RDweb 'Connect to a Remote PC' only appears on 2012 R2 server locally


I have been in and out of forums checking on most queries for this, but in my particular instance, not many have solved this issue that I suspect might have something to do with the FQDN relationship between certificate and host server being .local vs .com.

When I browse externally to URL https://remote.server.com I can log in (with either a standard user or admin) and I am presented with 'RemoteApps', however, when I log in on the local server (as admin or standard user) I am presented with 'RemoteApps' along with 'Connect to a Remote PC'; which is exactly what I want to see when I log in externally from any client.

So, to add some insight into what I can confirm:

TCP Port 3389 & 443 are open.
I am using Internet Explorer (after reading about the ActiveX trap)
IIS show desktops is set to TRUE
Tested with Firewall OFF, Tested with AntiVirus OFF

My server has a hostname of DC-FS01
My SSL certificate has an FQDN of remote.server.com however, internally my hostname looks like DC-FS01.server.local

I have a Forward Zone called remote.server.com that points to the internal server / DNS server IP address, and can ping remote.server.com internally.

I read somewhere that I should be able to ping remote.server.com and get a response, this does not happen in my instance, but I find that strange if I am meant to be able to achieve this when I am going through a browser.

Any insight or advice into this would be much appreciated.

DamianIT incAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Philip ElderTechnical Architect - HA/Compute/StorageCommented:
3389 should never be open. RD Gateway is there to protect the RD environment from TSGrinder and other such tools. Please close it.

Add the RDWeb URL to Trusted Sites.
Use IE
Choose "This is a Private Computer" radio button
Log on to RDWeb

Does it show? It should:
RDWeb via IE with Trusted Sites
DamianIT incAuthor Commented:
Hello and thanks for your response.

I am temporarily using 3389 (currently for doing direct-to-server admin outside of RDweb) - I will change this when I pass the point of understand what is going on here.

So, when you mentioned "Add the RDWeb URL to Trusted Sites."
Are you referring to the internal address of my RDweb or the FQDN ?
And are you advising to add this on the server or the client trying to reach that address?

But in response to your question, I get to see a similar image you displayed only when I am logging in to remote.server.com on the stand alone server locally, when I jump on another client PC in the LAN and browse to remote.server.com (using IE).. "connect to a remote PC" is omitted from view.

DamianIT incAuthor Commented:
I suspected this may have something to do with CALs, so I generated a report:

Best Practices Analyzer is complaining about 'device CALs', but then the Microsoft online CAL wizard suggests device CALs would be best suited to configuration this size.

Report Date:,"Monday, 5 February 2018 2:54:34 AM"

CAL Version,CAL Type,Installed CALs,CALs in Use,CAL Availability
Windows Server 2012,RDS Per Device CAL,50,0,Available
Windows Server 2012,RDS Per User CAL,0,0,None

No Per User License has been Issued

No Per User License Issuance has failed

No Per Device License has been issued
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Philip ElderTechnical Architect - HA/Compute/StorageCommented:
The fact that it appears locally, thus via IE, means you've replicated my steps. The server trusts itself thus it works.

On a remote machine, using a user account, add the remote.domain.com to Trusted Sites then open and log on to RDWeb using that user account. It should just work.

Note that we always split the DNS so remote.domain.com resolves to the internal server's IP on the network or to the WAN IP via the Internet.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DamianIT incAuthor Commented:
Well I should state, that "Connect to a Remote PC" was appearing locally prior to following your steps.  IT is the external clients not seeing "Connect to a Remote PC" that is the concern.

I will try your advise on the external client 'IE Trusted-Sites' and post the results shortly.  Thanks for the quick response.
DamianIT incAuthor Commented:
To confirm, I tried IE on another computer.. it added some ActiveX plugins and then I was able to get in!

Thanks very much, it would appear the IE security settings was preventing me from getting to the gold.

Now,  I have a new issue, adding the workstations that are available for remote access to GP ! :)

Cheers Philip!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.