none
Your computer can't connect to the remote computer because the remote desktop gateway server is temporarily not available. RRS feed

  • Question

  • I have a RDS VDI deployment set on 2 servers and connection from internal Network works fine, but not from the public Network.

    From public Network, user Access to RDWeb site, selects his VDI deployment, enters credentials and then after some loading the RDS hits this error: Your computer can't connect to the remote computer because the remote desktop gateway server is temporarily not available.

    If you need to see my Network topology, open this: https://scontent-b-fra.xx.fbcdn.net/hphotos-xfp1/t31.0-8/10830713_10152421224170404_57593645548357168_o.jpg

    Basically, I have 2 servers I use in RDS deployment;

    Hyperv2.labs.dom is domain joined HyperV host with VDI host, connection broker and license service installed. It holds VDI machines.

    RRAS.labs.dom is another server, which connects my entire lab to internet with different gateways (RRAS role), and I installed Web role and RD Gateway role to this server via RDS deployment (server manager).

    Both servers are 2012 R2.

    I tried to do few things:

    - I set self-signed certificate for every role and added it to IIS 443 binding, and also to RD Gateway setup. Certificate is the same for everything.

    - I tried this article, http://blogs.msdn.com/b/hyperyash/archive/2012/12/11/remote-desktop-services-gateway-configuration-for-rds-farm.aspx .. setting my hyperv2 adress as resource. I don´t have a farm though.

    Any thoughts? Perhaps I have dome something wrong with my roles?

    Saturday, December 27, 2014 1:13 PM

Answers

  • I got it working! Since I do not have a public domain name registred, I had to modify hosts-table in my "public" Computer to register public IP with my gateway´s FQDN.

    I also had to do some stuff with certificates, all other roles are relying on RDS VDI hostname certificate but Gateway is configured with its own hostname name.

    I also created Connection and Resource policies at Gateway´s manager.

    At the public endpoint Computer, I had to export Gateway´s certificate and import it at Trusted Root Certificateion Authority - store. 

    Thans for your help!

    Thursday, January 8, 2015 10:28 AM

All replies

  • Hi,

    Thank you for posting in Windows Server Forum.

    Have you check whether you have configure RD RAP and RD CAP group properly?

    Please check beneath points.
    - Create new group under manage local computer groups and add the RDSH server under that to get access outside of network.
    - IIS Manager: Application Pools>DefaultAppPool>Advanced Settings>Enalbe 32-Bit Application>if it's True , change it to False
    - IIS Manager: Sites>Default Web Site (or the name of yours)>RDWeb>Pages>Application Settings>DefaultTSGateway {fill in the external DNS name of the RD Gateway server}
    - Check whether you have FQDN name matches the certificate name of server.

    More information.
    Checklist: Make RemoteApp Programs Available from the Internet
    http://technet.microsoft.com/en-in/library/cc772415.aspx

    Hope it helps!

    Thanks.

    Dharmesh Solanki

    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, December 29, 2014 3:12 AM
    Moderator
  • Thank you, currently I have no chance to go through with this, but I will do those steps next week when I will get my hands on the lab.

    Meanwhile, before getting your answer, I already took off RDS roles from my RRAS and setup new server for being RDS Gateway only. This server has WAN and LAN nic, no additional roles, only RDS gateway and web. Will this configuration be enough? Clients will connect directly to WAN. So I decided to keep RRAS out of the picture here. Is this something you would recommend?

    Tuesday, December 30, 2014 9:12 AM
  • Hi,

    Is there any update for your case? For the option which you asked i think it's good to go. 

    Thanks.


    Dharmesh Solanki

    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, January 7, 2015 2:30 AM
    Moderator
  • Thank you for concern, you can be certain I will update this when I solve the problem. I´m gonna work with this starting from tomorrow.

    You wrote:

    - Check whether you have FQDN name matches the certificate name of server.

    By that you probably mean the certificate which is created in RDS managament of VDI host? Same will be used while installing RDS gateway role? Please confirm, should the FQDN name match Gateway or VDI host server? Which one?


    Wednesday, January 7, 2015 7:36 PM
  • From this article I got this understanding, that connecting users from Internet to my VDI cannot be done without public domain name and certificate pointing to that name, am I right?

    http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx

    I have no public domain name registred and I only use public IP adress to connect to RDWeb from internet.

    Thursday, January 8, 2015 8:25 AM
  • Hi,

    Yes, agree with that part. If you want your user to have access from external then you need to purchase the certificate from Public CA and also the certificate name must match to public name of server.

    If you're going to allow users to connect externally and they will not be part of your domain, you would need to deploy certificates from a public CA.  Examples including, but not limited to: GoDaddy, Verisign, Entrust, Thawte, DigiCert
    The certificates you deploy need to have a subject name or subject alternate name that matches the name of the server that the user is connecting to

    Hope it helps!

    Thanks.

    Dharmesh Solanki

    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, January 8, 2015 9:29 AM
    Moderator
  • I got it working! Since I do not have a public domain name registred, I had to modify hosts-table in my "public" Computer to register public IP with my gateway´s FQDN.

    I also had to do some stuff with certificates, all other roles are relying on RDS VDI hostname certificate but Gateway is configured with its own hostname name.

    I also created Connection and Resource policies at Gateway´s manager.

    At the public endpoint Computer, I had to export Gateway´s certificate and import it at Trusted Root Certificateion Authority - store. 

    Thans for your help!

    Thursday, January 8, 2015 10:28 AM