eurochange
asked on
RDP farm via NAT not working
I built a 2008 R2 RDP server a while back for use by a small number of users, this server contains all the roles.
It's accessed via NAT. Naturally enough the number of users has grown and I have added a second server.
The load balancing works fine internally on the LAN but users attempting to connect via the web (thru a NAT) usually cannot connect.
I can see that it must be the configuration of RD Gateway manager but I don't see where I've missed (or added) something
All help gratefully accepted!
It's accessed via NAT. Naturally enough the number of users has grown and I have added a second server.
The load balancing works fine internally on the LAN but users attempting to connect via the web (thru a NAT) usually cannot connect.
I can see that it must be the configuration of RD Gateway manager but I don't see where I've missed (or added) something
All help gratefully accepted!
Maybe this would work for you.
ASKER
I have a gateway serveralready , it appears to be handing off sessions to the new server then the client gets an unable to connect error.
As always, the answer is in the details......
What, exactly (!!!) is the error the client gets?
What, exactly (!!!) is the error the client gets?
did you do this?
put the RDSH servers on their own network segment and assigned them external IP addresses
ASKER
The error message is:
Remote desktop can't connect to the remote computer for one of these reasons.
1 remote access to the server is not enabled
2 remote computer is turned off
3 remote computer is not available on the network
The remote gateway server, which is the destination of the NAT I'm connecting to records event ID1149 authentication succeeded
Event ID 800 & event ID 801 RC connection broker succesfully processed the connection request for "USER" redirection Info Target Name = RDSERVERB target 1p = 192.*.*..* target Netbios=RDSERVERB target FQDM = RDSERVERB.domain disconnected session found =0x0
So it looks to be trying to redirect me but .....
Remote desktop can't connect to the remote computer for one of these reasons.
1 remote access to the server is not enabled
2 remote computer is turned off
3 remote computer is not available on the network
The remote gateway server, which is the destination of the NAT I'm connecting to records event ID1149 authentication succeeded
Event ID 800 & event ID 801 RC connection broker succesfully processed the connection request for "USER" redirection Info Target Name = RDSERVERB target 1p = 192.*.*..* target Netbios=RDSERVERB target FQDM = RDSERVERB.domain disconnected session found =0x0
So it looks to be trying to redirect me but .....
ASKER
put the RDSH servers on their own network segment and assigned them external IP addresses
Not tried this and unlikely to be able to do so anytime soon being live servers
Not tried this and unlikely to be able to do so anytime soon being live servers
Possible to try a test RDSH servers on their own network segment and assigned them external IP addresses? If it solves the problem it might be worthwhile moving teh live servers.
Did you find this?
https://support.microsoft.com/en-us/kb/2083411
https://support.microsoft.com/en-us/kb/2083411
ASKER
"Possible to try a test RDSH servers on their own network segment and assigned them external IP addresses? If it solves the problem it might be worthwhile moving teh live servers. "
Still not possible to test these live systems
Still not possible to test these live systems
ASKER
"Did you find this?
https://support.microsoft.com/en-us/kb/2083411"
It works fine on the local LAN so i don't believe this is relevant
https://support.microsoft.com/en-us/kb/2083411"
It works fine on the local LAN so i don't believe this is relevant
to confirm:
assuming the above is correct, it should work. have you checked the RDP client being used externally is new enough to know how to deal with the gateway (eg is it an old version on XP?)
you have port 443 forwarded from the external internet IP to the gateway server
you do NOT have port 3389 forwarded on your router at all
you have an SSL installed on the gateway server
the gateway server can see the RDS host without a problem (try RDPing to the host from the gateway server)
assuming the above is correct, it should work. have you checked the RDP client being used externally is new enough to know how to deal with the gateway (eg is it an old version on XP?)
ASKER
Hi,
yes, I have port 443 forwarded from the external internet IP to the gateway server
yes, I have an SSL installed on the gateway server
yes, the gateway server can see the RDS host without a problem (try RDPing to the host from the gateway server)
Clients are Win7
"you do NOT have port 3389 forwarded on your router at all"
The gateway server is the original RDS server so 3389 is Nat'd to that, the logs on the new server indicate auth. is occuring on the new server.
It's almost as if there is no network path back to the client??
Client gets messages aboutr securing, then configuring the connection then iniiating the connection at whicjh point it fails after 5-10 secs.
yes, I have port 443 forwarded from the external internet IP to the gateway server
yes, I have an SSL installed on the gateway server
yes, the gateway server can see the RDS host without a problem (try RDPing to the host from the gateway server)
Clients are Win7
"you do NOT have port 3389 forwarded on your router at all"
The gateway server is the original RDS server so 3389 is Nat'd to that, the logs on the new server indicate auth. is occuring on the new server.
It's almost as if there is no network path back to the client??
Client gets messages aboutr securing, then configuring the connection then iniiating the connection at whicjh point it fails after 5-10 secs.
close port 3389. that's confusing the RDP client as only port 443 is used with a gateway.
ASKER
closing port 3389 stopped it working from the web completely!
can you connect to the server via https externally? have you tried connecting through the web interface?
ASKER
we closed the web interface down a while ago. www service isn't running
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.