locked
The remote desktop gateway server is temporarily unavailable RRS feed

  • Question

  • Hello all,

    Environment is on Microsoft Azure. I have 4 VMs (Svr 2016) as DC, RDCB, RDSH01, RDSH02. RDCB is server manager.

    I'm Using RDWeb to connect to RemoteApps. The problem is when users are trying to connect to RemoteApps through WAN, they are getting error as

          "This computer cant connect to remote computer because the remote desktop gateway server is temporarily unavailable"

    Internal users are able to connect to RemoteApps even after unchecking "Bypass gateway for local addresses" option, which means gateway server is working fine (I think). Here, We can even see users passing via gateway in RD Gateway manager under "Monitoring" section.

    -> Created a Self signed certificate in gateway server and published/imported same at client end.

    -> all the VMs have Public & Private IPs as well on azure platform.

    -> Users are using  <Public IP>/RDWeb URL to connect. They are able to open webpage where RemoteApps are getting displayed but when trying to open, getting error.

            Since it is azure platform it is showing DNS names of servers when configured, as "<servername>.eastus.cloudapps.azure.com" by default. Can't change it. Is this creating a problem ??

    -> Tried to use this DNS name as RD gateway FQDN to connect but SSL Cert is created on my server FQDN so it is throwing certificate error.

    -> Tried to create a Host A record on DC (where DNS role installed) but unable to do so because of this same issue (A record with azure domain can't be created as DC is in my other domain).

    Can some one please help on this..!

    Tuesday, January 29, 2019 9:31 PM

Answers

  • Hi,

    You need to create a DNS record on the public Internet that resolves to the public ip address of your RD Gateway server and use that as the FQDN of your RD Gateway server.  Additionally your certificate needs to match.  Sample basic steps:

    • Go to a domain registrar and register new domain:  srujancdomain.com 
    • Using the registrar's DNS management portal, create alias record for gateway.surajancdomain.com that points to <servername>.eastus.cloudapp.azure.com
    • Obtain/purchase certificate(s) (multiple single-name or wildcard) from a trusted public authority such as GoDaddy, Let's Encrypt, GlobalSign, Thawte, GeoTrust, DigiCert, Comodo, etc.  For example, obtain wildcard cert for *.surajancdomain.com
    • In RDS Deployment Properties -- Certificates tab, assign your wildcard certificate to all four purposes
    • In RDS Deployment Properties -- RD Gateway tab, set the FQDN to gateway.surajancdomain.com
    • On your DC, create DNS A record for broker.srujancdomain.com and point it to private ip address of your broker
    • Use Set-RDPublishedName script to change the published name to broker.srujancdomain.com

    -TP

    • Marked as answer by Srujan C Monday, February 11, 2019 2:45 PM
    Monday, February 4, 2019 5:01 AM

All replies

  • hi,
    I am researching your issue ,thanks for your waiting.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 31, 2019 2:40 PM
  • Well, Thank you for the response Andy YOU. I will be waiting.

    Friday, February 1, 2019 4:12 PM
  • hi,
    "i have 4 VMs (Svr 2016) as DC, RDCB, RDSH01, RDSH02. RDCB is server manager."
    1 there is no mentioned RDgateway in Azure ,is the RDgateway server has been added to RDS server pool?
      which server does RDgateway role install ,is it installed on Standalone server or installed on other server role server ?
    2 Created a Self signed certificate in gateway server and published/imported same at client end.
    3 "all the VMs have Public & Private IPs as well on azure platform."do you mean there is different public ip address and private ip address for each server in Azure.
    4 "Tried to use this DNS name as RD gateway FQDN to connect but SSL Cert is created on my server FQDN so it is throwing certificate error"
    can you detail explain this ,I think this may cause your issue. in general ,we need a certificate for external DNS name of RD gateway.
    we also can use Wildcard certificate for RDweb and RDgateway ,there maybe not this problem and client auto trust this certificate.

    we can refer below documents first
    "The Template makes use of a single SSL certificate. The certificate's Subject Name must match external DNS name of RD Gateway server in the deployment."
    Configure certificates for RDS deployment
    https://github.com/Azure/RDS-Templates/tree/master/rds-update-certificate
     
    Remote Desktop Gateway Certificate Help
    https://community.spiceworks.com/topic/375855-remote-desktop-gateway-certificate-help
    Please Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, February 3, 2019 4:05 PM
  • Hi,

    You need to create a DNS record on the public Internet that resolves to the public ip address of your RD Gateway server and use that as the FQDN of your RD Gateway server.  Additionally your certificate needs to match.  Sample basic steps:

    • Go to a domain registrar and register new domain:  srujancdomain.com 
    • Using the registrar's DNS management portal, create alias record for gateway.surajancdomain.com that points to <servername>.eastus.cloudapp.azure.com
    • Obtain/purchase certificate(s) (multiple single-name or wildcard) from a trusted public authority such as GoDaddy, Let's Encrypt, GlobalSign, Thawte, GeoTrust, DigiCert, Comodo, etc.  For example, obtain wildcard cert for *.surajancdomain.com
    • In RDS Deployment Properties -- Certificates tab, assign your wildcard certificate to all four purposes
    • In RDS Deployment Properties -- RD Gateway tab, set the FQDN to gateway.surajancdomain.com
    • On your DC, create DNS A record for broker.srujancdomain.com and point it to private ip address of your broker
    • Use Set-RDPublishedName script to change the published name to broker.srujancdomain.com

    -TP

    • Marked as answer by Srujan C Monday, February 11, 2019 2:45 PM
    Monday, February 4, 2019 5:01 AM
  • Hi TP,

    Thanks again..! This worked.

    After adding DNS record for the GW in public DNS, issue got resolved.

    Best Regards,

    Srujan C.

    Monday, February 11, 2019 2:51 PM