Improve company productivity with a Business Account.Sign Up

x
?
Solved

RDS 2012 external clients can authenticate and access Webapp but cannot lunch published applications.

Posted on 2013-01-10
8
Medium Priority
?
2,354 Views
Last Modified: 2013-05-31
Hi,

I have the following servers running Windows Server 2012.
RDSH1 = Remote Desktop Session Host 1
RDSH2 = Remote Desktop Session Host 2
RDLIC = Remote Desktop Licensing
RDWAG = Remote Desktop Web Access Gateway
RDCB = Remote Desktop Connection Broker

RDWAG has two IP address
Eth0 = External
Eth1 = Internal

External IP address firewall has port 443 Internal and External traffic open to the world and is a public IP.

On my internal network all clients can connect to the web app and utilize published applications along with VDI pools. Internally everything looks to be working perfect.

The issue is external clients.
External clients are able to connect to the web app and authenticate with no issue. Here comes the butt, after clicking on a published application the user has to reenter their credentials, to launch the application. Even though the credentials are entered correctly the remote desktop program acts like the credentials are incorrect. This does not prompt in error, or create a log in the event file. It instantaneously refreshes the prompt asking to login.

I think this could have something to do with it, but im not sure.
My external domain name is different from my internal domain name.

ie,
External = WA.Milk.com
Internal = WAS.Home.local
-
SSL Name = WA.Milk.com  

Other issue, We have a valid SSL Cert from CheapSSL. The SSL Cert imported correctly with no errors. The web app come up with a green lock. checking the Best Practice Analyzer (BPA), we get the following evert. ( The RD Gateway server must be configured to use a valid SSL certificate ) after following the steps from http://technet.microsoft.com/en-us/library/dd320340(v=ws.10).aspx we still receive this error.

I can give more information if needed.

Thank you all for the help.
0
Comment
Question by:TRTurner
  • 4
  • 3
8 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38766018
Do you enter the username as follows : domain\username
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38766876
Yes in different formats.

1) username@home.local
2) home\username
3) home.local\username

Still no luck
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38767145
I don't think it's the internal and external names being different, I have a testlab with the same setup.

Can you try and let a user connect to the remote app using the windows remote app manager instead of the Webinterface?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 6

Author Comment

by:TRTurner
ID: 38767240
I can connect using the Windows remote app manager and the icons show up under programs in the start menu. But when I try to access an app it ask to enter your credentials. then instantaneously refreshes the prompt asking to login, just like in the webfeed.

@Setasoujiro,
When you connect to your RDSH do you still get an SSL cert doesn't mach the computer.
ie. SSL cert for WA.Milk.com does not mach RDSH1.home.local
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38767257
Can you try and install the untrusted cert as trusted for the remote computer (rds host)
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38767400
No luck
0
 
LVL 6

Author Comment

by:TRTurner
ID: 38767604
Sorry,

Internal = RDWAG.Home.local not Was.home.local
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 2000 total points
ID: 38768881
What you need to do is this:

1)  Make sure that the SSL, along with it's Root and Intermediate Certs are all installed on the server as well as the client computers trying to access the Web Gateway or Remote Apps.
2)  Make sure you've imported the correct SSL into the Gateway through RD Gateway Manager.

Let me know the results.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

605 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question