none
your computer can't connect to the remote computer because the remote desktop gateway server address is unreachable or incorrect RRS feed

  • Question

  • Hi

    I am having an issue with Microsoft Virtual Desktop Infrastructure. I am using Personal Virtual Desktops.

    The whole infrastructure is running on a Windows Server 2008 R2 Enterprise edition running Hyper-V. I have 3 server virtual machines, all three are running Windows Server 2008 R2 Enterprise edition. The first server is running the active directory and dns server. The second server is running RDS Connection Broker, RDS Gateway and RemoteApp Manager and Remote Web Access Manager. And the third server is running System Center Virtual Machine Manager 2008 R2. The physical machine is running RDS Virtualization Host.

    There are also 3 virtual machines running Windows 7 Professional edition. Each virtual machine is assigned to a specific user in Active Directory.

    The only virtual machine with internet access is the RDS server. The domain name being used is in the format test.local. To be able to access the Remote Desktop Gateway over the internet, a DNS entry has been created for the server which is test.vdi.com.

    I am using a self-signed certificate with the subject name for both the rds.test.local and test.vdi.com.

    I can access the Remote Web Access page over the internet by using https. However when I launch the My Desktop shortcut from RemoteApp Programs, I get the following error message:

    "Your computer can't connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect. Type a valid Remote Desktop Gateway server address."

    Ping is disabled on the firewall for the public IP address being used. I can telnet both the IP address and the dns name being used over ports 80 and 443.

    Tuesday, January 10, 2012 5:53 AM

Answers

  • Hi guys,

    I have been able to resolve the problem.

    The issue was with the certificate being used by the RDS Gateway. I was using a self-signed certificate for the local domain that was not being resolved via the internet. Once i switched to a self-signed certificate for the external domain name, I was able to connect.

    Thanks for the assist.

    Thursday, January 19, 2012 7:09 AM

All replies

  • Make sure that the Remote Desktop Gateway service is running and automatically started in the RDS gateway server.

    Another thing is check your firewall config, and see if RD Gateway is allowed

    Tuesday, January 10, 2012 6:27 AM
  • The Remote Desktop Gateway service is configured in Automatic with Delayed Start.

    The Windows Firewall is disabled.

    I am using a self-signed certificate with two subject names. The first one for the internal domain and the second one for the external domain. I am thinking that the error is due to the certificate being used.

    Tuesday, January 10, 2012 6:54 AM
  • The Remote Desktop Gateway service is configured in Automatic with Delayed Start.

    The Windows Firewall is disabled.

    I am using a self-signed certificate with two subject names. The first one for the internal domain and the second one for the external domain. I am thinking that the error is due to the certificate being used.


    Hi,

    How did you do the self-signed certificate with two subject name? Self-signed certificate are usually used for testing purpose,and you just need a subjectname for the external domain(test.vdi.com).By default, internal computer will bypass the connection to the RD gateway.I suspect the two subject name is the cause of your connection failure through rd gateway.

    In addition,when you launch the RD gateway connection, enter the FQDN name in the servername box.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, January 11, 2012 2:14 AM
    Moderator
  • Hi,

     

    I used SelfSS7 to create the self signed certificate with two subject names.

    Is there any way I can use a self signed certificate for external access?

    Wednesday, January 11, 2012 5:29 AM
  • Hi,

     

    I used SelfSS7 to create the self signed certificate with two subject names.

    Is there any way I can use a self signed certificate for external access?

    RDS gateway > properties > SSL Certificate > create a self-signed certificate for SSL encryption

    It's just for testing purpose.We usually consult with the Public CA supplier for suitable SSL certificate.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, January 11, 2012 9:37 AM
    Moderator
  • So, I can use a self-signed certificate for internal connections and an public certificate on the RD Gateway for all external connections?

    Wednesday, January 11, 2012 5:42 PM
  • You can also use self signed cert for external connections. It's a common practice with Small Biz Server. 

    But there is extra work to install the cert in all the clients connecting from the outside.

