locked
2012 R2 RDS and DNS RRS feed

  • Question

  • I'm trying to verify if DNS is configured properly.

    I have a customer with two 2012 R2 servers with RDS installed. Server1 has all roles but gateway. Server 2 has all roles but licensing. A public certificate is in place for remote.domain.com.

    Public DNS points remote.domain.com to IP 74.xx.xx.xx. Shouldn't the firewall translate that public IP to the private IP of Server2 which is the gateway?

    Private DNS and an A record for remote which points to Server1, not the gateway which is Server2.

    Server2, the gateway, has the Resource Authorization policy set with a group that includes Server1's private IP, NetBIOS name, FQDN, and remote.domain.com.

    In the RD client I have the Access Anywhere configured as remote.domain.com. On the General tab I have the name as Server1 and I can connect to it. If I put remote.domain.com on the General tab my connection attempt is rejected. I thought I would be able to connect to either computer name as the gateway has that in the RAP.

    Any ideas if private DNS is configured incorrectly and if so, how it should be configured? Also why can't I connect to Server1 by using remote.domain.com as the computer name instead of Server1 in my RD client?


    Jonathan

    Wednesday, May 20, 2015 4:06 PM

Answers

All replies

  • Hi Jonathan,

    Based on my research, the published FQDN remote.domain.com needs to have a DNS record on the internal DNS server, which points to the RD Connection Broker.

    For more detailed DNS and firewall configuration, please refer to TP’s reply in this thread below:

    Error after changing published FQDN: Remoteapp program is not in the list of authorized programs
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/7f749b8e-81a5-4748-ade5-97a74044ec45/error-after-changing-published-fqdn-remoteapp-program-is-not-in-the-list-of-authorized-programs?forum=winserverTS

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Amy Wang_ Tuesday, June 9, 2015 8:52 AM
    • Marked as answer by Amy Wang_ Wednesday, June 10, 2015 1:37 AM
    Friday, May 22, 2015 7:46 AM
  • I just tried that and I was then able to connect via RDP using remote.domain.com as the computer name on the general tab and as the name of the gateway on the advanced tab. In this scenario the RD Connection Broker server is Server2, the Gateway server.

    However the computer I got connected to was the gateway server (Server2) which is not the computer I want to get connected to. I want to connect to Server1 which is the main RD server for remote users.

    So I changed internal DNS for remote.domain.com back to Serveer1's IP and tried to connect from the public side via RDP. It got to the stage of connection where it says "Initializing a remote connection..." and that's where it sat for almost 1/2 hour till I canceled it.

    I then put Server1 as the computer name on the General tab and connected right up to Server1.

    However I'm trying to get this so I can put remote.domain.com in the both the General and Advanced tabs and connect to Server1.

    Is this even possible? I thought it would be. If it is, then something in DNS or the RD setup still isn't right and is what I need to find out.


    Jonathan


    Friday, May 22, 2015 2:39 PM
  • Hi Jonathan,

    However the computer I got connected to was the gateway server (Server2) which is not the computer I want to get connected to. I want to connect to Server1 which is the main RD server for remote users.

    Do you mean you only want Server1 to act as session host, and Server2 only acts as Gateway server?

    If that’s the case, you can configure redirection IP address (input only the Server1’s IP) on the RD Session Broker via registry.

    That is under:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings,

    registry key is named SessionDirectoryRedirectionIP.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Edited by Amy Wang_ Tuesday, June 9, 2015 8:53 AM
    Tuesday, June 9, 2015 8:52 AM