?
Solved

External users cannot connect to RDS Farm (Azure).

Posted on 2014-01-25
5
Medium Priority
?
1,005 Views
Last Modified: 2014-11-12
Hi Experts,

I hope someone is able to help me with this. I have search high and low, but have not found a solution.

Here we go:

I have setup a RDS Farm in Microsoft Azure, consisting of the following servers:

KRPDC01 (Domain Controler / Active Directory / DNS Server)
KRPSH01 (Remote Session Host #1)
KRPSH02 (Remote Session Host #2)
KRPCB01 (Connection Broker)

All servers are Windows 2012 R2 Datacenter

I have installed the respective Remote session roles on the above server and added my group of users to the "Remote Desktop Users" group on each Session Host server.  

At first glance it seems to work. I seem to be able to connect to the farm with the first user. But most of the times, when a second users tries to connect to the same farm, then login hangs for a time, and the connection is refused with this message:

"Remote Desktop cannot connect to the remote computer for one of the following reasons:

1) Remote Access to the server is not enabled
2) The Remote Computer is turned off
3) The Remote Computer is not available on the network

Make sure that the remote computer is turned on and connected to the network, and that remote access is enabled."



Sometimes not even the first user can connect to the farm at all with the same error message.


I have looked into the logs on the connection broker, and something interesting shows up.

It seems that whenever the connection broker wants to redirect a users connection request to a different server than the one that recieved the connection request, then the connection fails. If however the connection broker grants the connection to the same server as the request is comming from, then the user is logged in.

Here are the log entries when the connection fails:


"RD Connection Broker received connection request for user xxx\testuser.
Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.KRPCLOUD
Initial Application = NULL
Call came from Redirector Server = KRPSH01.xxx.net
Redirector is configured as Farm member"


Followed by:

"RD Connection Broker successfully processed the connection request for user xxx\testuser. Redirection info:
Target Name = KRPSH02
Target IP Address = 10.4.3.7
Target Netbios = KRPSH02
Target FQDN = KRPSH02.xxx.net
Disconnected Session Found = 0x0"


The a few minutes later this entry is found in the log:

"Remote Desktop Connection Broker Client failed to redirect the user xxx\testuser
Error: NULL"


These are the log entries when the connection is successfull:

"RD Connection Broker received connection request for user xxx\testuser
Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.KRPCLOUD
Initial Application = NULL
Call came from Redirector Server = KRPSH02.xxx.net
Redirector is configured as Farm member"


Followed by:

"RD Connection Broker successfully processed the connection request for user xxx\testuser. Redirection info:
Target Name = KRPSH02
Target IP Address = 10.4.3.7
Target Netbios = KRPSH02
Target FQDN = KRPSH02.xxx.net
Disconnected Session Found = 0x0"


And then:

"Session for user xxx\testuser successfully added to RD Connection Broker's database.
Target Name = KRPSH02.xxx.net
Session ID = 2
Farm Name = KRPCLOUD"

And:

"This connection request has resulted in a successful session logon (User successfully logged on to the end point). Remote Desktop Connection Broker will stop monitoring this connection request."


If I connect to one of the other servers on the network - the KRPDC01 - and from there connects to the RDS Farm (internally) then there is no problem recieving the connections. Also connections where the broker has to redirect the connection to a differing Session Host is completed without problems.

I have noticed than when successfully connection from internally where the connection is redirected by the connection broker, then I actually recieved 2 certificate warnings. One first from the Session Host that have recieved the connection request, and the shortly after from the second Session Host (when the connection broker is redirecting the connection) and then the connection is established.

When connection from the outside, I never get the second certificate warning.


In Azure I have setup indpoint for Remote Desktop - TCP/3389 on both Session Host servers and on the Connection broker.


As mentioned I am at a total loss, and I hope someone out there is able to help me solve this issue.

Thanks in advance :-)

Regards,

Daniél
0
Comment
Question by:llobello
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39808588
Hi

Do you have additional Remote Desktop Service licenses in place?
0
 

Author Comment

by:llobello
ID: 39808605
Hi,

Sorry, the license server role is installed on the same server as the connection broker. I have merely added the role through server manager.

Daniél
0
 

Author Comment

by:llobello
ID: 39808606
I have not yet added any license packs to the server, but am still running in evaluation mode...

Daniél
0
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 1200 total points
ID: 39808628
You need to set up RDGateway. Azure VMs still run behind NAT so, even though you have created two endpoints, the broker is redirecting to a non-routable IP and then the connection fails. With a gateway in place, this can be avoided, and the RDS wizard in 2012 R2 server manager automates getting this configuration to work.
0
 

Author Comment

by:llobello
ID: 39808646
Hi Cliff,

That sounds as if it would fic my problems, I will install the gateway later and let you know.

Thanks,

Daniél
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question