none
Remote App through an SSTP VPN RRS feed

  • Question

  • Hello,

    I am having a problem accessing remote app's published in UAG once conncted via an SSTP VPN.

    My remoteapp simply will not connect, I am using SSTP VPN which connects successfully, and I can use the remote app from the rdweb page, but through UAG the mstsc process just sits and consumes resources until the box runs out of memory. I have been through the following KB and tried everything suggested:

    http://technet.microsoft.com/en-us/library/dd772157.aspx#BKMK_Publishing

    I'm thinking this is a possible Remote Desktop Services issue to do with the UAG RD Gateway which is installed as part of the UAG installation (the Certificate is also configured correctly as I am aware that the UAG config can sometimes strip this out.)

    I have dropped a remoteapp.rdp file on to the workstation I am testing from, and this works when connected to the VPN, so DNS and Remote App seem to be fine, it's just the mechanism between UAG and Remote App which seems at fault in the scenario.

    Any ideas?

     

    Workstation: Windows 7 Enterprise

    Servers: All 2008 R2

    Access from one Forest to another. Forest Trust setup. CRL's working.

    Many thanks

    Jason

    Thursday, April 1, 2010 1:53 PM

Answers

  • Wow finally, someone else having the same issue!

    I've potentially partly resolved the issue, but strangely enough I did it with group policy for Remote Desktop Services, I manually configured the RDS Gateway options to be the RDS server itself rather than UAG, and configured the authentication prompt to match that of the session host (i.e. Smart Card - Smart Card) this has at least enabled me get an authentication prompt into the remote app and authenticate into the RDS session and launch the app. However so far I can only get this to work for my enterprise admin account. Even though the domain users are members of the correct security groups on the RDS server, and domain computers in the TS Computers Security group.

    But it's a vast improvement to where I was at.

    Scratch that, issue resolved, just needed to configure the correct user groups on the RD Gateway.

    So far as I can tell this issue was caused by confusion over the RD Gateway server, UAG tries to manage this connection but doesn't seem able to fullfill the request when accessed from another forest. Sending the request to the actual RD Gateway resolves the issue.

    Jason

    • Marked as answer by Jason Revill Thursday, April 29, 2010 9:28 AM
    Thursday, April 29, 2010 8:10 AM

All replies

  • Hi Jason

    You want to publish the RemoteApp apps via SSTP? If yes, you can directly (Win7 client to RDS host or session broker or whatever) start the RemoteApp apps without using the UAG way. And for troubleshooting SSTP connections, you can use the full power of the TMG UI. :-)

    Hope it helps,

    Dominik

    Tuesday, April 6, 2010 6:47 AM
  • Hi Dominik,

    Unfortunately I need to deliver the apps through UAG, whilst my Win 7 Client is connected to UAG with SSTP. I know that once I am connected to UAG with SSTP I can manually connect to Session Host of the App and launch it manually, but this is not as simple as simply clicking the published app in UAG.

    I've monitored the TMG and can't see anything obvious, i.e. no denyies from my workstation to the remoteapp server.

    It's very annoying :(

    Jason

    Tuesday, April 6, 2010 10:22 AM
  • I'm not sure I understand the scenario described here, Jason - is this RemoteApp published on UAG, or an internal RDP server that you are just trying to access when an SSTP connection is running?

    If this is a UAG published RDP app, you might want to try installing Update 1 for UAG, which just came out. It has some specific fixes related directly to RDP:

    http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a862c57f-5c27-4cd0-8528-91b3cc5cd758

     


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Wednesday, April 14, 2010 12:07 AM
    • Unmarked as answer by Jason Revill Thursday, April 29, 2010 9:26 AM
    • Proposed as answer by Diego Laranjeira Thursday, December 29, 2011 6:41 PM
    Wednesday, April 14, 2010 12:07 AM
  • Ben,

    Sorry for the late response!

    The scenario is a little unique I suspect becuase most poeple using this product will more than likely only have one forest, but my scenario requires that my client belong to a seperate forest to UAG and the remoteapp.

    To better answer your question, the remoteapp is published on an RDP server, I have exported the remoteapp config as a .tspub file and imported it into UAG as a remoteapp. The remoteapp appears fine in the portal however when I try to launch it (before or after the SSTP VPN has started) it just sit's there consuming system resources, until eventually I run out of free RAM to feed the little bugger. Meanwhile on the TMG log all i can see is client connect to my DC for DNS via the Publishingrule:IPVPNAccessrule. The logs alternate between "Status: The Operation Completed Successfully" and "Status:A conneciton was gracefully cloased in an orderly shutdown process with a three-way FIN initiated handshake"

    Thanks for the suggestion with the update, I will be trying this later today and will update if it makes my problem go away :)

    Many thanks

    Jason

     

    Tuesday, April 27, 2010 10:26 AM
  • While it's no help, I seem to be having the same issue with Windows 7 Ultimate (x64). UAG 2010, Update 1. I'm not using remoteapp, just remote desktop at the moment. Single domain, trusted certs all working, works when manually starting mstsc and connecting to the RDS host.

     

    XP/Vista connect fine, Windows 7 will sit on "initiating remote connection" displayed on mstsc. Cancelling the connection will often leave mstsc running in the background, still using memory. mstsc sends no traffic and will fail in the same way by just clicking on it on the portal without starting the network connection.

     

    My record so far is 7 falling over once mstsc has consumed 14GB of RAM.  

    Thursday, April 29, 2010 7:59 AM
  • Wow finally, someone else having the same issue!

    I've potentially partly resolved the issue, but strangely enough I did it with group policy for Remote Desktop Services, I manually configured the RDS Gateway options to be the RDS server itself rather than UAG, and configured the authentication prompt to match that of the session host (i.e. Smart Card - Smart Card) this has at least enabled me get an authentication prompt into the remote app and authenticate into the RDS session and launch the app. However so far I can only get this to work for my enterprise admin account. Even though the domain users are members of the correct security groups on the RDS server, and domain computers in the TS Computers Security group.

    But it's a vast improvement to where I was at.

    Scratch that, issue resolved, just needed to configure the correct user groups on the RD Gateway.

    So far as I can tell this issue was caused by confusion over the RD Gateway server, UAG tries to manage this connection but doesn't seem able to fullfill the request when accessed from another forest. Sending the request to the actual RD Gateway resolves the issue.

    Jason

    • Marked as answer by Jason Revill Thursday, April 29, 2010 9:28 AM
    Thursday, April 29, 2010 8:10 AM