    Just email the .cert file and ask them to install it as Trusted Root Cert

    Thursday, January 12, 2012 8:00 AM
  • So, I can use a self-signed certificate for internal connections and an public certificate on the RD Gateway for all external connections?


    But everytime you connect through the RD Gateway, you will be prompted for unathenticatied SSL certificate.It's annoying.To buy a ssl certificate from public CA is a good choice.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, January 12, 2012 9:37 AM
    Moderator
  • Hi

    The setup is still not working

    I have removed the certificate with the two subject names from my environment

    I have created a new self-signed certificate using IIS 7.5

    I am using this certificate for the Remote Desktop Connection Broker, RemoteApp Manager and Remote Desktop Gateway

    The certificate is working fine when I am using client machines on the same network to connect.

    However, when I connect using a computer connected to the internet, I get the same error.

    Friday, January 13, 2012 11:47 AM
  • 1. Is the connectivity between client and Gateway is fine ?

    To know this, browse https://<gatewayservername>/rpc and you should see a blank page after authentication is successful.

    2. Is the connecitivity between Gateway and TS farm is fine ?

    To know this,
    1. go to gateway server and open mstsc and specify TS farm name as remote computer and connect.
    2. Ping the tsfarm name from gateway server
    3. If ping can resolve the dns name and you can not remote desktop to tsfarm from gateway server then the problem can be in firewall between gateway and tsfarm. Is there any internal firewall ? If yes then you need to open port 3389 on the firewall between gateway and TS.

    3. If both of above are fine then there can be a problem with RemoteApp configuration. Go to the RemoteApp manager on the Terminal servers/session broker and see what you specified under TS Gateway settings ? Did you specify the TS Gateway server address properly in this configuration. 

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Proposed as answer by CJADuva Monday, February 13, 2012 5:50 PM
    Monday, January 16, 2012 1:28 AM
    Moderator
  • Hi Clarence,

     

    I am able to browse https://<gatewayservernam>/rpc from external network.

     

    I am not onsite actually to test the other points but will do so asap.

    My environment is fully virtualized and I have only one virtual adapter on the gateway which is used for the Internal Network.

    For the gateway to access the internet, a natting has been done on the firewall/router by the network team.

    I can browse the Remote Desktop Web Access website on the internet (using port 443)

    Port 3389 is blocked on the firewall/router

    Monday, January 16, 2012 6:11 AM
  • Hi guys,

    I have been able to resolve the problem.

    The issue was with the certificate being used by the RDS Gateway. I was using a self-signed certificate for the local domain that was not being resolved via the internet. Once i switched to a self-signed certificate for the external domain name, I was able to connect.

    Thanks for the assist.

    Thursday, January 19, 2012 7:09 AM
  • Also note that certificate must be installed on connecting devices in the Trusted Root certificates.
    Tuesday, January 24, 2012 7:33 AM
  • Prior to installing the Remote Desktop Services Role, and specifically the Session Host Role Service, I had changed the default RDP-Tcp PortNumber.  The RD Gateway and RD Web Access are colocated on a different server.  Changing the PortNumber for the Session Host machine back to 3389 solved the problem.  Apparently, I missed the port option in the RD Session Host Server Settings.

    I am using a certificate from my Enterprise CA, and have distributed the Trusted Root cert.  I had to implement SSL on port 441, and add an IP address to my TMG external interface in order to construct a listener for RDS.  All of the 443 traffic goes to a Lync server which has a GoDaddy cert.  But I can't add any more SANs to it.


    • Edited by CJADuva Monday, February 13, 2012 7:32 PM
    Monday, February 13, 2012 6:09 PM
  • How did you create the self-signed certificate? When I create the self-signed cert it it has a subject does not match error. I'm testing this from outside using server.domain.com but my server is actually server.domain.local.
    Wednesday, May 30, 2012 11:45 PM
  • How did you created external domain certificate....

    i am having the same problem the certificate i am using currently is for the local network....

    How can i create a certificate for  the external network.

    Friday, October 5, 2012 8:57 AM