none
Cannot connect to RDS Farm once PC joined to the Domain

    Question

  • Hi Community,

    The company I am working for has multiple sites dotted around the globe. All offices have their own local domain but in one forest. In this scenario:

    DomainA = Forest Root
    DomainB = Global Office 1  <--- The RDS Farm is located within this domain
    DomainC = Global Office 2
    DomainD = Global Office 3

    DomainB is a mix of Windows 7 and Windows 10 1703/1803 PCs and all can connect to the RD Farm fine.
    DomainC consists entirely of Windows 10 1803 PCs and all can connect to the RD Farm fine.
    ** DomainD consists entirely of Windows 10 1803 PCs BUT NO MACHINES CAN CONNECT TO THE RD FARM ***

    For DomainD, if a machine is NOT bound to the domain (i.e., a part of a workgroup), then access to the RDFarm works fine. It resolves the Gateway for the RDS Farm with it's external address, it takes a specific route (trace route) to that gateway and nslookups gives me back the correct info too. The DNS Servers specified on this workgroup PC is the internal domain controller and the Forest Root's DNS located on it's DC.

    When I bind this PC to the domain, tracert, ping and nslookup against the gateway all resolve exactly the same, but I am UNABLE to connect to the RDS Farm. It sits on "Initiating Remote Connection", then times out after 90 seconds and displays the following:

    Remote Desktop can't connect to the remote computer for one of the following reasons: not enabled, turned off, check network etc" (all of which I know aren't the issue, as all of the other global offices can connect without any issue).

    The same issue on the domain bound PC is also apparent when DNS is over-ridden and I just specify 8.8.8.8.

    Looking through the event logs on the client, I see the following:

    Newest 1024 Info RDP ClientActiveX is trying to connect to the server (xxxxxx.co.uk)
      1034 Info Component name:CClientProxyTransport, :: 'Gateway servers list - Server(xxxxCB.co.uk) is 1 of 1 ' in CProxyRawTrans::SetPortAndTs at 2243 err=[0x0]
      1034 Info Component name:CClientProxyTransport, :: 'CClientHTTPProxyTransport::GetTransportType() transportType=1' in CClientHTTPProxyTransport::Connect at 1164 err=[0x0]
      1033 Error Component name:CAAHttpClientTunnel, :: 'Workspace ID was obtained, but it does not smell like a GUID (xxxxCB.co.uk)' in CAAHttpClientTunnel::ObtainWorkspaceId at 3819 err=[0x0], Error code:0x0
      1033 Error Component name:CAAHttpClientRawTransport, :: 'CAAHttpClientRawTransport::InitializeInstance' in CAAHttpClientRawTransport::InitializeInstance at 276 err=[0x0], Error code:0x0
      1034 Info Component name:CClientProxyTransport, :: 'Gateway connection time out is 90' in CClientHTTPProxyTransport::Connect at 1196 err=[0x0]
      1033 Error Component name:CheckInternetConnectionTask, :: 'Internet-connection is alive. Server checked: http://www.microsoft.com' in CheckInternetConnectionTask::ExecuteTask at 3625 err=[0x0], Error code:0x0
      1033 Error Component name:CheckInternetConnectionTask, :: 'Connection-to-server is alive. Server checked: https://xxxxxx.co.uk' in CheckInternetConnectionTask::ExecuteTask at 3639 err=[0x0], Error code:0x0
    After long pause 1033 Error Component name:CClientProxyTransport, :: 'OnTunnelCreated failed.Anyways, bailing due to user cancel.' in CProxyRawTrans::OnTunnelCreated at 505 err=[0x800759ec], Error code:0x800759EC
      1107 Info Disconnect trace:CProxyRawTrans “Disconnect trace:'OnTunnelCreated' in CProxyRawTrans::OnTunnelCreated at 672 err=[0x800759ec]”, Error code:0x800759EC
      1033 Error Component name:CClientProxyTransport, :: 'Gateway Error' in CClientProxyTransport::SetErrorStatus at 2853 err=[0x800759ec], Error code:0x800759EC
      1107 Info Disconnect trace:CProxyRawTrans “Disconnect trace:'Disconnect Transport' in CProxyRawTrans::OnCloseConnection at 1927 err=[0x1d]”, Error code:0x1D
      1107 Info Disconnect trace:CClientProxyTransport “Disconnect trace:'Gateway connection disconnected.' in CClientHTTPProxyTransport::OnDisconnected at 807 err=[0x1d]”, Error code:0x1D
      1107 Info Disconnect trace:CAAHttpClientTunnel “Disconnect trace:'disconnecting raw transport object' in CAAHttpClientTunnel::CancelTunnelCreateOrAuthorize at 966 err=[0x0]”, Error code:0x0
      1107 Info Disconnect trace:CAAHttpClientRawTransport “Disconnect trace:'Disconnecting Graceful=0 fAlreadyClosed=0' in CAAHttpClientRawTransport::Disconnect at 1071 err=[0x0]”, Error code:0x0
      1033 Error Component name:CAAHttpClientRawTransport, :: 'Graceful=0' in CAAHttpClientRawTransport::Cleanup at 323 err=[0x0], Error code:0x0
      1107 Info Disconnect trace:CAAHttpClientTunnel “Disconnect trace:'OnDisconnected' in CAAHttpClientTunnel::OnDisconnected at 1143 err=[0x0]”, Error code:0x0
      226 Warning RDPClient_TCP: An error was encountered when transitioning from TcpStateConnectingTransport to TcpStateDisconnected in response to TcpEventConnectionTimeout (error code 0x80004004).
      1105 Info The multi-transport connection has been disconnected.
      1026 Info RDP ClientActiveX has been disconnected (Reason= 516)
      1033 Error Component name:CheckInternetConnectionTask, :: 'Internet-connection is alive. Server checked: http://www.microsoft.com' in CheckInternetConnectionTask::ExecuteTask at 3625 err=[0x0], Error code:0x0
      1033 Error Component name:CheckInternetConnectionTask, :: 'Connection-to-server is alive. Server checked: https://xxxxxx.co.uk' in CheckInternetConnectionTask::ExecuteTask at 3639 err=[0x0], Error code:0x0
     Oldest 1034 Info Component name:CClientProxyTransport, :: 'Terminating Gateway's channel. CurrentState=1' in CProxyRawTrans::Terminate at 1742 err=[0x0]

     

    On the Server side, I see a 3 logs associated with this connection attempt, all of which are along the lines of:

    The user "me@company.com", on client computer "IP:Port", has initiated an outbound connection. This connection may not be authenticated yet.

    The RD Farm is configured in a HA setup; 2 servers both hosting the WA and GW roles / 2 servers both acting as Connection Brokers and 2 Session Hosts. This is exactly the same set up in this office (DomainD) and it is in DomainC which works perfectly. All Domains can see DomainA (Forest Root), but selective traffic enabled between child domains (which I cannot control!)

    Any assistance would be greatly appreciated!!!

    Many Thanks,
    D


    • Edited by chilidave Tuesday, June 12, 2018 11:17 AM
    Tuesday, June 12, 2018 10:53 AM

All replies

  • Hi,

    Based on your description, once client has joined to specific domain network, it failed to establish remote connection.

    If possible, please try to disable Windows Firewall on problematic domain client, including anti-virus and protection and try to connect again to check the result.

    Besides, please check applied group policy on problematic domain client system, confirm that if there is any RDS relate confirmation. 

    Besides, please check Event Viewer on RDS system and confirm that if there is any relate event has been logged.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 14, 2018 8:04 AM
    Moderator