?
Solved

Remote Desktop via RDWeb

Posted on 2011-10-12
5
Medium Priority
?
5,193 Views
Last Modified: 2012-05-12
Hi All,

I hope someone out there would be able to tell me where I'm going wrong.

We have :

•1 Windows 2008 AD/DNS/DHCP controller
•1 Windows 2003 DNS controller
•5 Windows 2003 Terminal Servers

Newly configured
1 Windows 2008 r2 server with the following services for remote access

•Remote Desktop Session Host
•Remote Desktop Connection Broker
•Remote Desktop Gateway
•Remote Desktop Web Access

With this we can RDP via the gateway server successfully and join any of the Terminal Servers.

Internally
We can access the RDWeb site https://domainname.com/rdweb
Login successfully
Select the Remote Desktop tab
Enter the DNS Terminal Server name
And vola!..

This does not work externally.
What have I missed out?

ALSO
In the meantime, I am also having problems getting the RDP application to work via the RemoteApp Programs tab.

I've been adding the /v:servername switch to the arguments area.  This displays the fact that it's accessin the Gateway server and not the terminal server.

Regards,

Michael
0
Comment
Question by:CaGeN
  • 4
5 Comments
 
LVL 1

Expert Comment

by:Jsierra1
ID: 36956750
So name resolution is working form the inside of your network, but when you attempt to access the same name from outside it fails correct? This would indicate you do not have a public DNS entry setup or setup correctly for this site or you do not have the firewall open to allow access.

Try these steps from the client machine that is external:
Ping domainname.com
Verify that the name resolves to the correct external IP address
If name resolution is working then try
Telnet domainname.com 443
You’re testing to see if the port is open from the outside
if both fails then try the public ip address and see if it is accessible.
0
 

Author Comment

by:CaGeN
ID: 36956958
Hi Jsierra1,

It sounds like you're referring to the Remote Desktop Connection application.
If I create an Remote Desktop Connection (a .rdp file) with the gateway details inserted.  This works fine externally so ports look fine for that service.

I am approaching this to enable our users to either :-
a. Use the icons I place onto the RemoteApp Programs area within RD Web Access
b. Use the Remote Desktop tab within RD Web Access to jump onto one of the internal terminal servers

0
 

Assisted Solution

by:CaGeN
CaGeN earned 0 total points
ID: 36958505
Hi Guys,

I also posted this issue on another site and got the following plausible response.

I had this issue myself and it affects you when attempting to use RDweb from outside the network bcause RDWeb generates the rdp files on the fly, but doesn't know about the RD Gateway server.

First, go into IIS Manager

drill down to Sites --> Default Web Site (or the name of yours) --> RDWeb --> Pages
Then Click 'Application Settngs'
Then for 'DefaultTSGateway' fill in the external DNS name of the RD Gateway server (i.e.: server.domain.com)
The name should match your certificate exactly (or) be a name in the SAN list if using a UC cert.

Second: if you have installed RemoteApp, open the RemoteApp snap-in and edit the 'RD Gateway Settings' with the same DNS name (same externally accessible name as above)

That should take care of your problem.

I've just got home to start testing and not yet made any port changes to our config.

Sorry this is long but I hope it will help someone else out there someday.

To help explain better, I am trying to achieve two things via the RD Web Access site we've setup.

All our Windows 2003 terminal servers are internal and not internet facing at all and have installed a UCC cert.

I want our users to be able to access these terminal servers

Via the gateway server using their local installed Remote Desktop Connection application
Via the RemoteApp Programs tab on the RD Web Access site. Here I have published pre-configured Remote Desktop .rdp files for each server.
Lastly - via the Remote Desktop tab on the RD Web Access site.

Via Gateway Server
This works fine. All users who already have pre-configured Remote Desktop Connections can access the internal terminal server via the Gateway server.

Via the RemoteApp Programs tab
The only change I have made here before leaving work tonight was to disable the NPS (Network Policy Server Service) . I couldn't help thinking why I installed this service in the first place and I have not selected the option to "Register server in Active Directory". This seems to work now but firstly brings up the login page on the gateway server. Once logged in it then opens the .rdp file created and pre-populated with the gateway settings. Then the user has to log in yet again. At this point the user now logs into the correct terminal server. Not ideal but would like to somehow perfect this a little more. Will welcome suggestions on improving this.

Via the Remote Desktop tab
After entering the internal DNS for the terminal server and clicking on connect, it then asks for the user to enter their login credentials. It's lists that this would be used to connect to the gateway server and the terminal server.

After entering the details and connecting I get the following Remote Desktop Connection error "You computer can't connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later..."

I have tried all of the above with and without the NPS service enabled but I think I'm one step closer after applying the suggestion first mentioned above.


0
 

Accepted Solution

by:
CaGeN earned 0 total points
ID: 36962269

Thanks to Thomas (on another site) who provided this which resolved my issue.

First, go into IIS Manager

drill down to Sites --> Default Web Site (or the name of yours) --> RDWeb --> Pages
Then Click 'Application Settngs'
Then for 'DefaultTSGateway' fill in the external DNS name of the RD Gateway server (i.e.: server.domain.com)
The name should match your certificate exactly (or) be a name in the SAN list if using a UC cert.

Second: if you have installed RemoteApp, open the RemoteApp snap-in and edit the 'RD Gateway Settings' with the same DNS name (same externally accessible name as above)

That should take care of your problem.

Then you will want to apply the various fixes for SSO. the major one being here: http://support.microsoft.com/kb/977507/en-US that will help resolve the double-credential prompt (note: you need to do the let me fix it myself section and edit the renderscripts.js file.)

One last thing, use Startssl.com to get free 1 yr certificates to take care of the need to manually import your internal root cert into your trusted store of non-domain machines.
0
 

Author Closing Comment

by:CaGeN
ID: 36984578
The SSO suggested link also worked a treat.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question