Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
TS Web & RD Web RDP connection problem

Réponse proposée TS Web & RD Web RDP connection problem

  • Monday, February 18, 2013 9:52 PM
     
     
    Sign In to Vote
    0

    Summary:

    • Problem using Remote Apps & RDP from "RDWeb" interface when accessed from the public internet.

    Background:

    • Currently have, 1 x Windows Server 2008 TS Web Access & 1 x Windows Server 2008 R2 RD Web Access setup.
    • Both are configured to use remote apps inc RDP.
    • Both allow login to the web interfaces (Prompts for login when connection to URL).
    • Both allow RDP connections internally and work correctly without problems.
    • Both have Digicert SSLs installed, tested as valid.
    • These are standalone installations and not in a Farm.

    Issue:

    TSWeb (Server 2008) works correctly and allows RDP connection to itself from the "Remote Apps"

    RDWeb (Server 2008 R2) does not and the RDP connection errors:

    "Your computer can't connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance"

    I am trying to connection to the RDWeb server externally from a Windows 7 PC (RDP 6.2.9200). If I click the "Remote Desktop" selection on the TS Web Interface, I can also RDP to other Windows Server 2003 terminal servers, however any other Server 2008 R2 servers to not work.

    Questions:

    1. Is there something being missed in the configuration?
    2. Are there any fundimental differences between Server 2008 TS Web and Server 2008 R2 RDWeb? (Security etc?)
    3. Would someone also be able to clarify the need to open port 3389 on the firewall, my understanding was that RDP (3389) should be wrapped in the HTTPS (443) traffic therefore only 443 would need to be opened. Unfortunately we have had to allow 3389 on the firewall for RDP connections to function from the outside work and get TSWeb working correctly. I presume I have misconfiguration reading this post: http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/d5906eb8-9a08-42b0-bdd8-356383401554

    Many Thanks,


    • Edited by Dom Edwards Monday, February 18, 2013 9:53 PM
    •  
     

All Replies

  • Tuesday, February 19, 2013 12:28 AM
     
     
    Sign In to Vote
    0

    Assuming you can access RDWeb in the LAN but not from the Internet, you may need to add the Internet FQDN to the RD gateway or create a record on the DNS server. this search result may help:

    This computer can't connect to the remote computer because the RD ...

    ... can't connect to the remote computer because the RD Gateway server is
      unavailable ... because the Terminal Services Gateway server is temporarily
    unavailable. ... To fix it, please follow this link: Configure Remote Desktop
    Gateway Settings ... in your local DNS record so that the users can access
      RemoteApp using the ...
    www.chicagotech.net/remoteissues/remoteapp3.htm

    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com

     
  • Wednesday, February 20, 2013 4:33 PM
     
     
    Sign In to Vote
    0
    Thanks for the information provided. I checked both servers configuration under RD Gateway properties, however both have the RD gateway server specified (to itself) and have the same options ticked. Would you have any other suggestions to check? Thanks for your help.
     
  • Thursday, February 21, 2013 1:11 AM
     
     
    Sign In to Vote
    0
    are the RD gateway server FQDN and RDWeb FQDN the same?

    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com

     
  • Thursday, February 21, 2013 9:39 AM
     
     
    Sign In to Vote
    0

    Yes the FQDN matches the RDWeb/TS names.

    Server 2008 R2 (ServerA)

    • Remote App Manager -> RD Gateway settings ->  ServerA.domain.com (ask for password (NTLM))
    • RDWeb URL: https://serverA.domain.com/RDWeb

    Server 2008 (ServerB):

    • TS Remote App Manager -> TS Gateway settings -> serverB.domain.com (ask for password (NTLM))
    • TS URL: https://serverB.domain.com/ts

    These servers were hosted at two different sites, so thought the connection error may have been related to firewall rules. They have recently been moved to the same physical location and the same firewall rules apply to both. Also if 3389 is disabled neither servers allow connections to remote apps externally.

