RDweb 'Connect to a Remote PC' only appears on 2012 R2 server locally


I have been in and out of forums checking on most queries for this, but in my particular instance, not many have solved this issue that I suspect might have something to do with the FQDN relationship between certificate and host server being .local vs .com.

When I browse externally to URL https://remote.server.com I can log in (with either a standard user or admin) and I am presented with 'RemoteApps', however, when I log in on the local server (as admin or standard user) I am presented with 'RemoteApps' along with 'Connect to a Remote PC'; which is exactly what I want to see when I log in externally from any client.

So, to add some insight into what I can confirm:

TCP Port 3389 & 443 are open.
I am using Internet Explorer (after reading about the ActiveX trap)
IIS show desktops is set to TRUE
Tested with Firewall OFF, Tested with AntiVirus OFF

My server has a hostname of DC-FS01
My SSL certificate has an FQDN of remote.server.com however, internally my hostname looks like DC-FS01.server.local

I have a Forward Zone called remote.server.com that points to the internal server / DNS server IP address, and can ping remote.server.com internally.

I read somewhere that I should be able to ping remote.server.com and get a response, this does not happen in my instance, but I find that strange if I am meant to be able to achieve this when I am going through a browser.

Any insight or advice into this would be much appreciated.

DamianIT incAsked:
Who is Participating?
Philip ElderConnect With a Mentor Technical Architect - HA/Compute/StorageCommented:
The fact that it appears locally, thus via IE, means you've replicated my steps. The server trusts itself thus it works.

On a remote machine, using a user account, add the remote.domain.com to Trusted Sites then open and log on to RDWeb using that user account. It should just work.

Note that we always split the DNS so remote.domain.com resolves to the internal server's IP on the network or to the WAN IP via the Internet.
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
3389 should never be open. RD Gateway is there to protect the RD environment from TSGrinder and other such tools. Please close it.

Add the RDWeb URL to Trusted Sites.
Use IE
Choose "This is a Private Computer" radio button
Log on to RDWeb

Does it show? It should:
RDWeb via IE with Trusted Sites
DamianIT incAuthor Commented:
Hello and thanks for your response.

I am temporarily using 3389 (currently for doing direct-to-server admin outside of RDweb) - I will change this when I pass the point of understand what is going on here.

So, when you mentioned "Add the RDWeb URL to Trusted Sites."
Are you referring to the internal address of my RDweb or the FQDN ?
And are you advising to add this on the server or the client trying to reach that address?

But in response to your question, I get to see a similar image you displayed only when I am logging in to remote.server.com on the stand alone server locally, when I jump on another client PC in the LAN and browse to remote.server.com (using IE).. "connect to a remote PC" is omitted from view.

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

DamianIT incAuthor Commented:
I suspected this may have something to do with CALs, so I generated a report:

Best Practices Analyzer is complaining about 'device CALs', but then the Microsoft online CAL wizard suggests device CALs would be best suited to configuration this size.

Report Date:,"Monday, 5 February 2018 2:54:34 AM"

CAL Version,CAL Type,Installed CALs,CALs in Use,CAL Availability
Windows Server 2012,RDS Per Device CAL,50,0,Available
Windows Server 2012,RDS Per User CAL,0,0,None

No Per User License has been Issued

No Per User License Issuance has failed

No Per Device License has been issued
DamianIT incAuthor Commented:
Well I should state, that "Connect to a Remote PC" was appearing locally prior to following your steps.  IT is the external clients not seeing "Connect to a Remote PC" that is the concern.

I will try your advise on the external client 'IE Trusted-Sites' and post the results shortly.  Thanks for the quick response.
DamianIT incAuthor Commented:
To confirm, I tried IE on another computer.. it added some ActiveX plugins and then I was able to get in!

Thanks very much, it would appear the IE security settings was preventing me from getting to the gold.

Now,  I have a new issue, adding the workstations that are available for remote access to GP ! :)

Cheers Philip!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.