Solved

RDS 2012 external clients can authenticate and access Webapp but cannot lunch published applications.

Posted on 2013-01-10
8
2,295 Views
Last Modified: 2013-05-31
Hi,

I have the following servers running Windows Server 2012.
RDSH1 = Remote Desktop Session Host 1
RDSH2 = Remote Desktop Session Host 2
RDLIC = Remote Desktop Licensing
RDWAG = Remote Desktop Web Access Gateway
RDCB = Remote Desktop Connection Broker

RDWAG has two IP address
Eth0 = External
Eth1 = Internal

External IP address firewall has port 443 Internal and External traffic open to the world and is a public IP.

On my internal network all clients can connect to the web app and utilize published applications along with VDI pools. Internally everything looks to be working perfect.

The issue is external clients.
External clients are able to connect to the web app and authenticate with no issue. Here comes the butt, after clicking on a published application the user has to reenter their credentials, to launch the application. Even though the credentials are entered correctly the remote desktop program acts like the credentials are incorrect. This does not prompt in error, or create a log in the event file. It instantaneously refreshes the prompt asking to login.

I think this could have something to do with it, but im not sure.
My external domain name is different from my internal domain name.

ie,
External = WA.Milk.com
Internal = WAS.Home.local
-
SSL Name = WA.Milk.com  

Other issue, We have a valid SSL Cert from CheapSSL. The SSL Cert imported correctly with no errors. The web app come up with a green lock. checking the Best Practice Analyzer (BPA), we get the following evert. ( The RD Gateway server must be configured to use a valid SSL certificate ) after following the steps from http://technet.microsoft.com/en-us/library/dd320340(v=ws.10).aspx we still receive this error.

I can give more information if needed.

Thank you all for the help.
0
Comment
Question by:TRTurner
  • 4
  • 3
8 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38766018
Do you enter the username as follows : domain\username
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38766876
Yes in different formats.

1) username@home.local
2) home\username
3) home.local\username

Still no luck
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38767145
I don't think it's the internal and external names being different, I have a testlab with the same setup.

Can you try and let a user connect to the remote app using the windows remote app manager instead of the Webinterface?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 6

Author Comment

by:TRTurner
ID: 38767240
I can connect using the Windows remote app manager and the icons show up under programs in the start menu. But when I try to access an app it ask to enter your credentials. then instantaneously refreshes the prompt asking to login, just like in the webfeed.

@Setasoujiro,
When you connect to your RDSH do you still get an SSL cert doesn't mach the computer.
ie. SSL cert for WA.Milk.com does not mach RDSH1.home.local
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38767257
Can you try and install the untrusted cert as trusted for the remote computer (rds host)
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38767400
No luck
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38767604
Sorry,

Internal = RDWAG.Home.local not Was.home.local
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 500 total points
ID: 38768881
What you need to do is this:

1)  Make sure that the SSL, along with it's Root and Intermediate Certs are all installed on the server as well as the client computers trying to access the Web Gateway or Remote Apps.
2)  Make sure you've imported the correct SSL into the Gateway through RD Gateway Manager.

Let me know the results.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question