locked
Publishing Remote Desktop Web Access for VDI RRS feed

  • Question

  • Hi,

    Anyone know what port to open/publsih if i want to publish Remote Desktop Web Access which use for VDI? I want user from Internet to access to corporate VDI. I have tried to publish port 443 for RDS Web Access but seem it need more port to be open in order for VDI to be successful.

    Currently RD Web Access, Session Host, Virtualization Host and Connection Broker is resides on different server.

    Pls advise
    laiys
    Thursday, March 4, 2010 7:51 AM

Answers

  • Hello Laiys,

     

    If the RD Session Host work in “Virtual machine redirection” mode, it won’t accept any new logons from remote computers (administrative session is exempted.), no matter from the extranet via gateway or intranet access.

     

    The following 3 statuses are updated when the “Virtual machine redirection” mode is set:

     

    ·          Logon mode: Allow reconnections, but prevent new logons.

     

    ·          All programs will be removed from the RemoteApp Programs list in RemoteApp Manager.

     

    ·          The Authenticated Users group will be added to the Remote Desktop Users group.

     

    Thanks.

     

    ·         Lionel Chen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfd@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, March 18, 2010 6:11 AM
  • Hello Laiys,

    The answer is yes.

    Thanks.

    Lionel Chen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfd@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, March 18, 2010 10:59 AM
  • Hi Juan,

    Yes. Please refer to http://technet.microsoft.com/en-us/library/dd736539(WS.10).aspx for Virtual desktop pool and RD Gateway configuration.

     


    laiys
    Saturday, March 27, 2010 2:09 AM
  • Hi,

    You publish RD gateway using port 443 (any firewall). You can only use RemoteApp and Desktop Connection or Web UI. For Remote desktop connection, you can't. I have try and failed. As Lionel explained. Pls refer to the marked answer explanation.

     


    laiys
    Saturday, March 27, 2010 4:22 PM

All replies

  • Hi,

    Please change your thread type to Question.

    I recommend you install RD Gateway, and forward TCP port 443 to it.  You still need port 443 forwarded to your RDWeb server.  This will allow outside users to connect to the RD Gateway via port 443, then the RD Gateway machine will connect to your VDI pool/etc. via port 3389 on behalf of the user.

    Thanks.

    -TP
    • Proposed as answer by Usman Manzoor Wednesday, May 14, 2014 1:23 PM
    Thursday, March 4, 2010 9:30 AM
  • Hi,

    i have installed the RD Gateway. How to forward? did not see any options on the settings.
    So what i need to do is open port/publish RD Gateway using port 443. Do i need to publish RD web access?
    Then from outside, my user use browser to go to RDGateway? what is the full url? I know rd web access is using https://rdsaccess/rdweb or i need to configure RDP setting.

    Pls advise as i'm quite new on the RD gateway.


    laiys
    Friday, March 5, 2010 4:30 AM
  • Hello Laiys,

     

    There is no official document for deploying virtual desktop pool for Internet through RD Gateway, but you can find the general topology in the blog below:

     

    Remote Desktop Services (Terminal Services) Team Blog

    http://blogs.msdn.com/rds/archive/2009/08/19/microsoft-vdi-overview.aspx

     

    To take advantage of the RD Gateway, please follow the following general steps:

     

    1.       Confirm that the virtual desktop pool can work in intranet environment.

    2.       Install the Gateway role for the computer and make it resolvable from Internet.

    3.       Add the RD Gateway into the RemoteApp Manager of the RD Session Host which is in virtual redirection mode.

    4.       Verify the funcation.

     

    Please let me know if it works. Thanks.

     

    ·         Lionel Chen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfd@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, March 5, 2010 8:55 AM
  • Hi Lionel,

    i have managed to configured RDS Gateway by following http://go.microsoft.com/fwlink/?LinkId=142250.

    Based on your step:-

    1. OK. Tested working on intranet
    2. OK
    3. Ok. I have put RDSgateway into Remote App manager on RD Session Host.

    Currently RD Session Host is set to redirect mode to RD Connection Broker.
    On the Connection Broker Server, in the RD Configuration manager, i have defined the RD Gateway server.

    4. Test rdp with RDC using RD Gateway setting point to RDP Gateway and using password on the Advanced Tab
    On the General tab, i have specified Remote Computer: point to RD Session Host server.

    If test RDP to Personal Virtual desktop:-
    If i use the FQDN for RD Session Host server name, i got an error  when connecting. The error stated "
     " The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the Ip address of the computer instead of the name" Any idea?

    If i use the Internal IP Address for RD Session Host server, i can RDP into the client pool (windows 7 client).

    If test RDP to Virtual desktop Pool:- Either by name or IP.
    Error:-
    "remote desktop connection could not find the destination computer. This can happen if the computer name is incorrect or the computer is not yet registered with session broker"

    Test from RD web access for personal and virtual desktop pool. No issue.

    I only test on intranet and has publish port 443 for RD Gateway. Do i need to publish additional port/server? pls advise
    laiys
    Friday, March 5, 2010 9:56 AM
  • Updated. I have tested from Outside (Internet).

