Remote RDP access in Server 2012

We have a two part problem.  We are trying to setup remote access (the new RDS web access) in Server 2012.
We have followed some online guides and got all green checks saying all is good.  Users can't hit the server through a browser though.

More immediate part of the remote issue is the user can't log on thru RDP using the regular RDP app.  Only Administrator can.
Here is some info:
Server 2012 R2 only a week old.  All works well except this.
Sonicwall firewall - ports are forwarded correctly as I can RDP direct to the public IP and it lets me log on the server as administrator only.  When the user logs in there is a msg about ... to sign in remotely you need the right to sign in thru remote desktop services etc.....

The user is in the Remote Desktop Users group.  If she gets put in the administrators group she can log in fine.
We don't really want to give the end user admin rights to the server.

After the user login issue is resolved the end goal is to use the new Web access part of RDS with Server 2012 R2.
From brief reading it looks like the end user can then bring up a www address and get RDP access to the Server and certain published apps which would be awesome.

We did add an A record to DNS on a domain that does resolve to the proper public IP.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tmoonAuthor Commented:
Found another article that says to choose Remote desktop services installation instead of role based.  Article is here:

This did work to some degree!  The user can now RDP into the Server without being in the adminsitrators group.
I did publish the program that they will need and going in thru a browser I do see the published app.  When I click on the app though it downloads an RDP laucher program via the browser.  When I run the program it says " The remote computer could not be found.  Please contact your helpdesk about this error."  Title of error is: RemoteApp Disconnected.

No biggie but it would be nice to be able to go in this way if at all possible.
Cliff GaliherCommented:
You'll want to set up an RDGateway server and configure it in server manager. That is the information RDWeb uses when generating RDP files.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tmoonAuthor Commented:
I believe the RD Gateway server installed as part of the above installed package.  I can get to the properties with the server farm tab, SSL cert tab, RD CAP score etc.  All fields are good and list the server name.  Is there a tried and true easy way to verify the correct things are installed?
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Cliff GaliherCommented:
Rdgatwway and rdlicensing are not installed or configured during the default scenario based wizard. Only an RDSH/RDVH, RDCB, and RDWA are. You can see servers and roles under remote desktop services in server manager.
You need to have installed

Remote Desktop Services:
  Remote Desktop Connection Broker
  Remote Desktop Gateway
  Remote Session Host
  Remote Desktop Web Access

Web Server  (default features)

You can use the Remote Desktop services installation, Quick Start, virtual machine-based,
tmoonAuthor Commented:
I did use the method from the last comment.  When I web browser into it does come up.  Even externally.  So does this mean that the correct components are installed?  
The only issue is I published a resource (an application), which does show up but when clicked on it launches a RDP client which when opened says the computer cannot be found.
Good to know your first and original issue is solved!!!

Now when you publish a resource (App) you are actually giving access to the server where the application is installed.  You can try that with the calculator, paint or notepad.  You will have about 120 days free (no licenses required) to try and test it.  After that period you will need CALs for that.

If the machine can't be find it might be related to a DNS problem.  Try to open a RDC to the machine (server) where the application is and see if you are able to get to it.  Also check who has rights to RDC to the machine and in you Remote Desktop Gateway Manager your connection policies.
Cliff GaliherCommented:
"So does this mean that the correct components are installed?  "

No.  The website is served by the RDWA role. Making that accessible externally is as easy as making *any* site accessible externally. Open/forward port 443.

That is not evidence that you have the RDGateway role installed or configured. And RDGateway is what handles external RDP request and routes them to the right server. It acts as a reverse proxy for RDP. It does NOT serve web pages and does not proxy the web traffic. Those are two different components.

For the .rdp files to work externally that are created by RDWA, you still need to install and configure RDGateway.
tmoonAuthor Commented:
No luck as of yet but if all the web access does is download an RDP app then we'll prob can the operation and run RDP direct.  Is there any other benefit to this?  I thought the new web RDS would be a little easier but under it all it seems like it just sets up a 'downloaded' RDP session for the user?   I guess the only benefit would be users that don't have or don't know how to connect by the regular remote desktop app.
Cliff GaliherCommented:
Opening RDP introduces its own issues. TSGrinder is an example. Even without RDWA, I'd strongly recommend using RDGateway and not opening RDP access directly externally. But yes, RDWA is purely a (significant) convenience feature to make getting RDP settings to users much easier. But it sounds like RDWA isn't your problem. RDGateway is.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.