none
Problem Publishing RDS cluster through UAG Portal Cluster RRS feed

  • Question

  • Over the last week or so we have been attempting to publish our internal RDS farm through the UAG portal. When using the portal users obtain a connection to one of the two RDS session hosts occassionally, but for the most part they are greeted with the error dialog

    Remote Desktop can't connect to the remote computer

    "xyz" for one of these reasons:

    1) Your user account is not listed in the RD Gateway's permission list

    2) You might have specified the remote computer in NetBIOS format

    ....

    We have followed the guide instructing us to configure the RD gateway on the UAG 2 Servers in our cluster. Events on the UAG Server are being logged when the connection fail

    Such as

    The user "xyz\abc", on client computer "127.0.0.1", did not meet resource authorization policy requirements and was therefore not authorized to resource "10.x.y.z;2002:aabb:ccdd:8000:0:5efe:10.x.y.z". The following error occurred: "23002".

    This seems to indicate an RD_RAP problem on the UAG servers inbuilt RD Gateway, unfortunatly these options are not available on the UAG Servers, nor is their use documented in the deployment documentation.

    What is perplexing about this problem is that it occassionally works,

    Assistance with this problem would be greatly appreciated.

    Thursday, April 12, 2012 6:31 AM

All replies

  • After further investigations we seem to have found a workaround that appears to have worked, a hint lies in the event log message with the IPv6 address of the RDS Session Host, this is only present in failure notifications, not successful logins.

    It appears in our case anyway that the IPv6 address, which is assigned by the ISATAP adapter of the UAG cluster is causing problems. After temporarily removing the IPv6 addresses from the DNS servers for the RD Session Hosts the problem seems to disappear. After the temporary success, we then followed up by disabling IPv6 from the RD Session Host network adapters so they couldn't repopulate DNS.

    It's probably worth mentioning also that our DNS round-robin only had IPv4 addresses of the RD Session Hosts and not their IPv6 addresses, and our DC's had IPv6 disabled and therefore couldn't respond to IPv6 addresses, as other possible contributing factors aside from the RD Gateway provided by the UAG Cluster.

    In any case I've seen a number of other posts in forums discussing similar problems, it'd be great to hear if this resolves the problem for others or if you're still getting issues.



    Friday, April 13, 2012 10:08 AM