    I was able to RDP to Personal virtual desktop when using FQDN of RD Gateway.

    But unable to RDP for those Virtual Desktop Pool. Error message is ""remote desktop connection could not find the destination computer. This can happen if the computer name is incorrect or the computer is not yet registered with session broker". Still an issue about this. Does anyone deploy Virtual Desktop Pool and use RD Gateway to access via Remote desktop connection?

    Another interesting part while i try and error is now i can use https://rdsaccess/rdweb and access Personal and Virtual Pool desktop from the Browser. Is this configuration supported as while google for info, a lot of article mentioned that i need to use VPN. For my case, it is not necessary but the certificate for RD gateway is still need to install on the client computer.

    pls advise
    laiys
    Friday, March 5, 2010 11:28 AM
  • Hello,

     

    We need to get more logs to analyze the possible underlying cause, please reproduce the issue and do the following steps:

     

    1.     Check the Event Viewer and check the categories at:  

    Event Viewer – Application and Services Logs – Microsoft – Windows – TerminalServices-SessionBroker

    2.     Collect the MPS logs using the following tool:

    Microsoft Product Support Reports
    http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=en

     

    In the Select the diagnostics you want to run phase, please check General and Server Components. After the collection process finished, save it as a .cab file and send it to us.

     

    For your convenience, I have created a workspace for you.  You can upload the information files to the following link.  (Please choose "Send Files to Microsoft")

     

    Workspace URL: (https://sftasia.one.microsoft.com/choosetransfer.aspx?key=e0ab0e37-5730-4033-a476-7e469b35cbdc)

    Password: K%{nTwueEqr7IX3

     

    Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken.  Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser.

     

    Thanks.

     

    ·         Lionel Chen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfd@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, March 10, 2010 9:24 AM
  • Hi Lionel,

    I'm assumed that i need to run in RD connection broker VM. I have sent the log and cab file as requested.
    Thank you
    laiys
    Thursday, March 11, 2010 2:59 AM
  • Hi,

    any update? pls advise
    laiys
    Friday, March 12, 2010 12:34 PM
  • Hello Laiys,

     

    I have received the support information and thank for cooperation.

     

    From the event viewer I can see many related errors on assigning personal desktop, but you have mentioned in previous post that “I was able to RDP to Personal virtual desktop when using FQDN of RD Gateway”. Do you mean that the personal virtual desktop can work from extranet or it is just an direct RDP without virtual redirection?

     

    Thanks.

     

    ·         Lionel Chen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfd@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, March 15, 2010 3:05 AM
  • Hi,

    Now i can get access from outside using RemoteApp and Desktop connection and Web UI for both Personal and Virtual Desktop.
    But when try Remote Desktop connection, i received this error message:-

    "Remote Desktop Connection could not find the destination computer. This can happen if the computer name is incorrect or the computer is not yet registered with Session broker. Try connecting again or contact your network administrator"

    This appear when try to use vdiuser2 or vdiuser3 which using Virtual Desktop Pool. For vdiuser1 which use Personal Virtual Desktop, no error appear and can RDP in using RD Connection client

    This is what i have configure for Remote Desktop Connection client.
    On Advance Tab:-
    Use these RDgateway server setting
    Servername:- RD Gateway FQDN
    Logon method: Ask for Password (NTLM)
    Tick Bypass RD Gateway server for local addresses.

    On General tab,
    Logon setting:-
    Computer: RD Session Host FQDN
    User name : domain\vdiuser3

    Pls advise


    laiys
    Tuesday, March 16, 2010 2:17 PM
  • Hello Laiys,

     

    What do you mean by try “when try Remote Desktop connection”? Are you using direct RDP to access RD Session Host?

     

    If the RD Session Host is configured to be a virtualization redirector, it won’t accept any remote session through remote desktop.

     

    Thanks.

     

    ·         Lionel Chen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfd@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, March 17, 2010 9:54 AM
  • Hi Lionel,

    there are 3 types of connection that i can use to RDP for VDI

    a) RemoteApp - available on Start Menu
    b) Web Access
    c) Remote Desktop Connection. (RD client)

    I'm not using direct RDP. I got RD Gateway and Web UI in-place and i publish port 443 for RD Gateway & Web (both in same VM).
    My RD Session is in redirect mode. Does this mean i can't use RDC? But it work for personal virtual desktop. Only Virtual desktop Pool is not working when using RDC? pls advise
    laiys
    Wednesday, March 17, 2010 10:52 AM
  • Hello Laiys,

     

    If the RD Session Host work in “Virtual machine redirection” mode, it won’t accept any new logons from remote computers (administrative session is exempted.), no matter from the extranet via gateway or intranet access.

     

    The following 3 statuses are updated when the “Virtual machine redirection” mode is set:

     

    ·          Logon mode: Allow reconnections, but prevent new logons.

     

    ·          All programs will be removed from the RemoteApp Programs list in RemoteApp Manager.

     

    ·          The Authenticated Users group will be added to the Remote Desktop Users group.

     

    Thanks.

