Hi all,
We have a modest RDS Farm set up, as below, and I have a few questions that I hope you fine people can help me out with...
x3 RD Session Host Servers, an RD connection broker Server, an RD Web Access Server and an RD Gateway Server. We have registered a wildcard certificate with GoDaddy (*.domain.com) and applied this to our RDWA/RDGW Servers. We've also registered public DNS A records to each of our unique public IPs for both the RDWA (remote.domain.com) and RDGW Servers (gateway.domain.com). For internal DNS, we created a new zone to match our external domain and added A records to all RDS related Servers so that we can resolve everything internally as well. Config is also in place on our Firewall to allow HTTP/HTTPS traffic through to our RDWA Server and ONLY HTTPS traffic through to the RDGW Server. RDWA appears to be working fine (internally and externally). RDGW access, however, cannot be accessed either internally or externally!
1) RD Gateway issues:
Initially, we're doing some internal testing directly from a Windows 7 PC via mstsc/RDP; so we configure the gateway server address in our RDP client as gateway.domain.com and unchecked bypass Gateway for local addresses. We also point to the DNS name of our Farm: farm
On the RDGW Server itself, I have configured the RD Gateway Server along with the RAP/CAP policies - For the CAP we're allowing ALL domain users access with no restrictions on Computers (for testing purposes at the moment). I've also configured RAP 'network resources' to 'allow all users to connect to any network resource' (again, for testing).
After clicking connect, I get a logon request, to which I enter AD credentials and click OK... after 20 seconds or so, the following error is displayed, "Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance."
I've checked the TerminalServices-Gateway log on the RDGW Server and there is no pertinent information in either the Admin or Operational logs to suggest that there are any issues. If anyone could help out with this, that would be fantastic?
2) Wildcard SSL use for RDSH Servers etc:
Kristin Griffin (MVP) blog suggests that a Wildcard SSL can be used for securing every RDS role: http://blog.kristinlgriffin.com/2011/07/using-wildcard-certificate-and-ucc.html. However, when I add the Wildcard to the RDSH Servers, we get a certificate mismtch error when trying to RDP to them directly suggesting . Has anyone successfully configured a wildcard cert on their RDSH Servers without any certificate mismatch errors etc?
Thank you everyone in advance
Craig
We have a modest RDS Farm set up, as below, and I have a few questions that I hope you fine people can help me out with...
x3 RD Session Host Servers, an RD connection broker Server, an RD Web Access Server and an RD Gateway Server. We have registered a wildcard certificate with GoDaddy (*.domain.com) and applied this to our RDWA/RDGW Servers. We've also registered public DNS A records to each of our unique public IPs for both the RDWA (remote.domain.com) and RDGW Servers (gateway.domain.com). For internal DNS, we created a new zone to match our external domain and added A records to all RDS related Servers so that we can resolve everything internally as well. Config is also in place on our Firewall to allow HTTP/HTTPS traffic through to our RDWA Server and ONLY HTTPS traffic through to the RDGW Server. RDWA appears to be working fine (internally and externally). RDGW access, however, cannot be accessed either internally or externally!
1) RD Gateway issues:
Initially, we're doing some internal testing directly from a Windows 7 PC via mstsc/RDP; so we configure the gateway server address in our RDP client as gateway.domain.com and unchecked bypass Gateway for local addresses. We also point to the DNS name of our Farm: farm
On the RDGW Server itself, I have configured the RD Gateway Server along with the RAP/CAP policies - For the CAP we're allowing ALL domain users access with no restrictions on Computers (for testing purposes at the moment). I've also configured RAP 'network resources' to 'allow all users to connect to any network resource' (again, for testing).
After clicking connect, I get a logon request, to which I enter AD credentials and click OK... after 20 seconds or so, the following error is displayed, "Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance."
I've checked the TerminalServices-Gateway log on the RDGW Server and there is no pertinent information in either the Admin or Operational logs to suggest that there are any issues. If anyone could help out with this, that would be fantastic?
2) Wildcard SSL use for RDSH Servers etc:
Kristin Griffin (MVP) blog suggests that a Wildcard SSL can be used for securing every RDS role: http://blog.kristinlgriffin.com/2011/07/using-wildcard-certificate-and-ucc.html. However, when I add the Wildcard to the RDSH Servers, we get a certificate mismtch error when trying to RDP to them directly suggesting . Has anyone successfully configured a wildcard cert on their RDSH Servers without any certificate mismatch errors etc?
Thank you everyone in advance
Craig