    I have recently read articles on RDP version 6.2.9200 having connection issues, however I would assume this is more likely to affect the older less secure TS clients?

     
  • Thursday, February 21, 2013 2:12 PM
     
     
    Sign In to Vote
    0
    Forgot to mention, RemoteApp use 443 and we don't need to open 3389. Can you telnet port 443 from the Internet?

    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com

     
  • Thursday, February 21, 2013 3:05 PM
     
     
    Sign In to Vote
    0

    Yes, both respond externally

    • cmd -> telnet serverB.domain.com 443

    Thanks,

    I'm not sure what else there is too compare/test.

     
  • Friday, February 22, 2013 2:12 AM
     
     
    Sign In to Vote
    0

    Another fix is create DNS record. This search result may give more details.

    This computer can't connect to the remote computer because the RD ...

    ... can't connect to the remote computer because the RD Gateway server is
      unavailable ... because the Terminal Services Gateway server is temporarily
    unavailable. ... To fix it, please follow this link: Configure Remote Desktop
    Gateway Settings ... in your local DNS record so that the users can access
      RemoteApp using the ...
    www.chicagotech.net/remoteissues/remoteapp3.htm  

    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com

     
  • Saturday, February 23, 2013 3:14 PM
     
     
    Sign In to Vote
    0

    I've crossed referenced the settings on both servers to confirm what settings are different, everything is the same other than the server names.

    I did notice a setting that was not configured in IIS whereby the "DefaultTSGateway" entry was missing, I added this, however did not help.

    I followed the guide from http://technet.microsoft.com/en-us/library/cc731465.aspx

    Looking at various posts I see other users have this problem, however it is mainly due to the Bypass RDWeb tickbox or incorrectly configured RDP settings.

    The "Bypass RDWeb gateway server for local addresses is unticked.

    I'm curious whether the DNS is related as the local domain is also using .com rather than internal .local

     
  • Saturday, February 23, 2013 3:26 PM
     
     
    Sign In to Vote
    0
    If the internal FQDN and Internet FQDM are the same and you can telnet port 443, I am out of ideas.

    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com

     
  • Saturday, February 23, 2013 4:03 PM
     
     
    Sign In to Vote
    0

    No problem, thanks for the pointers.

    Hopefully I should be able to figure it out, this post looks like it could help so will follow up from here.

    http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/d5906eb8-9a08-42b0-bdd8-356383401554

     
  • Saturday, March 09, 2013 6:33 PM
     
     Proposed Answer
    Sign In to Vote
    0

    Finally managed to get the solution to this which now allows me to successfully connect to the Windows Server 2008 R2 RDWeb and connect via RDP.

    1. The main issue was due to IIS, I had added a redirect for HTTP to point to HTTPS, once this redirect was removed I was able to initial a connection but then received another error. http://serverfault.com/questions/8597/ts-rd-gateway-authentication-problem-the-logon-attempt-failed
    2. Second issues was due to misconfigured groups within the TSCAP & RAP rules, I'm sure these were correct and being pulled from domain groups, however I recreated them and added again.
    3. Last option which was enabled was "request clients to send a statement of health" this was ticked under the following menu "RD Gateway -> Properties -> RDCAP Store" I unticked this as the servers do not have NPS configured.

    I did find another post which mentioned the RAS and IAS Servers group, however I ruled this out and wasn't related to the problem.

    http://blogs.technet.com/b/networking/archive/2010/01/14/remote-desktop-gateway-client-fails-authentication-with-your-user-account-is-not-authorized-to-access-the-rd-gateway.aspx

    On a final note, simple mistake check all the services are running on a couple of occasions after rebooting the gateway services doesn't start up, however this was probably due to all the tweaks I kept making to get it working.

    • Proposed As Answer by Bob Lin (MCSE) Sunday, March 10, 2013 2:51 PM
    •  
     
  • Sunday, March 10, 2013 2:51 PM
     
     
    Sign In to Vote
    0
    Thank you for the update.

    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com