     

    ·         Lionel Chen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfd@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, March 18, 2010 6:11 AM
  • Hi,

    So can i confirm that in VDI using RDS, i only allow 2 way to access
    a) remoteApp
    b)Web UI.

    Is this correct? pls advise
    laiys
    Thursday, March 18, 2010 10:06 AM
  • Hello Laiys,

    The answer is yes.

    Thanks.

    Lionel Chen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfd@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, March 18, 2010 10:59 AM
  • Hi Laiys

     

    Could you solve the problem?, some document for deploying virtual desktop pool for Internet through RD Gateway? somethng about thin client?

    Please Advise

    thanks

     

    JDA

     

    Friday, March 26, 2010 5:10 AM
  • Hi Juan,

    Yes. Please refer to http://technet.microsoft.com/en-us/library/dd736539(WS.10).aspx for Virtual desktop pool and RD Gateway configuration.

     


    laiys
    Saturday, March 27, 2010 2:09 AM
  • Hi Laiys


    Thanks for the information, one question more ........

     

    In a Virtual Machine I have:

    1. RD Web Access

    2. RD Gateway

    3. RD Session Host (Redirection Mode)

    4. RD Session Broker

     

    In Other Virtual Machine

    1. Windows 7 x64

     

    In other Server:

    1. RD Virtualization Host

     

    Locally everything works fine, when I connect by Remote Desktop Connection to RD Session Host, I can see the Virtual Desktop, but from Internet I have the same problem that you had, what port 3389 or 443 have to publish in the firewall? (FTMG or ISA 2006 SP1)

    And How should be the configuration of  Remote Desktop Connection for external client?
    In Advance settings (Connect from Anywhere) the server name is the local Gateway? ¿IP address or FQDN?

    I have to connect a Thin Client


    Please Advise

    thanks

     

    JDA

    Saturday, March 27, 2010 3:33 PM
  • Hi Laiys


    Thanks for the information, one question more ........

     

    In a Virtual Machine I have:

    1. RD Web Access

    2. RD Gateway

    3. RD Session Host (Redirection Mode)

    4. RD Session Broker

     

    In Other Virtual Machine

    1. Windows 7 x64

     

    In other Server:

    1. RD Virtualization Host

     

    Locally everything works fine, when I connect by Remote Desktop Connection to RD Session Host, I can see the Virtual Desktop, but from Internet I have the same problem that you had, what port 3389 or 443 have to publish in the firewall? (FTMG or ISA 2006 SP1)

    And How should be the configuration of  Remote Desktop Connection for external client?
    In Advance settings (Connect from Anywhere) the server name is the local Gateway? ¿IP address or FQDN?

    I have to connect a Thin Client


    Please Advise

    thanks

     

    JDA

    Saturday, March 27, 2010 3:33 PM
  • Hi,

    You publish RD gateway using port 443 (any firewall). You can only use RemoteApp and Desktop Connection or Web UI. For Remote desktop connection, you can't. I have try and failed. As Lionel explained. Pls refer to the marked answer explanation.

     


    laiys
    Saturday, March 27, 2010 4:22 PM
  • Hi

    Thanks Laiys !!!!!!!!!

    Saturday, March 27, 2010 5:18 PM
  • Hi

    Thanks Laiys !!!!!!!!!

    Saturday, March 27, 2010 5:19 PM
  • The Remote Desktop connection(s) page often only works on your local intranet even after the TS/RDS Gateway has been added to the mix... at first.  It seems odd since you'll have configured RDS/WebUI/Brokers etc to use the Gateway.  What happens, though, is that even though you've said to use the gateway in your management consoles and you've told the WebUI to use it for external connections (bypass for local networks or don't, doesn't matter) you still have to edit the asp.net config files for the site by hand before the 'desktops' page will use it. (If I remember right they'll be in windows\web\rdweb...)

    There's one of several config files nested in the RDWeb virtual directories that has a place for the FQDN of the RDS Gateway that often does NOT get populated through the use of the consoles/configuration page.  You have to add gateway.yourdomain.whatever between the quotes to tell the 'Desktops' page to pass the target systems' info to the Gateway.

    Up until you add the FQDN the web ui is trying to broker you directly to the target system.  This will work on your internal network where 3389 is wide open and DNS can resolve the target's name for your pc on site.

    From the internet it fails since likely your firewall has 3389 closed to the internet and your remote desktop likely doesn't have access to your internal DNS (it might freakishly work if you have it forwarded to something, so no matter what you type you'll connect to that system over and over again!).

    After you add the Gateway FQDN to the .config file that pertains to the RDP Desktop(s) redirection page your remote client will tunnel through the Gateway correctly where the remote client is tunneled over 443 to the Gateway and then 3389 from the Gateway to the target system... and as long as the Gateway has correctly configured internal DNS is should work with NetBIOS/Host names as well as internal IP addrs.

    c

    PS - absolutely back up copy any of the config or aspx documents you intend to edit.  You can cause a variety of potentially irrevocable damage to your site.

    Sunday, September 12, 2010 6:30 AM