none
RDS trought RDWebAccess can't connect du to RDGatewayServer being temporarily unavailable RRS feed

  • Question

  • Hello,

    I've set for my client a big RDS Farm, on two distincts locations. All of the users are using Wyses to connect to the farm. On the internal network everything is fine, but when trying to connect from outside, after login in, I get this message

    "Your Computer can't connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable."

    In the logs, I get those errors :

    • Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 :"CAAClientAdapter, :: 'm_spHelper->ReadCreds failed' in CAAClientAdapter::CreateTunnel at 380 err=[0xffffffff],"
    • Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 : "CClientProxyTransport, :: 'm_ClientAdapter->CreateTunnel failed' in CProxyRawTrans::CreateProxyConnection at 2116 err=[0x800759d9], "
    • Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 : "CClientProxyTransport, :: 'Gateway connection time out is 90' in CClientHTTPProxyTransport::Connect at 1099 err=[0x800759d9], "
    • Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 : "CClientProxyTransport, :: 'CreateConnection failed' in CClientHTTPProxyTransport::Connect at 1108 err=[0x800759d9], "
    • Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 : "CClientProxyTransport, :: 'Gateway Error' in CClientProxyTransport::SetErrorStatus at 2818 err=[0x800759d9],"
    • Microsoft-Windows-TerminalServices-RDPClient/Operational : EventID 1033 : ":CClientProxyTransport, :: 'Gateway Error' in CClientProxyTransport::SetErrorStatus at 2818 err=[0x800706ba], "

    The farm consists of 2 RDBroker in HA (with 2 SQL Servers AlwaysOn for the database), 2 RDGateway (HA), 2 RDWebAccess (HA), 1 RDlicence Server, an 10+ RDSH. A wildcard Certificate is set on the external name for all roles.

    • rds.external.com : RR DNS name for the RD Brokers
    • rdsweb.external.com : RR DNS name for the RDWebAccess

    When connecting to the RDWebAccess FQDN (rdsweb.external.com) from external network, i can connect to the website, use my credential to view the collection of session I can connect to. But when I use one of them, I get this error message. If I download the rdp file, I can see that all the correct adress are in use:

    full address:s:rds.external.com
    gatewayhostname:s:rdsweb.external.com
    workspace id:s:rds.external.com
    use redirection server name:i:1
    loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.CollectionName
    use multimon:i:1
    alternate full address:s:rds.external.com

    As we use KEMP GeoLoadbalancing, I have in the public DNS a CNAME for rdsweb.extrernal.com, redirecting to rdsweb.geo.external.com, and the NS for this zone are set to the public IP of the distant site, with our internal DNS resolving all this to the correct farm member, for geo loadbalancing purpose.

    Also the RAP and CAP policies are set in the 2 RD WebGateway.

    Any hints on what to check or do to allow connection the farm from outise their network ?

    Regards

    Thursday, November 21, 2019 3:49 PM

Answers

  • TP [],

    The WebGateway (with the role installed and the RAP and CAP policies set) and the WebAcess (with the IIS server, hosting RDweb webpage) are on 2 differents boxes (4 in facts for HA)

    The dns record is rdsweb.external.com and redirect to the WebAccess servers.

    So if I understand correctly, I need to have another RR Dns Record, for my WebGateway servers and use this as the gatewayhostname in the rdp file ?

    Regards

    Hi,

    Yes, you need DNS RR records (e.g. rdgateway.external.com) pointing to your RD Gateway servers.  In Server Manager -- RDS -- Overview -- Deployment Overview -- Tasks -- Edit Deployment Properties -- RD Gateway tab, you need to enter this new FQDN.  This will automatically update the gatewayhostname in the .rdp files you download from RDWeb.

    On your internal network, you should create DNS A records for this new FQDN (rdgateway.external.com) pointing to the private ip addresses of your RD Gateway servers.

    -TP

    Friday, November 22, 2019 1:42 PM
    Moderator

All replies

  • Hi,

    Is RD Gateway installed on the same servers as RD Web Access?  From your description it appears RD Gateway is installed on separate servers, but you have your RDG set to the FQDN of your RDWeb servers.

    The RDG FQDN (gatewayhostname) needs to point to your RD Gateway servers.  On the firewall in front of your RD Gateway servers you need to have TCP port 443 and (optionally, if you want to use UDP) UDP 3391 forwarded.

    -TP

    Thursday, November 21, 2019 4:54 PM
    Moderator
  • TP [],

    The WebGateway (with the role installed and the RAP and CAP policies set) and the WebAcess (with the IIS server, hosting RDweb webpage) are on 2 differents boxes (4 in facts for HA)

    The dns record is rdsweb.external.com and redirect to the WebAccess servers.

    So if I understand correctly, I need to have another RR Dns Record, for my WebGateway servers and use this as the gatewayhostname in the rdp file ?

    Regards

    Friday, November 22, 2019 10:38 AM
  • TP [],

    The WebGateway (with the role installed and the RAP and CAP policies set) and the WebAcess (with the IIS server, hosting RDweb webpage) are on 2 differents boxes (4 in facts for HA)

    The dns record is rdsweb.external.com and redirect to the WebAccess servers.

    So if I understand correctly, I need to have another RR Dns Record, for my WebGateway servers and use this as the gatewayhostname in the rdp file ?

    Regards

    Hi,

    Yes, you need DNS RR records (e.g. rdgateway.external.com) pointing to your RD Gateway servers.  In Server Manager -- RDS -- Overview -- Deployment Overview -- Tasks -- Edit Deployment Properties -- RD Gateway tab, you need to enter this new FQDN.  This will automatically update the gatewayhostname in the .rdp files you download from RDWeb.

    On your internal network, you should create DNS A records for this new FQDN (rdgateway.external.com) pointing to the private ip addresses of your RD Gateway servers.

    -TP

    Friday, November 22, 2019 1:42 PM
    Moderator
  • Hi,

    How things are going there on this issue?

    Please let me know if you would like further assistance.

    Best Regards,
    Eve Wang   

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 26, 2019 6:57 AM
    Moderator
  • Hi,

    Is there any update?

    Please click “Mark as answer” if any of above reply is helpful. It would make this reply to the top and easier to be found for other people who has the similar problem.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 29, 2019 2:21 AM
    Moderator
  • Hello,

    I successfully made the changes as advised by TP[] and everything is now fine. We had some KEMP LoadMaster in front of our DNS RR and I get it mixed up when dedicating server for each and every roles.

    As soon as I reinstall and configure the RD Gateway on the box with the RDWebAccess (with a DNS RR already configured) and everything is back to normal.

    Cheers! 

    Friday, November 29, 2019 7:59 AM