Type: Remote Desktop Connection
Remote Computer: SaleCloud.domain.local

Here is where the problem is -- I THINK.

When it connects it tries to search for SalesCloud.domain.local -- which is fine when you are on the LAN.

However, when you are outside the LAN, it gives you an error message that it cannot find that server because its not on the same network as you are. See the error message below.

"Remote Desktop can't find the computer "SalesCloud.domain.local". This might mean that "SalesCloud.domain.local does not belong to the specified network. Verify the computer name and domain you are trying to connect to."

I looked all over the place, and don't see where I can change SalesCloud.domain.local to SalesCloud.domain.com.

FYI: Our other RDS server is working just fine, and the remote computer matches the publisher as ServerName.Domain.Com.
0
Comment
Question by:InfoTechEE
  • 3
5 Comments
 
LVL 7

Expert Comment

by:oztrodamus
ID: 33643085
It sounds like your RDS WebAccess gateway is not setup to use 3rd party SSL certificates. That means every remote PC needs to have an entry in it's Host file to resolve salescloud.domain.local to the external interface the SSL certificate is bound to. Obviously, this is not ideal.
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 500 total points
ID: 33646468
Keep in mind RDS Web Access is not RDP over HTTPS. The fact you are coming from a browser using port TCP 80/443 is important as from outside you would also need port TCP 3389 open.
Usually from the outside you also deploy RDS Gateway so you get true RDP over HTTPS and in this case the gateway machine is the one that goes on the RDP port to the desktop pool internally.
This should be the way to do this to work properly.

Cláudio Rodrigues
Microsoft MVP - Remote Desktop Services
Citrix CTP
0
 

Author Comment

by:InfoTechEE
ID: 33647376
Please see the attached image. It says bcr.local. I think that's where the problem is. Our other RDS server shows domain.com which is an accessable connection from the outside world.
Our other RDS server (granted its not VDI -- simply RDS), shows domain.com instead of bcr.local and its working just fine.
 
0
 

Author Comment

by:InfoTechEE
ID: 33647384
Publisher and Remote Computer
ex.JPG
0
 

Author Closing Comment

by:InfoTechEE
ID: 34013005
Called MS for support.

There are 2 ways to go about this. If we had domain.com installed everything would be working fine, because our internal and external domain names would be the same.

But since we have domain.local installed, without going through heavy DNS changes internally, this way would not work.

MS advised to install RDS Gateway instead. Worked out great.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Why should I virtualize?  It’s a question that’s asked often enough.  My response is usually “Why SHOULDN’T you virtualize?”
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now