RDP farm via NAT not working

I built a 2008 R2 RDP server a while back for use by a small number of users, this server contains all the roles.

It's accessed via NAT. Naturally enough the number of users has grown and I have added a second server.

The load balancing works fine internally on the LAN but users attempting to connect via the web (thru a  NAT) usually cannot connect.

I can see that it must be the configuration of RD Gateway manager but I don't see where I've missed (or added) something

All help gratefully accepted!
eurochangeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Randy DownsOWNERCommented:
Maybe this would work for you.

put the RDSH servers on their own network segment and assigned them external IP addresses.   It wasn't exactly a clean solution but it worked.  What is the make/model of your router?

Alternatively are you able to set up a Remote Desktop Gateway server?  This would be the recommended way to access the RDSH servers...
0
eurochangeAuthor Commented:
I have a gateway serveralready , it appears to be handing off sessions to the new server then the client gets an unable to connect error.
0
Davis McCarnOwnerCommented:
As always, the answer is in the details......
What, exactly (!!!) is the error the client gets?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Randy DownsOWNERCommented:
did you do this?

put the RDSH servers on their own network segment and assigned them external IP addresses
0
eurochangeAuthor Commented:
The error message is:
Remote desktop can't connect to the remote computer for one of these reasons.
1 remote access to the server is not enabled
2 remote computer is turned off
3 remote computer is not available on the network

The remote gateway server, which is the destination of the NAT I'm connecting to records event ID1149 authentication succeeded
Event ID 800  & event ID 801 RC connection broker succesfully processed the connection request for "USER"  redirection Info Target Name = RDSERVERB target 1p = 192.*.*..* target Netbios=RDSERVERB target FQDM = RDSERVERB.domain disconnected session found =0x0

So it looks to be trying to redirect me but .....
0
eurochangeAuthor Commented:
put the RDSH servers on their own network segment and assigned them external IP addresses

Not tried this and unlikely to be able to do so anytime soon being live servers
0
Randy DownsOWNERCommented:
Possible to try a test RDSH servers on their own network segment and assigned them external IP addresses? If it solves the problem it might be worthwhile moving teh live servers.
0
Davis McCarnOwnerCommented:
0
eurochangeAuthor Commented:
"Possible to try a test RDSH servers on their own network segment and assigned them external IP addresses? If it solves the problem it might be worthwhile moving teh live servers. "

Still not possible to test these live systems
0
eurochangeAuthor Commented:
"Did you find this?
https://support.microsoft.com/en-us/kb/2083411"

It works fine on the local LAN so i don't believe this is relevant
0
SteveCommented:
to confirm:
you have port 443 forwarded from the external internet IP to the gateway server
you do NOT have port 3389 forwarded on your router at all
you have an SSL installed on the gateway server
the gateway server can see the RDS host without a problem (try RDPing to the host from the gateway server)

assuming the above is correct, it should work. have you checked the RDP client being used externally is new enough to know how to deal with the gateway (eg is it an old version on XP?)
0
eurochangeAuthor Commented:
Hi,

yes, I have port 443 forwarded from the external internet IP to the gateway server
yes, I have an SSL installed on the gateway server
yes, the gateway server can see the RDS host without a problem (try RDPing to the host from the gateway server)

Clients are Win7

"you do NOT have port 3389 forwarded on your router at all"

The gateway server is the original RDS server so 3389 is Nat'd to that, the logs on the new server indicate auth. is occuring on the new server.

It's almost as if there is no network path back to the client??

Client gets messages aboutr securing, then configuring the connection then iniiating the connection at whicjh point it fails after 5-10 secs.
0
SteveCommented:
close port 3389. that's confusing the RDP client as only port 443 is  used with a gateway.
0
eurochangeAuthor Commented:
closing port 3389 stopped it working from the web completely!
0
SteveCommented:
can you connect to the server via https externally? have you tried connecting through the web interface?
0
eurochangeAuthor Commented:
we closed the web interface down a while ago. www service isn't running
0
SteveCommented:
that's probably the issue then. as advised above, the gateway proxies rdp connections over port 443.

Take a look at this for more info:

https://technet.microsoft.com/en-gb/library/cc731150.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.