asked on RDSWeb issue
Hi all,
I have a RDS Farm with one broker which also does RDWeb, and two host sessions. All servers Win2012R2 fully patched.
I also have a wildcard certificate.
I can successfully get to the web portal, and open any of my remote apps internally.
I can successfully get to the web portal, but cannot open any of the remote apps externally however. This throws an error "
"Your computer can't connect to the remote computer because of an error occurred on the remote computer that you want to connect to"
No errors logged on either the broker or the hosts.
I checked my collection settings and tried different combinations of authentication. Security layer is currently set to "Negotiate" but I tested "RDP Security Layer" as well, and encryption level is set to low, it was "Client Compatible" before.
any clues ? I tested on a Win7 client, a Win8 or a Win2008. No luck so far.
Txs.
I have a RDS Farm with one broker which also does RDWeb, and two host sessions. All servers Win2012R2 fully patched.
I also have a wildcard certificate.
I can successfully get to the web portal, and open any of my remote apps internally.
I can successfully get to the web portal, but cannot open any of the remote apps externally however. This throws an error "
"Your computer can't connect to the remote computer because of an error occurred on the remote computer that you want to connect to"
No errors logged on either the broker or the hosts.
I checked my collection settings and tried different combinations of authentication. Security layer is currently set to "Negotiate" but I tested "RDP Security Layer" as well, and encryption level is set to low, it was "Client Compatible" before.
any clues ? I tested on a Win7 client, a Win8 or a Win2008. No luck so far.
Txs.
Remote AccessWindows Server 2012
Last Comment
CBM Corporate
To do this via RDWeb, you must set up the RDGateway role on a server, configure it with a publicly resolvable name, and configure your router to properly route traffic to the RDGateway server.
ASKER
That's exactly how it's done.
public FQDN resolves to my fwall, which forwards 443 to my RD Gateway, who then in turn forwards the RDP requests to the host session servers.
The certificate (wildcard) matches the FQDN.
public FQDN resolves to my fwall, which forwards 443 to my RD Gateway, who then in turn forwards the RDP requests to the host session servers.
The certificate (wildcard) matches the FQDN.
Your orginal post hadn't mentioned rdgateway. Is it collocated with the rdweb and/or RDCB? Do these have unique names? As an aside, you mentioned having a "farm" which in 2012 is no longer technically accurate. Did you try to set up a farm as it was done in 2008 R2 with round robin DNS? Cuz *that* won't work...
ASKER
Okay sorry, bad terminology. :)
Server #1 : Broker, Licensing, Web and Gateway.
Server #2 & 3 ; Host
public FQDN to my WAN IP (443 NAT'ed)
Internal DNS for FQDN to IP of Server #1
RDWeb works great internally. Doesn't externally.
Server #1 : Broker, Licensing, Web and Gateway.
Server #2 & 3 ; Host
public FQDN to my WAN IP (443 NAT'ed)
Internal DNS for FQDN to IP of Server #1
RDWeb works great internally. Doesn't externally.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Here's some excerpt from the notepad file
redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
span monitors:i:1
use multimon:i:1
remoteapplicationmode:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
videoplaybackmode:i:1
audiocapturemode:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:
gatewaycredentialssource:i
full address:s:rds.xxxxx.com.au
alternate shell:s:||EXCEL
remoteapplicationprogram:s
gatewayhostname:s:rds.xxxx
remoteapplicationname:s:Ex
remoteapplicationcmdline:s
workspace id:s:RDGATEWAYSERVER.XXXXX
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS
alternate full address:s:rds.xxxxx.com.au
The rest is the digital signature.
Anything seems odd to you ?
redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
span monitors:i:1
use multimon:i:1
remoteapplicationmode:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
videoplaybackmode:i:1
audiocapturemode:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:
gatewaycredentialssource:i
full address:s:rds.xxxxx.com.au
alternate shell:s:||EXCEL
remoteapplicationprogram:s
gatewayhostname:s:rds.xxxx
remoteapplicationname:s:Ex
remoteapplicationcmdline:s
workspace id:s:RDGATEWAYSERVER.XXXXX
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS
alternate full address:s:rds.xxxxx.com.au
The rest is the digital signature.
Anything seems odd to you ?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Okay that would make sense, so where can I check the broker does pass the public FQDN ? I've looked where I could think of but there's no mention of the .local address in the collection or in the deployment, other than the name of the servers for each role (RD Web Access Server, license server).
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
So...what out of the box this solution by Msoft is not designed to work ? I find it hard to believe I have to "go out of my way" to fix this, when I just followed wizards and Technet articles.
Anyways. Your suggestions are welcome mate.
Anyways. Your suggestions are welcome mate.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Okay, thanks for that, but that's not really helping. I get your point, and obviously I did not deploy it right. But, no, there is no round-robin DNS, and no this was not done "as 2008".
Now if you can't help me. I understand, but I did not post this question to be patronized.
It might be a spaghetti, but can you help me with the sauce, or should I ask another chef ?
Now if you can't help me. I understand, but I did not post this question to be patronized.
It might be a spaghetti, but can you help me with the sauce, or should I ask another chef ?