Solved

RDS 2012 external clients can authenticate and access Webapp but cannot lunch published applications.

Posted on 2013-01-10
8
2,281 Views
Last Modified: 2013-05-31
Hi,

I have the following servers running Windows Server 2012.
RDSH1 = Remote Desktop Session Host 1
RDSH2 = Remote Desktop Session Host 2
RDLIC = Remote Desktop Licensing
RDWAG = Remote Desktop Web Access Gateway
RDCB = Remote Desktop Connection Broker

RDWAG has two IP address
Eth0 = External
Eth1 = Internal

External IP address firewall has port 443 Internal and External traffic open to the world and is a public IP.

On my internal network all clients can connect to the web app and utilize published applications along with VDI pools. Internally everything looks to be working perfect.

The issue is external clients.
External clients are able to connect to the web app and authenticate with no issue. Here comes the butt, after clicking on a published application the user has to reenter their credentials, to launch the application. Even though the credentials are entered correctly the remote desktop program acts like the credentials are incorrect. This does not prompt in error, or create a log in the event file. It instantaneously refreshes the prompt asking to login.

I think this could have something to do with it, but im not sure.
My external domain name is different from my internal domain name.

ie,
External = WA.Milk.com
Internal = WAS.Home.local
-
SSL Name = WA.Milk.com  

Other issue, We have a valid SSL Cert from CheapSSL. The SSL Cert imported correctly with no errors. The web app come up with a green lock. checking the Best Practice Analyzer (BPA), we get the following evert. ( The RD Gateway server must be configured to use a valid SSL certificate ) after following the steps from http://technet.microsoft.com/en-us/library/dd320340(v=ws.10).aspx we still receive this error.

I can give more information if needed.

Thank you all for the help.
0
Comment
Question by:TRTurner
  • 4
  • 3
8 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38766018
Do you enter the username as follows : domain\username
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38766876
Yes in different formats.

1) username@home.local
2) home\username
3) home.local\username

Still no luck
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38767145
I don't think it's the internal and external names being different, I have a testlab with the same setup.

Can you try and let a user connect to the remote app using the windows remote app manager instead of the Webinterface?
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38767240
I can connect using the Windows remote app manager and the icons show up under programs in the start menu. But when I try to access an app it ask to enter your credentials. then instantaneously refreshes the prompt asking to login, just like in the webfeed.

@Setasoujiro,
When you connect to your RDSH do you still get an SSL cert doesn't mach the computer.
ie. SSL cert for WA.Milk.com does not mach RDSH1.home.local
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 14

Expert Comment

by:setasoujiro
ID: 38767257
Can you try and install the untrusted cert as trusted for the remote computer (rds host)
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38767400
No luck
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38767604
Sorry,

Internal = RDWAG.Home.local not Was.home.local
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 500 total points
ID: 38768881
What you need to do is this:

1)  Make sure that the SSL, along with it's Root and Intermediate Certs are all installed on the server as well as the client computers trying to access the Web Gateway or Remote Apps.
2)  Make sure you've imported the correct SSL into the Gateway through RD Gateway Manager.

Let me know the results.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now