locked
RD Gateway functionality breaks.. RRS feed

  • Question

  • We're encountering a strange problem on our RD Gateway servers; We found out that appling the integration services or applying hotfixes to the Hyper-V hosts can break the RD Gateway functionality. So we figured just don't update the VM's or hosts, but it seems that sometimes the functionality can break through other means, which we aren't sure why this happens.

    The symptom is that after it breaks; Logging in the RD web still remains fine, so the servers are talking correctly between RD Web, Connection Broker and the RDSH server, but starting the remoteapp from the RD WEB gives login attempt failed. Reentering the correct credentials doesn't seem to work and gives the error again. The security eventlog shows a successful logon attempt followed by a logoff of the user within a second. Rebooting the service, server, applying the certificates again, deinstalling/reinstalling RD Gateway and RD Web does not help. We started building fysical servers with RD Gateway to see if that will remain stable..

    Our configuration is as follows:
    - 2 RD-GW servers in NLB, they contain RD Web aswell.
    - 1 Connection broker server.
    - 1 Remote desktop Session Host with NLB Enabled for future farms.
    - We use a class 3 verisign certificate.
    All these servers are running on Hyper-V R2 Cluster and are Windows 2008R2 based. Our AD has 1 Win08R2 DC and 1 Win08 DC, domain/forest in 2008 mode.

    My suspicions are that something "internal" breaks in the RPC bit of the RD Web/Gateway, but with no logs or errors this is hard to troubleshoot. Can anyone give us directions?

    Monday, May 10, 2010 7:35 PM

Answers

  • We think we found the issue.. The http redirection was set on the whole server, which crippled the gateway server. It seems that is a problem only after the 20minutes after the iis session is expired..

    Wednesday, June 9, 2010 3:03 PM

All replies

  • We think we found the issue.. The http redirection was set on the whole server, which crippled the gateway server. It seems that is a problem only after the 20minutes after the iis session is expired..

    Wednesday, June 9, 2010 3:03 PM
  • hi threesixty glad you found the issue :)

    RD Gateway and RD Web by default both use port 443.  RD Gateway uses RPC over http proxy and thus is quite sensitive to how IIS is behaving.  If you are going to perform redirect via IIS configuration, you have to ensure that it only redirects RD Web by clicking on Only redirect requests to content in this directory (not subdirectories) and ensuring the one above that is unchecked.

    Wednesday, June 9, 2010 7:33 PM