Solved

Connecting to Terminal Servers using RDP RD Gateway Settings

Posted on 2013-01-10
25
666 Views
Last Modified: 2013-01-11
RDP LogonTerminal Server/Role ServiceRDP RD Gateway Server
I have two Terminal Servers with Windows 2008 R2 OS with virtually same setup.
I can connect to TS3 by supplying RD Gateway Server Setting (remote.DomanName.com) like the screenshot above. However if I change the computer name to TS1, it does not connect.
It says "The creditials that were used to connect to TS1 did not work. Please enter new credentials".
Both TS1 and TS3 are the same except TS1 is a licensing server.
I can connect to TS1 if I simply supply IP address in the Computer Name field and not choose  RD Gateway Server Setting because I have a port forwarding setup: 3390 is forwarded to TS1.
But if possible, I like all Terminal Servers accessible using RD Gateway Server Settings and just enter Terminal Server Netbios Names.
Can you help?
0
Comment
Question by:sglee
  • 14
  • 11
25 Comments
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38764515
Do you have your own DNS Server running locally?

If so create an A record for each server

test by pinging the name you created

If you can ping by name then RDP will find by name
0
 

Author Comment

by:sglee
ID: 38764558
DNS ManagerPING TestI can ping TS1, TS2, TS3. They are all jointed  to DC1 which is Domain Controller.
FYI, TS1 (W2008), TS2 (W2012), TS3 (W2008). They are all joined to the SBS2011/DC.
0
 
LVL 23

Accepted Solution

by:
Thomas Grassi earned 265 total points
ID: 38766995
I found this article

http://windows.microsoft.com/en-US/windows7/Why-can-t-I-connect-using-Remote-Desktop-Connection

It only shows using FQDN check it out.

Once they make the first connection it will remember the settings so should not be a problem with which ever method you use to connect.
0
 

Author Comment

by:sglee
ID: 38767215
I tried 3rd option - which is most probable cause.
But it did not make a difference.
I have two other Terminal Servers that I did not have to do anything in GPEDIT and I don't have any problem connecting to those Terminal Servers.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38767253
what happens when you run nslookup ts1

Do this from server that is working
Do this from workstation also

Post results
0
 

Author Comment

by:sglee
ID: 38767306
From DC1(SBS2011):

C:\Users\DomainAdmin>nslookup ts1
Server:  UnKnown
Address:  fe80::cb5e:8a:1d18:bf9a

Name:    ts1.DomainName.local
Address:  192.168.1.7
--------------------------------------

From TS2:

PS C:\Users\Domainadmin> nslookup ts1
Server:  dc1.DomainName.local
Address:  192.168.1.5

Name:    ts1.DomainName.local
Address:  192.168.1.7
--------------------------------------
From TS3:
Server:  dc1.DomainName.local
Address:  192.168.1.5

Name:    ts1.DomainName.local
Address:  192.168.1.7
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38767328
Ok so the servers seem to have dns working ok.

What about the workstations?

TS1 TS2 TS3 are your terminal servers and DC1 is your domain controller right?
0
 

Author Comment

by:sglee
ID: 38767392
From Win7 Workstation:
C:\Users\maceykoadmin>nslookup ts1
Server:  dc1.DomainName.local
Address:  192.168.1.5

Name:    ts1.DomainName.local
Address:  192.168.1.7
-----------------------------------------------------
TS1 TS2 TS3 are your terminal servers and DC1 is your domain controller right?  ---> Yes.

TS is the first and active Terminal Server.  In the past users have been connecting to TS1 by entering TS1 in their Remote Desktop program. From their home, they would use IP address of the network in Remote Desktop program - I setup port forwarding 3389 - to TS1 Internal IP address (192.168.1.7).
As I added TS2 and TS3, then I learned that, instead of creating more port forwarding 3390 & 3391 to TS2 and TS3, I could just use the name of the computers like TS1, TS2 as long as I use RD Gateway settings (remote.DomainName.com) and install Remote Desktop Session Host and Remote Desktop Web Access roles on the Terminal Servers.

So now I can connect to TS2 and TS3 using RD Gateway settings, but I can't do the same on TS1.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38767423
OK then on TS1 you do have the roles Remote Desktop Session Host and Remote Desktop Web Access installed?
0
 

Author Comment

by:sglee
ID: 38767467
TS1 Role ServicesYes
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38767485
Can you take port forwarding off then maybe that is conflicting?
0
 

Author Comment

by:sglee
ID: 38767506
let me try. I need to get users who are connecting from outside off the TS first. I will post the result.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:sglee
ID: 38767540
Login Error MessagePort Forwarding DisabledAfter disabling Port Fowarding of 3389, I tried, but the same error.
It looks like it is trying to connect to TS1, but credentials are wrong?
The same credentials work on TS2 and TS3. Something is missing, I feel.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38767588
Ok what errors are in the event log for TS1 and the computer trying to connect.

Yes I agree something is missing trying to figure it out.
0
 

Author Comment

by:sglee
ID: 38767616
Event Viewer - SYSEventViewer - APPI was just checking that too ... I don't see any errors directly related to "Login activity" in APPLICATIONS. A bunch of Quickbook errors because that is what they use. In the APP event section, I see a warning (first line) comes up sporadically. But in the past 30 minutes, I tried to log in multiple times, but don't see any error or waning about rejecting login attempts.
SYSTEM is virtually clean from all errors or warnings.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38767672
This are windows 7 clients right?

Are they using the same credentials for mstsc as the logon to their computer with?
0
 

Author Comment

by:sglee
ID: 38767682
Correct. They all have Win7 OS on their computers.
Yes they are using the same username/password.
0
 

Author Comment

by:sglee
ID: 38767691
OK. Since internal users can connect to TS1 and users (when they go home) can connect to TS1 by IP address (port forwarding), we can say "Terminal Server Functionality" is there, right?
The only think that I can think of is RD Gateway functionality on TS1 that is different or not quite right compared to TS2 and TS3 even though installed roles are the same.

Is there a tool that we can use to test RD Gateway functionality on TS1 so that I can compare the result of that test against TS2 and TS3?
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38767709
Yes I would say your TS is working more than one way to skin a cat.

Here is what I found on the Gateway

http://technet.microsoft.com/en-us/library/dd996629(v=WS.10).aspx
0
 

Author Comment

by:sglee
ID: 38767730
do you know how to generate SSL certificate for the RD Gateway server?
I don't know where it is because I have never generated one.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38767744
This here are the steps required

http://technet.microsoft.com/en-us/library/dd983941(v=ws.10).aspx

Step 1
Step 2
Step 3

Take a look at them
0
 

Author Comment

by:sglee
ID: 38767760
This is getting too complicated ...
0
 

Author Comment

by:sglee
ID: 38767825
I got it. I don't know why but, to connect to TS1, I have to supply FQDN.
So instead of TS1, I entered  TS1.DomainName.local and it WORKED!!!
I don't understand why TS2 and TS3 worked w/o FQDN though.
I was able to connect to TS2 & 3 using FQDN as well.
Go figure!
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38767835
Yes FQN like I said in a prior post was the way to connect.

Yes it is very strange how FS2 & FS3 do not need FSQN

I would just make them do the same method

Glad I could have been help to you
0
 

Author Comment

by:sglee
ID: 38767854
Yes you are correct. I just saw "FQDN" in your post ID: 38766995.
I don't understand why I did not pay attention to your previous post. I think I just clicked the link without paying attention to your actual comments along with the link.

Thank you for staying with me.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

In this article, I'll explain how to setup a Plex Media Server (https://plex.tv/) on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
Let’s list some of the technologies that enable smooth teleworking. 
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now