Remote Access (RD Web) to second remote desktop server not working
I have an environment where there are two RD Session Host computers (Windows Server 2012 R2) each with published applications. One of the servers (SERVER1) is configured with RD Connection Broker, RD Session Host, RD Gateway, RD Licensing, and RD Web Access. The other (SERVER2) only has the RD Session Host role. I have two collections, one for each server. I can remote desktop to either server without issue. My problem is publishing RemoteApp programs. All of the RemoteApp programs on the server with all of the RD roles installed (SERVER1) works fine. I cannot however run any of the published RemoteApp programs on the server with only the RD Session Host role installed (SERVER2). The error I receive is "RemoteApp Disconnected. This computer can't connect to the remote computer..." The problem is obvious, I think. When I click on the published RemoteApp I can see that it is attempt to connect to "SERVER1" instead of "SERVER2" as it should. The question is, how do I fix this? Do I need an additional role installed on "SERVER2?"
Cliff Galiher
Does this issue occur internally or only externally? Keep in mind that all initial connections go to the RDCB first for load balancing or to reconnect disconnected sessions. So seeing a connection to Server1 is not necessarily a sign of an issue.
ASKER
It does happen both internally and externally.
Then chances are you've misconfigured the rdgateway settings and it is not able to connect to any other RDSH server besides itself. Check those settings, DNS, and firewall.
ASKER
Cliff,
Thanks for your response. I have checked DNS; both forward and reverse lookups are correct. The firewall for both RDSH servers are managed by the same group policy. I am able to connect to either locally or through RD Gateway. My only (known) problem is publishing applications hosted on SERVER2. Do you have any ideas for other specific settings to check?
Thanks for your response. I have checked DNS; both forward and reverse lookups are correct. The firewall for both RDSH servers are managed by the same group policy. I am able to connect to either locally or through RD Gateway. My only (known) problem is publishing applications hosted on SERVER2. Do you have any ideas for other specific settings to check?
At that point I'd start wireshark and see what is going on. The .rdp file should list the RDGateway, the RDCB, and the collection name. The actual connection should go through the RDGateway to the RDCB. The RDCB would look up the collection and issue a redirect to the second server, and then the final connection would be established. That's the workflow and you should be able to see that in network captures. You should also be seeing logged events and you can always turn on more logging on each role to see what is happening.
ASKER
I am attaching the RDP file for you to examine. I don't see any evidence of a reference to the collection. All references to the internal server names are to REMOTE1. REMOTE2 is the only server which publishes this application. It seems like something has to be wrong on the process of publishing the application but I can't figure out what it might be.
Sage-50-Accounting-2015--Work-Resour.txt
Sage-50-Accounting-2015--Work-Resour.txt
Try opening the "properties" for your application collection experiencing the problem. Navigate to security and untick "Allow connections only from computers running Remote Desktop with Network Level Authentication". Now test the connection again.
ASKER
I tried unchecking "Allow connections only from computers running Remote Desktop with Network Level Authentication" however this did not resolve the problem.
The only thing that I can think of is that during setup you plugged in erroneous information. I looked at your text file again, shouldn't the alternate address be REMOTE2?
ASKER
I agree with your assessment that the correct address should be REMOTE2. The problem is that I don't know to make that change, if it is in fact correct. My only option is to publish or not the application, as far as I know.
What settings do you see when you open the Remote Desktop Connection client
ASKER
Dennis,
If I manually configure a remote desktop connection I can access REMOTE2 through the RD Gateway computer without problem. The problem is that the application publishing feature is showing the Remote Computer as REMOTE1.internaldomain.loc
If I manually configure a remote desktop connection I can access REMOTE2 through the RD Gateway computer without problem. The problem is that the application publishing feature is showing the Remote Computer as REMOTE1.internaldomain.loc
Let's separate these issues. It appears that you are using a software package (Peechtree maybe) to publish that has nothing to do with the server software. Am I close?
ASKER
Correct.
Your will need to dig into the app, not the server side and redirect where the Peachtree app is pointing.
ASKER
Dennis,
I don't think it is the app. To confirm I published Calc and WordPad on REMOTE2. I first confirmed that these apps are not published on REMOTE1. I am experiencing the same problem with these apps as with Peachtree. Something is not working correcting in the publishing process.
I don't think it is the app. To confirm I published Calc and WordPad on REMOTE2. I first confirmed that these apps are not published on REMOTE1. I am experiencing the same problem with these apps as with Peachtree. Something is not working correcting in the publishing process.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cliff,
Thank you for the explanation. Please go one step further. Do both servers (REMOTE1 and REMOTE2) have to offer the same applications? In this environment they aren't separate for load balancing. The idea was to have two different machines setup for two user groups. One group of users will use REMOTE1, the other group will use REMOTE2. Will this work? Are you aware of any documentation for this configuration?
Thank you for the explanation. Please go one step further. Do both servers (REMOTE1 and REMOTE2) have to offer the same applications? In this environment they aren't separate for load balancing. The idea was to have two different machines setup for two user groups. One group of users will use REMOTE1, the other group will use REMOTE2. Will this work? Are you aware of any documentation for this configuration?
All machines in a collection need to have the same apps for load valancing. Load valancing occurs per collection. So those need to be the same. But if the servers will be different, simply define different collections. Users connecting to an app published in collection 1 will never get load balanced over to a server in collection 2, even if both collections happen to have that app. That's why collections are defined the way they are, so you can scale different apps based on use case. This is normal and acceptable. No special configuration required.
ASKER
Okay. I believe I have configured this as you suggest. I have two collections with different apps in each collection. As an administrator I am a member of both AD groups which are assigned to the two collections. I removed myself from the group assigned to the collection on REMOTE1. When I login to the RDWeb page I no longer see the resources published on REMOTE1. I still see the resources published on REMOTE2 however I am still unable to launch those applications. The same error exists.
Which is why you will have to go through the troubleshooting I've suggested. There is no shortcut and guessing is clearly going nowhere. I didn't make those suggestions idly.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.