none
RDWEB and DNS troubles, Internal vs. External

    Question

  • Wondering is someone can assist.

    I have deployed a new RDWEB setup using Windows Server 2012R2.  I have all certificates in place, using a wildcard cert, all DNS entries as well.

    The site works great internally and externally, except if I try to use a domain joined system externally.

    I believe my issue is related to our internal domain name is the same as the external domain name.

    I have setup external DNS: demo.mydomain.com point to external IP  of RD gateway

    I have setup internal DNS: demo.mydomain.com points to internal IP of RD gateway.

    Again, I can access the site and all published apps fine from public computers, and even my tablet.  The issue is only when I use a domain joined system, like my laptop, that I take off-site.

    I can get to the RDWEB site, log in, and see all the published apps. When I click on an app, it tries to connect, and seems to time out and give this error:

    This computer can't connect to the remote computer.

    The two computers couldn't connect in the amount of time allotted. Try connecting again. If the problem continues, contact your network administrator or network support.

    Any help is appreciated.

    Steve

    Friday, November 01, 2013 4:20 PM

Answers

All replies

  • Hi,

    I have seen this on a few occasions :

    I take it from the configuration you are using a split brain DNS ? 

    Have you tried clearing the DNS cache on a domain joined machine when using it externally. 

    Have you tried connecting directly to a server from the gateway using MSTSC externally ?

    I would also check the configuration of your RD Gateway: have a look for guidence Deploying Remote Desktop Gateway RDS 2012 

    I have also found that adding a additional ip address for external access works. 

    Is there any information in the logs ? 

    Saturday, November 02, 2013 12:44 PM
  • Thanks for the reply.

    I have cleared the DNS on the systems when going external, also tried from multiple locations to eliminate anything to do with the remote site.

    Not sure about your next question, 3389 is not open externally, so I cannot MSTSC to the gateway. 

    I will ready through this document, in case I have missed something.

    Event logs on the remote system, and gateway show nothing (currently the gateway is also the RDS, as this is a small demo deployment).

    Saturday, November 02, 2013 12:56 PM
  • Hi,

    RDS uses a secure tunnel (HTTPS) 443 so there is no need to configure port 3389, it is also a security risk opening port 3389 on your firewall. 

    To configure the client to use the gateway:

    open the remote desktop connection client (MSTSC) > expand show all options >Advanced > connect from Anywhere, Settings >Use These RD Gateway server settings: 

    Best regards,

    Saturday, November 02, 2013 1:03 PM
  • I am unable to connect via MSTSC on my domain joined system from outside the network.  I can using a non-domain system.

    I have looked through your link, and all configurations look good.

    Saturday, November 02, 2013 2:05 PM
  • Are you using a gateway farm or a single server ?

    is the gateway a separate public ip or is the role on the same server as rdweb?

    Saturday, November 02, 2013 3:14 PM
  • One ip, all on one server. Again all works well when not using domain joined pc.
    Saturday, November 02, 2013 3:30 PM
  • Hi,

    Here writing to ensure that, do you need any other assistance? If there is anything we can do for you, please let us know.

    Thanks.

    Thursday, November 07, 2013 3:01 AM
    Moderator
  • Hi, I am still having this issue. I have looked over my setup multiple times. I even tried adding an external dns entry for my internal RDS system, but no luck. Also tried adding host file entry. Nothing seems to work. Thanks, Steve
    Thursday, November 07, 2013 3:06 AM
  • Hi,

    Firstly sorry for the late reply.

    As you have mentioned in your previous comment that, when not using domain joined PC all works well. For this I can say that, Have you create RD RAP and add the users group in RD CAP?


    You can try to connect new RD Gateway-managed computer group that contains both the NetBIOS names and the fully qualified domain names (FQDNs) of the RD Session Host servers or the RD Session Host server farm that hosts the RemoteApp programs. In meanwhile sharing some links with you, please go through for more information.

    1.  Checklist: Make RemoteApp Programs Available from the Internet
    2.  Best Practices Analyzer for Remote Desktop Services: Configuration

    Hope it helps!
    Thanks.
    Sunday, November 17, 2013 5:56 AM
    Moderator