Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

RDS 2012 external clients can authenticate and access Webapp but cannot lunch published applications.

Posted on 2013-01-10
8
Medium Priority
?
2,330 Views
Last Modified: 2013-05-31
Hi,

I have the following servers running Windows Server 2012.
RDSH1 = Remote Desktop Session Host 1
RDSH2 = Remote Desktop Session Host 2
RDLIC = Remote Desktop Licensing
RDWAG = Remote Desktop Web Access Gateway
RDCB = Remote Desktop Connection Broker

RDWAG has two IP address
Eth0 = External
Eth1 = Internal

External IP address firewall has port 443 Internal and External traffic open to the world and is a public IP.

On my internal network all clients can connect to the web app and utilize published applications along with VDI pools. Internally everything looks to be working perfect.

The issue is external clients.
External clients are able to connect to the web app and authenticate with no issue. Here comes the butt, after clicking on a published application the user has to reenter their credentials, to launch the application. Even though the credentials are entered correctly the remote desktop program acts like the credentials are incorrect. This does not prompt in error, or create a log in the event file. It instantaneously refreshes the prompt asking to login.

I think this could have something to do with it, but im not sure.
My external domain name is different from my internal domain name.

ie,
External = WA.Milk.com
Internal = WAS.Home.local
-
SSL Name = WA.Milk.com  

Other issue, We have a valid SSL Cert from CheapSSL. The SSL Cert imported correctly with no errors. The web app come up with a green lock. checking the Best Practice Analyzer (BPA), we get the following evert. ( The RD Gateway server must be configured to use a valid SSL certificate ) after following the steps from http://technet.microsoft.com/en-us/library/dd320340(v=ws.10).aspx we still receive this error.

I can give more information if needed.

Thank you all for the help.
0
Comment
Question by:TRTurner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38766018
Do you enter the username as follows : domain\username
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38766876
Yes in different formats.

1) username@home.local
2) home\username
3) home.local\username

Still no luck
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38767145
I don't think it's the internal and external names being different, I have a testlab with the same setup.

Can you try and let a user connect to the remote app using the windows remote app manager instead of the Webinterface?
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 6

Author Comment

by:TRTurner
ID: 38767240
I can connect using the Windows remote app manager and the icons show up under programs in the start menu. But when I try to access an app it ask to enter your credentials. then instantaneously refreshes the prompt asking to login, just like in the webfeed.

@Setasoujiro,
When you connect to your RDSH do you still get an SSL cert doesn't mach the computer.
ie. SSL cert for WA.Milk.com does not mach RDSH1.home.local
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38767257
Can you try and install the untrusted cert as trusted for the remote computer (rds host)
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38767400
No luck
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38767604
Sorry,

Internal = RDWAG.Home.local not Was.home.local
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 2000 total points
ID: 38768881
What you need to do is this:

1)  Make sure that the SSL, along with it's Root and Intermediate Certs are all installed on the server as well as the client computers trying to access the Web Gateway or Remote Apps.
2)  Make sure you've imported the correct SSL into the Gateway through RD Gateway Manager.

Let me know the results.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question